How to Remove Dispci.exe (Attention! Bad Rabbit Ransomware)

This article can help you to remove Dispci.exe Virus. The step by step removal works for every version of Microsoft Windows.

A new massive cyber attack is affecting computers around the world. Bad Rabbit Ransomware is spreading faster than wildfire. If you have detected the Dispci.exe application in your Task Manager, the news is terrible. Your computer is infected with Bad Rabbit Ransomware. This virus enters your computer in complete silence and wreaks havoc. It lurks in the shadows and locks your personal files. Upon infiltration, Bad Rabbit scans your HDD for target files. It targets user-generated files such as pictures, videos, documents, archives, databases, etc. Then, the virus encrypts the files with a combination of RSA and AES encryption algorithms. This happens in the background. You will not even notice it. The Dispci.exe application is responsible for the encryption process. Unfortunately, you cannot simply stop this app. It is a bit more complicated than that. Bad Rabbit is quite sophisticated virus. The Russian security giant Kaspersky has connected this ransomware with the infamous NotPetya (Petya) Ransomware. NotPetya made headlines last June. This virus caused chaos in Ukraine and Russia. Bad Rabbit Ransomware is following its steps. The researchers at Kaspersky also inform that despite the similarities between the two viruses, there are also notable differences between them. Bad Rabbit is spreading faster than NotPetya. It is infecting computers mainly in Ukraine and Russia, however, attacks are also detected in Turkey, Bulgaria, and Germany. Security experts remind that the virus can easily reach any part of the world. Another key difference between the two viruses is that Bad Rabbit is not “wiper.” Its creators can reverse the encryption. Which is not the case with NotPetya. Once infected, no one can do a thing about it.

Remove Dispci.exe

How did I get infected with?

To reach its victims, Bad Rabbit Ransomware uses a lot of trickery. The unsuspected user is redirected to scam website. There, a message states that your Flash is outdated. To view the content on the page you must update it. You click on the button and download a fake software update (install_flash_player.exe). So far, so good. The ransomware does not have a script that can initiate the installation (this is one of the differences between Bad Rabbit and NotPetya). Instead, it relies on your “help.” The moment you start the bogus update is the moment you infect your device. The ransomware, however, is no longer relying on this distribution method only. Bad Rabbit Ransomware is also distributed via phishing messages. You know the scheme. The crooks write on behalf of well-known organizations. They camouflage the virus payload file as an important document. Don’t expect a file named Dispci.exe. No, it will be renamed to something else, such as invoice.pdf, cv.doc, etc. Once you open that document, the virus is “freed.” Your caution, however, can prevent this technique from succeeding. Before you open a suspicious email, verify the sender. Simply enter the questionable email into some search engine. If it was used for shady business, someone might have complained. Even when you open such a message, you should not let your guard down. The email may contain links. These links can be corrupted, so don’t follow them blindly. Don’t download anything unless you are absolutely sure that it is safe. Even if you are sure, scan everything with a trustworthy anti-virus app. A little extra caution can go a long way.

Why is this dangerous?

Once on board, Dispci.exe will not stop. It is part of Bad Rabbit and starts together with your OS. It makes your PC useless. If you create new files, Dispci.exe will lock them. You should restrain yourself from using online banking and social media. It is possible for the virus to spy on your actions. So, don’t type personally identifiable information, credit card details, sensitive data of any sort. Your best course of action is the removal of the parasite. Bad Rabbit demands 0.05BTC (about $289 USD). Do not pay. The hackers tend to ignore their victims once the ransom is paid. Even if they send you a decryption instructions, they may not work. Some of your files may remain locked. You cannot ask for a refund. You are dealing with cybercriminals. Besides, it seems that the creators of Bad Rabbit are aiming at the business. They may not pay any attention to the regular user. Don’t get in touch with the cooks. You cannot win against them. Consider discarding your files. The ransomware deletes all system backup files stored on your machine. However, if you have backups saved on external devices, you can use them. Don’t plug anything in your infected machine, though. The ransomware will infect your storage. Your first action should be the removal of the infection. Use a trustworthy anti-virus program and run a full system scan. We have also provided a manual removal guide. However, it requires a bit more advanced computer skills. If you are not confident in yours, use an automated solution. This is the safest and easiest way to deal with Bad Rabbit.

Manual Dispci.exe Removal Instructions

The Dispci.exe infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the Dispci.exe infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down Dispci.exe related processes in the computer memory

STEP 2: Locate Dispci.exe startup location

STEP 3: Delete Dispci.exe traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down Dispci.exe related processes in the computer memory

  • Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Carefully review all processes and stop the suspicious ones.

end-malicious-process

  • Write down the file location for later reference.

Step 2: Locate Dispci.exe startup location

Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

Clean Dispci.exe virus from the windows registry

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

  • A dialog box should open. Type “Regedit”

regedit

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:

hosts-redirect-virus

Step 4: Undo the possible damage done by Dispci.exe

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for Dispci.exe, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

  • Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
  • go to Network and Internet
  • then Network and Sharing Center
  • then Change Adapter Settings
  • Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!

 

  • Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove Dispci.exe Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.

Leave a Comment