EbolaRnsmwr Ransomware

Posted by Sarah Stewart on November 26, 2018

What is EbolaRnsmwr Ransomware?

Ransomware infections are one of those computer threats that apply changes once they infiltrate computers. EbolaRnsmwr Ransomware will apply changes too if it ever slithers onto your computer. Luckily, this malicious application is still in development and thus should not encrypt your files if it ever happens that it successfully enters your computer. Also, this infection is not prevalent, which means that you should not encounter it if you are cautious. Security specialists highly recommend keeping security software installed on the system. Additionally, ignoring all attachments from suspicious emails might considerably lower the chance of encountering EbolaRnsmwr Ransomware. If you have still encountered this threat, it must be removed as soon as possible. Do not worry; it is very likely that it has not encrypted a single file on your computer even though it tries to convince you that “your files got encrypted, what means you can’t use them anymore.” Have you encountered the updated version of EbolaRnsmwr Ransomware that has locked files in all the major directories on your PC? In such a case, you should not rush to pay a ransom to cyber criminals – you have no guarantees that the ransom will fix your problem. In our opinion, the malware removal is the first thing any user who encounters it has to do in the first place.testtest

What does EbolaRnsmwr Ransomware do?

EbolaRnsmwr Ransomware is still in development, so, at the time of research, it encrypted only one folder named Test. If you have encountered this infection but, luckily for you, do not keep such a folder on your Desktop, you will not find any files encrypted. Research conducted by our malware researchers has clearly shown that EbolaRnsmwr Ransomware targets the most important users’ files with the following filename extensions: .txt, .ppt, .pptx, .doc, .docx, .xls, .xlsx, .png, .csv, .sql, .asp, .html, .psd, .exe, .gif, .mp3, .mp4, etc. Encrypted files are separated from those that are left unencrypted by simply attaching the .101 extension to all of them, for example, picture.jpg will turn into picture.jpg.101. The ransomware infection also changes Wallpaper and drops a .txt file (READ_ME.txt) on Desktop after the successful entrance. Additionally, EbolaRnsmwr Ransomware opens a window with a timer and several buttons. It holds a message for users. By displaying it, the malicious application tries to convince victims that their files have been locked and they must use Amazon gift cards to pay a ransom and get files decrypted. There is also an explanation of how EbolaRnsmwr Ransomware has possibly entered the user’s computer: “You are prob. very stupid and you tried to download something which is a pirated program.” If you have encountered the version of EbolaRnsmwr Ransomware that is still in development, your files have not been encrypted. As a consequence, there is no point in paying money for the decryption of files. You just need to fully remove the ransomware infection from your system.

Where does EbolaRnsmwr Ransomware come from?

Several typical ransomware distribution methods can be distinguished. Ransomware infections are often dropped on users’ computers the moment they enter malicious email attachments. Second, crypto-threats may be distributed masqueraded as useful programs too. Users, of course, find out that this is malware they have installed on their PCs when it is too late to change anything. Security experts say that users should not click on random links and advertisements they are presented with too because one click on a wrong advertisement/link might result in the successful entrance of a harmful application. If you do not trust yourself very much, you can entrust your system security to a reputable antimalware tool instead. It must be installed on every computer connected to the Internet, specialists say.

How to delete EbolaRnsmwr Ransomware

Do not keep EbolaRnsmwr Ransomware active on your system even if you have encountered its beta version that does not lock any files because you could not use your computer normally – its Task Manager will stay disabled. EbolaRnsmwr Ransomware drops several different components on affected computers. Your job will be to take care of them all if you decide to delete this threat manually. All malicious components must be removed to make sure the threat does not stay active on the system.

EbolaRnsmwr Ransomware removal guide

  1. Tap Win+R.
  2. Type regedit and click OK.
  3. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  4. Double-click on the Value named DisableTaskMgr.
  5. Change its Value data from 1 to 0.
  6. Save the changes.
  7. Press Ctrl+Shift+Esc.
  8. Under Processes, locate the process representing the ransomware infection (it should have the description EbolaRnsmwe).
  9. Double-click on it and open its location.
  10. Kill the process.
  11. Delete the file from the opened directory.
  12. Locate the 000payload.exe process in Task Manager.
  13. Double-click on it and open the file location.
  14. Kill the process.
  15. Remove the 000payload.exe file (it is placed in %APPDATA%).
  16. Delete the ransomware installer if you can locate it.
  17. Remove READ_ME.txt dropped on Desktop (%USERPROFILE%\Desktop).
  18. Remove pass.decrypt from %USERPROFILE%\Documents.
  19. Change your Wallpaper.
  20. Empty Trash. 100% FREE spyware scan and
    tested removal of EbolaRnsmwr Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *