Scarab-Bin Ransomware

Posted by Lisa Blanc on July 18, 2018

What is Scarab-Bin Ransomware?

Scarab-Bin Ransomware could change your Desktop picture with an image that should have a text on it saying: “Hello my friend! For instructions for decrypting files, please write here: mrbin775@gmx.de mrbin775@protonmail.com.” Unfortunately, users who encounter this malicious application might need decryption tools since the infection locks various private files with a secure encryption algorithm. Nonetheless, we would still recommend against contacting the malware’s creators as it could lead to them asking for a ransom and if you pay it, you might find you have lost the money in vain. That is because there is always a possibility the hackers will not bother to send decryption tools even if they promise or guarantee it. Therefore, if you do not like the idea of being tricked, we would advise erasing Scarab-Bin Ransomware with the instructions located at the end of the article or a legitimate antimalware tool.testtest

Where does Scarab-Bin Ransomware come from?

Knowing where threats like Scarab-Bin Ransomware come from might help you learn how to avoid them in the future. Our researchers at Anti-spyware-101.com say the most popular distribution channels are Spam emails, malicious file-sharing web pages, and unsecured Remote Desktop Protocol (RDP) connections. Meaning to stay away from such malicious applications one must ignore suspicious emails, avoid visiting torrent websites, and remove all possible computer’s vulnerabilities. Additionally, users are advised to employ a legitimate antimalware tool of their preferences. Such software may identify infections before they have a chance to do any damage. However, keep it in mind to be able to locate newer threats the chosen tool must be updated whenever it is possible. Otherwise, it could be ineffective against malware created recently.

How does Scarab-Bin Ransomware work?

Our researchers report, Scarab-Bin Ransomware does not lock the screen or ruin files belonging to the operating system, which is why the infected computer should remain to be bootable. As mentioned at the beginning of the text, the malware encrypts files important to the user, for example, photographs, videos, various documents, and so on. Naturally, the encryption process should be completed first and in secret. Meaning, replacing the user’s desktop should be carried out later on.

Another thing we notice was beside the image placed on the user’s Desktop; the malicious application may also create a text document called HOW TO RECOVER ENCRYPTED FILES.TXT. Inside of the ransom note the user should find an almost identical message except this time, it should not address the victim as done in the picture’s text (“Hello my friend!”). One of the emails mentioned in the ransom note should be seen on each encrypted file as well since the malware could append the .[mrbin775@gmx.de].bin extension to all affected files.

If you are considering contacting Scarab-Bin Ransomware’s developers as the notes suggest you should know they might demand you pay a ransom to get decryption tools. The problem is, there is not knowing if they have such tools or if they will fulfill their promises to deliver it. Thus, for those who do not want to risk losing their savings in vain, we would recommend eliminating this malicious application at once. It would be safer to recover files from backup, although it is essential to stress it should be done only after the threat is erased.

How to remove Scarab-Bin Ransomware?

One of the ways to get rid of Scarab-Bin Ransomware is to erase all files belonging to it manually. This process might require some patience, but if you want to try it, you could use the instructions available at the end of this paragraph. Another way to remove the threat once and for all is to scan the system with a legitimate antimalware tool. It should detect the files belonging to the malware and once the scan is over the user should be able to eliminate this data by pressing the given deletion button.

Get rid of Scarab-Bin Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Launch Task Manager.
  3. Look for the infection’s process.
  4. Select the malicious process and press End Task.
  5. Leave the Task Manager.
  6. Click Windows key+E.
  7. Find these folders:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. Look for the malware’s launcher (file opened before the computer got infected), then right-click it and press Delete.
  9. Search for this path: %APPDATA%
  10. Find a file named updlive.exe, right-click it and press Delete.
  11. Locate HOW TO RECOVER ENCRYPTED FILES.TXT and {random letters}.bmp in the %USERPROFILE% folder, right-click these files and select Delete.
  12. Exit File Explorer.
  13. Press Windows key+R.
  14. Insert Regedit and press Enter.
  15. Navigate to this path: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  16. Search for a value name called Update Live and a value name with a title from 10 random letters, for example, ikNMQMYfEc.
  17. Right-click these value names and press Delete.
  18. Close Registry Editor.
  19. Empty your Recycle bin.
  20. Restart the system. 100% FREE spyware scan and
    tested removal of Scarab-Bin Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *