PooleZoor Ransomware

Posted by Sarah Stewart on September 4, 2018

What is PooleZoor Ransomware?

PooleZoor Ransomware shows a ransom note asking to pay 10,000,000 Riyal. The sum seems ridiculous, especially when it is asked for decrypting files located on the Desktop folder alone. The malware does not encrypt any other data than the files available on the user’s Desktop directory. No doubt, there might be users who keep a lot of important files there, but for some users, it could be a few pictures, perhaps documents with details of their online purchases, etc. What we are trying to say is there is a chance the malicious application may not encipher any data that would be worth paying a ransom for. However, we do not think there was some mistake. The simplest explanation would be PooleZoor Ransomware could be just a test version, and the next release might damage more files and ask for a more reasonable sum to pay. For more information about it, we urge you to read our full article. Also, should you need deletion instructions, keep it in mind you can find them at the end of this text.test

Where does PooleZoor Ransomware come from?

It is questionable whether PooleZoor Ransomware is being distributed at all for now, but if it was, we believe the hackers behind it might choose to spread it via Spam emails or malicious setup files. Either way, avoiding such threats is only possible if the user is cautious when interacting with data downloaded from not so reliable sources, for example, P2P file-sharing networks. Email messages from someone you are not familiar with or urging you to do anything by making you panic should be dealt with caution too. For instance, before launching attachments sent together with such messages you could scan them with a legitimate antimalware tool. The same advice would do when encountering any suspicious material.

How does PooleZoor Ransomware work?

According to our researchers at Anti-spyware-101.com the malicious application is based on an open-source ransomware called Hidden Tear. Same as the mentioned threat it should start encrypting user’s files immediately. As said earlier, the data PooleZoor Ransomware targeted files should be located on the Desktop directory. What’s more, it looks like the malware can encipher files that have the following extensions: .apk, .accdb, .xlsx, .pptx, .ppsx, .rar, .zip, .pdf, .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, and .psd. During the process, the files get a second extension placed at the end of their titles, for example, text.docx.poolezoor.

Furthermore, after encrypting user’s Desktop files, PooleZoor Ransomware should drop a text document with a particular message. Translated from Hindi the ransom note’s text says that the user has to pay 10,000,000 Riyal for a great cause. Yet, there is no information on how to transfer the requested sum, but as we said earlier give the price, the hackers are most likely testing the malware and do not expect anyone would be willing to pay such a vast sum. Of course, the ransom notes displayed by updated versions could ask for a more reasonable price, and there might be information on how to pay the ransom too. Users should never forget there are no guarantees when dealing with hackers and such people should not be trusted.

How to erase PooleZoor Ransomware?

Currently, the malicious application could be deleted manually if you only locate and remove its launcher (some suspicious file downloaded earlier). To make this task easier the instructions located below will explain where to look for it and how to get rid of it. For less experienced users who find the instructions a bit complicated we would recommend acquiring a legitimate antimalware tool that could take care of PooleZoor Ransomware for them.

Eliminate PooleZoor Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Search for the threat’s process.
  4. Select this process and click End Task.
  5. Leave Task Manager.
  6. Tap Windows key+E.
  7. Navigate to the following paths:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. Find the file that infected the device.
  9. Right-click the malicious file and press Delete.
  10. Locate the malware’s ransom note (might be called READ_me_for_encrypted_Files.txt), then right-click it and press Delete.
  11. Close File Explorer.
  12. Empty your Recycle bin.
  13. Restart the system. 100% FREE spyware scan and
    tested removal of PooleZoor Ransomware*

Stop these PooleZoor Ransomware Processes:

a5e5e6712d2dfe41e7e0e725460f2579cfc4e8a7a835e4d8e528f1999959c32f.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *