Remove BonziBuddy Ransomware

How to Remove BonziBuddy Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

yOUR A BONZIBUDY LOVER
YOUR FILES ARE MINE
[text box]
OK [button]
Save your Computer
yOU SUCK BYE

BonziBuddy is not your buddy. It’s a poorly programmed ransomware infection. Today’s article is all about this brand new virus. Hackers have obviously gotten inspiration from the BonziBuddy desktop assistant. However, while the original BonziBuddy helps you surf the Internet, this one wreaks havoc. We’ve already tackled many, many ransomware-type parasites. Locky, Thor, Heimdall, RotorCrypt, Esmeralda, Cerber…. It’s an impressively long list. Ransomware is the most popular type of virus currently online. Do you know why? Hackers only have one reason to develop these parasites. Money. Yes, it’s that simple. Ransomware-type viruses are nothing but cyber scams that aim at your bank account. BonziBuddy locks your private data. It goes after pictures, music, videos, documents, etc. Anything of value you’ve stored on board gets encrypted. Ransomware programs use various encrypting algorithms. Thanks to these ciphers, you’re being denied access to your own files. Think about it. Your own information stored on your own machine. As mentioned already, BonziBuddy is imperfect. Once it encrypts your data, you see a bizarre window. For starters, none of the buttons there works. Secondly, the parasite gives you instructions in terrible English. According to its ransom note, “you’re a BonziBuddy lover”. Are you, though? Are you really? This infection may be a creation of people with little to none knowledge about ransomware. However, it might still be under development. Never underestimate hackers and the parasites they develop. BonziBuddy is the nth unpredictable cyber parasite out there. It’s more than capable of causing you harm so don’t hesitate. After it encrypts your data, this program demands money from you. It displays ransom instructions and offers you a deal. A highly questionable, dangerous deal. You’re supposed to pay a certain sum of money in Bitcoins. In exchange for your money, you receive a decryption key. Or so the parasite claims. Are you willing to negotiate with cyber criminals? Furthermore, are you willing to give them your money? Hackers are the people who locked your data in the first place. Do not reward them for that. Crooks’ ransom message ends with the words “You suck bye”. All that hackers do is insult you, threaten you and lie to you. Obviously, paying the ransom would be a horribly wrong move.

How did I get infected with?

Unfortunately, infections have many tactics to choose from. That makes it difficult to determine how the parasite sneaked in. However, some infiltration methods are more commonly used than others. For example, spam emails/messages. Those are among the oldest techniques to spread parasites online. They are still incredibly effective. To protect your machine, watch out for unreliable email-attachments. One single careless click is all it takes to compromise your PC. Don’t open untrustworthy emails. Delete them instead. Hackers send all kinds of parasites straight to your inbox. Don’t overlook any potential threat online. BonziBuddy might have sneaked in with the help of another infection. More often than not, it’s a Trojan horse. Take your time to check out the device for more parasites. The ransomware may not be the only virus on board. Also, beware of exploit kits, malicious torrents, unsafe websites, corrupted ads. Last but not least, infections often get spread in bundles. Next time you download unverified freeware/shareware, be cautious.

Why is BonziBuddy dangerous?

The ransomware brings along various threats and dangers. It performs a thorough scan on your computer searching for private data. By locking your files, BonziBuddy could cause you some serious damage. Let’s say you’ve stored some precious pictures with no backup. Or, you’ve stored some extremely important work-related files. All of these get locked. The encrypted data gets renamed and receives some malicious extension. That’s how you know your files are inaccessible, unreadable and useless. BonziBuddy holds your information hostage and asks for a ransom. The sum demanded is not a small one either. What you need to do is ignore this infection’s empty threats. Paying will not guarantee anything. In which parallel universe is it a good idea to make a deal with criminals? In none. Crooks promise a special decryptor that should free your files. They don’t deliver, though. Don’t even consider playing by hackers’ rules and keep your Bitcoins. BonziBuddy must be deleted on the spot. To do so manually, please follow our detailed removal guide down below.

BonziBuddy Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover BonziBuddy Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with BonziBuddy encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate BonziBuddy encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.