Remove Smartransom Ransomware

How to Remove Smartransom Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

你好
你一定很想知道我是谁
我告诉你吧,我是你爹
我把你电脑里重要文件都加密了
你一定很想打我对不对
扫描屏幕上的二维码,向我付款
芫事后我会给你解密工具
记得把屏幕上方的密钥记下来哦
这样我才能帮你解密嘛

Below is the text of the above ransom note translated into English:

Hello
Do you know who I am?
I am your father.
Your files have been encrypted.
Scan the two-digit code on the screen.
Do not forget to write down the key on the top screen so I could give you the decryption tool.


Ransomware viruses are the most dreaded and feared computer infections. The newest member of their family is a win-locker named SmartRansom. This virus appears to target computer users in the Asian-Pacific. Yet, the Internet has no boundaries. Infections may occur all around the world. The virus uses trickery to sneak into its victims’ computers. It acts as a typical ransomware infection. In complete silence, the virus would scan your HDD and encrypt all target files. Once the encryption process is complete, SmartRansom would display its ransom note. Unlike other such viruses, SmartRansom urges its victims to scan two QR codes. One of the codes connects the victim with the hacker via popular chat platform. The other code is linking to a cyber wallet. The ransom note states that the victims will receive instructions on how the payment should be made and the total amount of the ransom. We strongly recommend against contacting the hackers. These people are cyber criminals. They will double-cross you for sure. Besides, by contacting them, you are giving them a way to contact you back. They may use it to further harass you or even infect your mobile device. Therefore, don’t get in touch with the cyber criminals.

How did I get infected with?

SmartRansom uses classic strategies to travel the web. This virus is linked to pornographic websites. It is very likely that it was transferred via fake file download, corrupted attachments or even drive-by downloads. The key to a secure and infection-free computer is caution. You can prevent most cyber infections if you are vigilant. First of all, you must stay away from shady websites. An infected website can execute a drive-by download. Such downloads are automatic. They start without the user’s interaction and have no visualization. Hence, they are almost completely invisible. One click is all it takes for a virus to be downloaded. Hackers tend to attach corrupted files to emails. They may also embed malicious code into the body of the email. Therefore, before you open an email from strangers, check the sender’s contacts. You can enter the questionable email address into some search engine. If it was used for shady business, someone might have complained online. Yet, new emails are created every day. If you are part of the first wave of spam messages, there may not be any evidence online. Double-check the sender. If the message pretends to be sent from a company, visit their official website. You will be able to find a list of their authorized email addresses there. Compare them with the one you have received a message from. If they don’t match, delete the spam email immediately.

remove SmartRansom

Why is Smartransom dangerous?

SmartRansom is hazardous. It urges you to contact the hackers behind it. This is not a recommended action. These people are dangerous. They will not hesitate to threaten you. The crooks promise to send you a decryption key after you pay for it. Yet, practice shows that crooks tend to ignore the victims. No one can guarantee you that these criminals will keep their part of the deal. They may send you a partially working decryption key and blackmail you for more and more money. Be rational. Ignore the ransom note. Consider discarding your files. Clean your computer and start backing up your files on external memory. This way you will be prepared if a ransomware strikes again.

Smartransom Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Smartransom Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Smartransom encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Smartransom encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment