The Ransomware cryptoviruses just keep coming and they don’t stop coming, with one of their newest representatives being a nasty malware piece named Todar. Similarly to most other viruses from the Ransomware cryptovirus category, Todar is an advanced malware program that uses a highly sophisticated encryption algorithm as means of locking up the files of its victims. If you have ever heard about Ransomware before, then you should know what the goal of those viruses( Todar,Lapoi, Gusau ) are, namely, to make you pay money to the hackers behind them by blackmailing you for the decryption key that can unlock your files. Most Ransomware infections like Todar work in a similar way – once they secretly and silently place their encryption on your files, they make their presence known by displaying a pop-up banner right on your screen. The text in the banner says that you will have to pay a ransom in order to retrieve your files. Alternatively, the cryptovirus may generate a notepad next to the files that have gotten encrypted. The text in the notepad file serves the same purpose as the banner. In the end, the result is the same – the victim of the virus gets blackmailed and unless they pay the money demanded of them, their files are likely to remain locked for good… or are they? Although due to the advanced encryption used by most newer cryptoviruses (including Todar), there are rarely any guarantees about the future of the files that get locked up, there may be some potential methods of data restoration, which do not involve sending money to anonymous cyber criminals. However, in order to use these methods, you first need to remove the malware cryptovirus from your computer. We have prepared an Todar removal guide and included it in this article for those of you who have this nasty Ransomware in their computers at the moment. Follow the presented steps and, if you need it, use the suggested removal program that you will find in the guide. However, remember that removing the virus is only the first step towards releasing your files. We have a separate section focused solely on decrypting data that has gotten locked by Ransomware where you can find some alternative methods of file restoration.

Is paying the Ransom for decrypting .Todar File really such a bad idea?

Many users may be considering the ransom payment as a quick and easy way of retrieving their files. Indeed, in many cases, paying the money may get you your precious data recovered but this doesn’t always happen. Sometimes, the decryption key that the hackers promise never actually gets sent to the victim, even after the latter has paid the demanded money. In general, paying the hackers is risky business and you may end up wasting a serious amount of money without really getting any of the encrypted files restored. This is why the advisable thing to do is remove Todar and instead of risking your money, try the free data-restoration options that we have on our site. They may not always be as effective as we’d like but are still definitely worth the try.

Todar SUMMARY:

[add_third_banner]

Todar Ransomware Removal

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Todar

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Todar.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Todar , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Todar

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Todar Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Todar Decryption

The previous steps were all aimed at removing the Todar Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove Todar Virus Ransomware (+.Todar File Recovery) appeared first on Malware Complaints.

Lapoi is the name of a new malicious program from the Ransomware type, which has been created with the sole goal of blocking the access to the files that are stored on a given computer and request a certain amount of money as a ransom to restore the access. If you have recently been greeted by a scary ransom-demanding notification on your screen, which has informed you that your data has been secured with a special file-encryption algorithm and you need to make an immediate payment in order to unlock it, then you have become one of the numerous victims of Lapoi.

Ransomware, in general, is a type of malicious computer programs that secretly operate on computer and apply a very complex encryption code to the files with the idea to prevent the user from opening those files. Normally, this type of malicious software pretends to be a seemingly harmless or reliable program that can be downloaded from a website or that arrives in an email attachment and tricks the users into interacting with it.

Unlike other computer threats, such as Trojans or Viruses, Ransomware cryptoviruses like this one (.Lapoi, Gusau , Madek) are known for lettin the user know that their computer has been infected by displaying a message on their screen and then demanding a payment in exchange for the restoration of the access to the encrypted information. Security experts recognize several types of Ransomware that do not necessarily operate in the same way. However, what stays the same is the end-goal of the attackers, which is to require ransom payments form from their victims.

Giving your money to the crooks, however, does not mean that they will remove the infection and you will restore your files. In fact, you will have to remove Lapoi by yourself and there is absolutely no guarantee that you will be able to regain access to the encrypted files even if you pay the ransom and fulfill all of the hackers’ demands. Therefore, our “How to remove” team and other professionals in the cyber community usually advise the victims to avoid the ransom payment and suggest they seek legitimate alternatives to deal with the Ransomware attack.

One of those alternatives could be the Lapoi removal guide below, which contains detailed removal instructions, some file-recovery suggestions and a professional removal tool for automatic assistance. Another possible solution would be to use your own file backups or to search for a free decryptor tool, which may eventually help you to get back some of the files that Lapoi has encrypted. Of course, you can always contact a professional from your area, of your choice, for assistance and this will still be better than giving your money to some anonymous hackers without any guarantee about the future of your computer and your files.

How can we protect yourself from .Lapoi File and other Ransomware attacks?

As obvious as this recommendation may sound, many web users don’t have reliable antivirus protection and don’t conduct regular updates of their operating system. This allows new and advanced versions of malware to exploit any newly-found and still unpatched vulnerabilities and attack the computer silently. A professional and updated malware-removal tool, however, can greatly increase the security of the system and save you from such attacks. Moreover, many reputable antivirus programs provide Ransomware protection, which specifically targets the process of file-encryption and could help you detect it before it is too late. Of course, it is best if you also keep a regular backup of your data, as this is the most reliable way to recover your information in case a threat like Lapoi infects you.

Lapoi SUMMARY:

[add_third_banner]

Lapoi Ransomware Removal

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Lapoi

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Lapoi.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Lapoi , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Lapoi

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Lapoi Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Lapoi Decryption

The previous steps were all aimed at removing the Lapoi Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove Lapoi Virus Ransomware (+.Lapoi File Recovery) appeared first on Malware Complaints.

Ransomware is well known for how problematic and difficult to deal with it is – it is one of the biggest online threats at the moment and it doesn’t seem to slow down one bit. In fact, the number of infections has drastically increased in the recent months and currently, several new Ransomware infections( Gusau , Madek),  get released each day. We are trying to cover all new infections of this type to the best of our abilities, which is why, in this post, we will tell you about Darus. Darus is a typical cryptovirus infection that uses its advanced encryption algorithm to lock up the files present in its victims’ computers. I addition to placing its encryption on the files, it also changes their extension, so if you have been attack by Darus, you are likely to see that all of your personal files, regardless of what their file type is, now have the same extension. Needless to say, opening those files would result in the Ransomware telling you that the only way to open it is if you make a generous money “donation” to the people responsible for the creation of this nasty virus threat. It’s possible that the note/banner that tells you about the demanded ransom gets displayed on your screen as soon as the encryption of your data gets completed, even before you have attempted to open any of the locked-up files.

What to do now, that .Darus File has locked the files?

The users who get to face such an issue are oftentimes unsure about what to do in order to minimize the nasty consequences of this attack. “Minimize”, here, is exactly the right word to do because, sadly, full recovery from such an attack may not always be possible and the sooner you understand and accept that, the better. That being said, here are your main options:

Option 1: Pay the money

This may actually seem like a good idea to some – the money required may not be all that much and/or the value of the files that have gotten encrypted may vastly exceed the sum that is demanded for their release. Whatever the specific case, it is likely that many people would at least think about paying. However, there are several things you need to be informed about with regards to this option. First, you obviously cannot be sure that your files would actually get restored – the hackers may simply lie to you. There’s nothing you can do to make them send you the decryption key for the data if they don’t want to do that. However, if you have already paid, the money is gone and there’s no getting it back. Furthermore, there is usually no way to track the hackers because the money is usually paid in BitCoin – an online currency that is virtually untraceable by regular users.

Option 2: Removal + alternative recovery solutions

With the help of the guide we have here, most (if not all) of you should be able to remove Darus with relative ease. After that is the time to use any backups you may have lying around your house or your online accounts. Also, several suggested alternative file restoration methods can be found in our data-recovery guide. However, similarly to the other option, no guarantees can be given about whether or not you’d actually manage to get all of the files back. The good thing here is that at least your money wouldn’t be put on the line.

Darus SUMMARY:

[add_third_banner]

Darus Ransomware Removal

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Darus

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Darus.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Darus , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Darus

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Darus Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Darus Decryption

The previous steps were all aimed at removing the Darus Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove Darus Virus Ransomware (+.Darus File Recovery) appeared first on Malware Complaints.

Ransomware cryptoviruses like Tocue aren’t a new type of malware – those infamous software threats have been around for quite some time (about three decades), and in the past several years, they have become quite a serious issue. Their main characteristics are their target and their method of operation. The thing that they target are the files of their victims. However, instead of corrupting them, modifying them or harming them in some way, the Ransomware infections simply lock them up, making the user of the infected machine incapable of accessing the locked data. The method used to achieve this is known as data-encryption – an advanced form of file-protection turned on its head to serve the goals of the anonymous criminals who are responsible for the creation and distribution of Ransomware threats.

What your options are if The .Tocue File has entered your system

Tocue is among the latest additions to the insidious family of Ransomware infections like Gusau or Madek, and its encryption is likely very sophisticated, which means there aren’t many options of bypassing it. The criminals’ goal is to blackmail you for the decryption key for your files – if you pay a ransom to the hackers, you are promised to receive that key. However, such promises are not to be trusted – you can never be sure what (if anything) would really happen if you pay the money. Also, not all users can easily spare couple of hundred (or thousand) of dollars to get their files unlocked, so that is another problem with the payment. Therefore, we have prepared a set of removal instructions for those of you with Tocue in their systems and we have also provided several recovery suggestions for your data. Sadly, we cannot guarantee the effectiveness of the file recovery options because of the advanced nature of the encryption used by Ransomware infections like Tocue. Still, we believe it is preferable to try the other options first, the ones that do not involve the ransom payment, before you consider the latter as an actual option.

Some useful tips for the future security of your data

Something that an incredibly big number of users forget about, a precaution that can nullify the effects of most cryptovirus threats, is the file-backup. An extensive backup of your important files is a surefire precaution that can make dealing with a Ransomware infection much easier. If you have all your files copied and saved on a location that can’t be reached by a cryptovirus (a cloud storage, an external drive, a flash-memory stick, etc.), your only concern would be eliminating the Ransomware, which, in and of itself, isn’t such a difficult task – the guide below and the anti-malware tool in it can help you rid your system of threats of this type.

 Another important thing to consider is to stay safe when browsing – keep an eye out for shady sites and questionable online content so that you can avoid them in order to prevent any future malware infections of your computer.

Tocue SUMMARY:

[add_third_banner]

Tocue Ransomware Removal

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Tocue

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Tocue.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Tocue , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Tocue

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Tocue Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Tocue Decryption

The previous steps were all aimed at removing the Tocue Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove Tocue Virus Ransomware (+.Tocue File Recovery) appeared first on Malware Complaints.

Gusau is a Ransomware based cryptovirus, which is programmed to encrypt the files, stored on a given computer, and to make them inaccessible for the user. Only the criminal who launches the attack has the special code (decryption key) to decrypt your files and no matter what you do, you may not be able to open or use them without that key. Generally, after the encryption has taken place, the criminal leaves a .TXT or .HTML file with a message that provides you with instructions on what you need to do to receive the decryption key for your files. Usually, you are requested to pay a certain amount of money (in Bitcoins) as a ransom for the key (hence, Ransomware). This is a basic, yet highly effective, blackmailing scheme, the only aim of which is to extort money from the unsuspecting web users, whose personal information has been locked down.

If you are reading this page because you have been attacked by Gusau, maybe you’re asking yourself, “Should I pay the ransom?” Or maybe you are looking for alternatives to remove the infection and restore your data by other means. In both cases, we have something for you here – a special guide with detailed removal instructions and a file-recovery section with suggestions on how to potentially restore some of your encrypted information without paying the ransom to the crooks.

The vast majority of contaminations with threats like Gusau, Berosuce or Madek occur via email spam campaigns, which are nothing more than fake emails, structured in a way that would make the victims think that the letters are legitimate. Those emails always ask for some action from the user, such as downloading an attachment or clicking on a link from a contaminated website. Of course, there are many other methods of distribution such as fake ads, cracked software, pirated content, illegal websites, etc. The moment the user interacts with the transmitter, the malware gets activated and begins to operate silently in the background of the system.

Can I recover any encrypted .Gusau file

This is a question that lacks an universal answer which can be given for each case of a cryptovirus infection. Yes, there are some variants of Ransomware, from which the victims have been able to recover the encrypted files, but there are also some that we still do not have the tools to decrypt, unfortunately. That’s why the best you could do is explore the alternatives, remove the infection from the system and give a try to some methods that may eventually help you get back some of the encrypted data when possible.

In case of an infection with Gusau, a full external file backup will be invaluable, but even if you don’t have backup copies of your files, there are still some methods you could try. For instance, you could follow the suggestions in the file-recovery section below, or check our list of free decryptor tools. However, before you give a try to any of the methods, make sure you have removed the Ransomware from your computer. Otherwise, if the harmful code remains active in the system, it may encrypt again everything you manage to recover, including your backup sources.

SUMMARY:

[add_third_banner]

Remove .Gusau Ransomware

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Gusau

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Gusau.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Gusau , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Gusau

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Gusau Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Gusau Decryption

The previous steps were all aimed at removing the Gusau Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove Gusau Virus Ransomware (+ .Gusau File Recovery) appeared first on Malware Complaints.

What is Madek Ransomware, how does it work and how can you fight it? If this is the question that has brought you to “How to remove guide”, then you are in the right place. Madek is a recently reported cryptovirus infection, which can silently encrypt all of your personal files in order to ask for a ransom for their decryption.

Although the vast majority of criminal groups are changing to banking Trojans, those who stick to Ransomware infections like this one are improving their blackmailing strategies. We are not talking about a new phenomenon, but over time, the infections of this type have significantly improved and are currently a huge issue to many web users.

Think of Madek as a blackmailing tool – just like most Ransomware threats, this one is a form of malware that, once it takes over your computer, blocks the access to your data. And, once the user’s data gets locked up so that the victim can’t open it, the attacker who is in control of the infection demands a ransom from the victim and promises to restore the access to the blocked data once the payment is made.

Ransomware is always evolving. With new and sophisticated variants such as Madek, Adame or Budak it poses new threats for both companies and individual web users. One of the most common ways of distribution is through email spam. The malware usually hides in attachments that reach the victim in an email, which resembles a file they should trust. Other methods of distribution include illegal websites, malicious links, malvertising, and cracked software installers. Therefore, apart from using reliable security software, the web users should always be mindful of the type and the origin of the web content they interact with.

Is it a good idea to pay the ransom for an encrypted .Madek file

We agree to the commonly given advice by most researchers and experts in the field paying the ransom requested by the criminals is not a good idea and you shouldn’t go for that. Sadly, even if you pay and fulfill all of the hackers’ demands, there is absolutely no guarantee that they will restore your files and everything will get back to normal. That’s why it is a good idea to focus on removing Madek and then trying out some alternative methods you can use to restore your files. For instance, you can use your personal backups or give a try to the file-recovery instructions in the removal guide below. Obviously, we cannot tell you how likely it is that you will recover all of your data but we can at least help you to remove the infection and make your computer safe again.

When it comes to preventing any malware attacks, knowledge is the key. Since email spam is the most popular method of distribution for Ransomware, you must be very careful with what emails you open and what files you download. You should also consider investing in reliable anti-virus software. One that is capable of blocking the Ransomware so that it stops the infection before the encryption even begins. The third and VERY IMPORTANT thing is to create backup copies of your data on a regular basis. It is important to use an external drive or a cloud storage that includes high-level encryption and multi-factor authentication. But above all, use your common sense. If something seems suspicious, it probably is, and you should avoid it.

SUMMARY:

[add_third_banner]

Remove the .Madek Ransomware

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Madek

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Madek.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Madek , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Madek

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Madek Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Madek Decryption

The previous steps were all aimed at removing the Madek Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove Madek Virus Ransomware (+ .Madek File recovery) appeared first on Malware Complaints.