Windows Problems Help Center

Thursday, September 10, 2015

How to Delete Thoroughly? (Ransomware Removal Guide)

Victim: "We got hit again with new Crypto ransomware. This time it's <extension>.id-<number>
From the info i got now, it encrypts all kind of documents.
Sample file is encrypted in this way:"

Know about <extension>.id-<number>

<extension>.id-<number> is another new Cryto Ransomware which is developed by cyber criminal to cheat victims' money by encrypting all kind of document. It is usually spread via spam email attachments  and hacked/corrupted websites. Besides, It hides itself inside the main software to bypass your attention. Some malware may also contain this infection.

Once infected, it will store itself in the Temp folder as a random named executable. And then it creates a hidden random named job in Task Scheduler so that this malware launches executable every time you start up your computer. You will be noticed with a message that your computer was attacked by virus and your files are encrypted and recovery is impossible without the original key. You are asked to contact them by the e-mail, you should never attempt to trust it,; otherwise, it collects your information and may ask you to send them certain amount of money. Thus, what you should do now is to take action to get rid of <extension>.id-<number> ransomware as soon as possible. If you have no idea to do, please follow the removal instruction below.

Instructions to Get Rid of <extension>.id-<number>

Solution 1. Remove <extension>.id-<number>

Step 1: Stop related running processes in Windows Task Manager first.

( Methods to open Task Manager: Press CTRL+ALT+DEL or CTRL+SHIFT+ESC or Press the Start button->click on the Run option->Type in taskmgr and press OK.)

Step 2:  Show all hidden files and clean all the malicious files about <extension>.id-<number>
  1. First, click the button Start and then click Control Panel.
  2. Second, click Appearance and Personalization.
  3. Third, click Folder Options. And then, click the View tab in the Folder Options window. And choose Show hidden files, folders, and drivers under the Hidden files and folders category.
  4. Finally, click Apply at the bottom of the Folder Options window.

Clean all the malicious files about this computer virus as below.

C:\Program Files\<random>

Step 3:Find out the related registry entries and delete.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command "(Default)" = "C:\Documents and Settings\test\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" http://www.<random>.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "C:\Program Files\Internet Explorer\iexplore.exe http://www.<random>.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>"

Step 4:Clear all the cookies of your affected web browsers.

Since the tricky virus has the ability to use cookies for tracing and tracking the internet activity of users, it is suggested users to delete all the cookies before a complete removal.

Google Chrome:

Click on the "Tools" menu and select "Options".
Click the "Under the Bonnet" tab, locate the "Privacy" section and Click the "Clear browsing data" button.
Select "Delete cookies and other site data" and clean up all cookies from the list.

Mozilla Firefox:

Click on Tools, then Options, select Privacy
Click "Remove individual cookies"
In the Cookies panel, click on "Show Cookies"
To remove a single cookie click on the entry in the list and click on the "Remove Cookie button"
To remove all cookies click on the "Remove All Cookies button"

Internet Explorer:

Open Internet explorer window
Click the "Tools" button
Point to "safety" and then click "delete browsing history"
Tick the "cookies" box and then click “delete”

>>Method 2:Remove <extension>.id-<number> automatically (by use of SpyHunter removal tool)

Scan your PC and remove threats with SpyHunter

SpyHunter is a powerful anti-spyware application that can help computer users to eliminate the infections such as Trojans, worms, rootkits, rogues, dialers, and spywares. SpyHunter removal tool works well and should run alongside existing security programs without any conflicts.

Step 1: Click the button to download SpyHunter

Step 2: After finishing downloading, click Run to install SpyHunter step by step.

Step 3: After the installation, click “Finish”.

Step 4: Click "Malware Scan" to scan and diagnose your entire system automatically.

Step 5: As the scanning is complete, all detected threats will be listed out. Then, you can click on “Fix Threats” to remove all of the threats found in your system.

Optimize your PC with RegCure Pro

Malware prevention and removal is good. But when it comes to computer maintenance, it is far from enough. To have a better performance, you are supposed to do more works. If you need assistant with windows errors, junk files, invalid registry and startup boost etc, you could use RegCure Pro for professional help.

Step 1. Download PC cleaner RegCure Pro

 a) Click the icon below to download RegCure Pro automatically

 b) Follow the instructions to finish RegCure Pro installation process

Step 2. Run RegCure Pro and start a System Scan on your PC.

Step 3. Use the in-built “Fix All" scheduler to automate the whole optimization process.

Summary: Manual removal of <extension>.id-<number> is complex and risky task, as it refers to key parts of computer system, and is recommended only for advanced users. If you haven’t sufficient expertise on doing that, it's recommended to download SpyHunter to help you.

No comments:

Post a Comment