Remove CryptConsole Ransomware (unCrypte@outlook.com virus)

How to Remove CryptConsole Ransomware?

CryptConsole shares many similarities with the infamous Globe Ransomware. For example, both infections use the same ransom note. It seemed that CryptConsole is just another variant of Globe but, luckily, this isn’t the case. You’ve fallen victim to an imitator parasite. For those of you unfamiliar with the Globe Ransomware – it’s an incredibly destructive infection. The good news here is, CryptConsole has nothing to do with Globe. This program isn’t half as harmful as it could have been. First and foremost, the sneaky CryptConsole virus doesn’t encrypt files. It just pretends that it does. Now, how do ransomware programs work? They add a malicious extension to the target data. This appendix is a clear sign that an encryption process has successfully ended. CryptConsole takes advantage of that. The parasite does add an extension to your personal data. However, that is it. There are no encrypting algorithms. There is no locking your files. CryptConsole relies on the horrifying glory ransomware-type parasites have. It attempts to use imaginary encryption in order to steal your money. Nasty, isn’t it? CryptConsole renames your data to unCrypte/decipher_ne@outlook.com_[original file name]. You can probably tell why the virus adds an email address in there. At the end of the day, this is a scam. An aggravating cyber fraud that’s aiming directly at your bank account. You see, hackers are trying to trick you into contacting them. As mentioned, you will come across one of two email addresses – unCrypte@outlook.com and  decipher_ne@outlook.com. Stay away from both. You have absolutely no reason to negotiate with crooks. All your personal files get renamed. Pictures, music, Microsoft Office documents, videos, presentations. Whatever you’ve stored on your device, gets renamed. That is how ransomware usually works. However, ransomware usually encrypts files as well. Remember that your information is perfectly intact. It was only renamed because some people could be careless enough not to check their files. Those are the people who get blackmailed. CryptConsole drops a HOW TO DECRYPT YOUR FILES to your desktop. That’s your ransom message. Crooks demand 0.2 Bitcoins which equals about 184 USD in exchange for a decryptor. According go the ransom notes, the only way to free your data is by using this special decryption key. You can’t really decrypt something that’s not locked, though, can you? CryptConsole is a nasty infection that simply has to go. The sooner, the better.

How did I get infected with?

One notoriously famous trick involves spam messages/emails. It is, without a doubt, very effective. Next time you receive something suspicious in your inbox, delete it. Clicking a corrupted email open will let loose the virus behind it. Thus, keep in mind how tricky malware is. Instead of allowing hackers to compromise your PC, pay attention. Ransomware and Trojans might get disguised as legitimate emails. Job applications, for instance. Restrain yourself from opening messages unless you personally know the sender. This might save you quite a headache later on. Another thing to watch out for are fake software updates. Some infections also travel the Web bundled with safe programs. It is up to you whether you’ll deselect the potential intruder on time or not. You would have to delete the parasite afterwards. Do the right thing and protect your PC from malware. Now that you know how dangerous ransomware is, do not let it get to you again. These nuisances get distributed via exploit kits, malicious torrents, illegitimate websites/programs, etc. There’s no such thing as being too cautious while surfing the Internet.

Remove CryptConsole

Why is CryptConsole dangerous?

Your files appear to be encrypted. They are just renamed, though. CryptConsole doesn’t lock data and doesn’t hold it hostage. Then why pay? If you end up with this program on board, uninstall it. That’s all you have to do because your data is accessible. The very last thing you should do is contact crooks. Not only will they try to convince you to pay but they may get access to your personal data as well. Long story short, keep your Bitcoins and don’t let hackers involve you in a fraud. The stealthy CryptConsole ransomware shamelessly lies to your face. Forget about its non-existing decryptor and take action now. To delete it manually, please follow our detailed removal guide down below.

CryptConsole Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover CryptConsole Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with CryptConsole encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate CryptConsole encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment