Remove WINDOWS\INFPUB.DAT Virus

This article can help you to remove WINDOWS\INFPUB.DAT Virus. The step by step removal works for every version of Microsoft Windows.

If you haven’t heard it already, there is a massive ransomware outbreak. Bad Rabbit Ransomware is responsible for computer infections in Ukraine, Russia, Turkey, Bulgaria, and Germany. If you have detected the WINDOWS\INFPUB.DAT file in your system, we have bad news for you. Your computer has fallen victim of Bad Rabbit Ransomware. WINDOWS\INFPUB.DAT is the main module of the virus. It is located in your C:\Windows directory. It is run by the rundll32.exe and is used to scan devices connected to your Local Network. This function is still under development. It will probably be used in future versions of the virus. It is hard to say what the hackers plan. WINDOWS\INFPUB.DAT is probably part of not yet developed Bad Rabbit distribution method. At this point, we can only speculate. Nevertheless, the existence of WINDOWS\INFPUB.DAT on your computer is a sign that your machine is infected. Even now, as you read this article, the ransomware is working in the background. Bad Rabbit is lurking in the shadows and wreaks havoc. Once on board, it drops the INFPUB.DAT files as well as the main DLL and two malicious apps. These four elements work together to lock your files. Bad Rabbits cans your HDD. It targets user-generated data such as your pictures, videos, music, documents, databases, etc. Then, it encrypts them with an unbreakable cipher. Only after the completion of the encryption process, will the ransomware reveal itself. It drops its ransom note, which demands 0.05 BTC (about $289 USD). Whatever you do, don’t rush. Bad Rabbit is a descendant of the dreaded NotPetya (Petya) Ransomware. There are notable differences between the two, however, they are equally destructive. Both viruses are probably created by the same hackers, too. However, unlike Petya, the hackers behind Bad Rabbit can reverse the encryption. In exchange for a hefty sum, of course. We recommend against paying the ransom, though. You are dealing with cybercriminals. You cannot expect them to keep their part of the deal.

How did I get infected with?

The existence of WINDOWS\INFPUB.DAT on your PC means that Bad Rabbit has successfully installed itself. The question is: how did it manage to enter your machine unnoticed? One key difference between Bad Rabbit and NotPetya is that Bad Rabbit relies on your naivety. This virus cannot infect our computer without your “help.” The virus employs a lot of trickery. The scheme is not that inventive, yet, quite effective. One way or another, you end up on a website that states that your Flash is outdated. In order to view the content on the page, you must update your software. You click on the provided link and download the update (file install_flash_player.exe). So far, so good. Then, you execute the file. And this is the exact moment you gave the virus admin privileges. From this point onward, it can do whatever it is programmed to do and you can’t do anything about it. Smart, isn’t it? Yet, Bad Rabbit does not rely only on this distribution method. It is also spread via phishing emails. The scheme is the same. You download the corrupted file. You execute it. And that’s it. A little extra caution, however, could have prevented this infection! Learn your lessons. Don’t repeat the same mistake again!

Why is this dangerous?

Currently, Bad Rabbit cannot be decrypted. This ransomware is devastating. It keeps your files as hostages. Consider discarding them. You should not pay the ransom. The hackers behind Bad Rabbit cannot be trusted. They are cybercriminals. You cannot expect them to keep their word. Hackers tend to ignore the victims once the ransom is paid. Even if they send you a decryption instructions, they may not work for all of your files. Also, keep in mind that the decryption process does not remove the virus itself. Bad Rabbit may re-encrypt your newly restored files. How many times do you plan to pay for your files? The answer should be “None.” You are in a bad, bad situation. There is nothing you can do to restore your files for free. Or, is there? If you have system backups saved on external devices, you can use them to restore at least some of your precious files. Be warned, though. If you plug your external memory to the infected computer, you will infect it. So, eliminate the virus furs. Bad Rabbit is a complicated parasite. So is its removal. We recommend you to use a trustworthy anti-virus app. We have also provided a manual removal guide. Act now! You don’t have much time to wait. The hackers are working hard on their ransomware. If they manage to update the virus, the WINDOWS\INFPUB.DAT file may infect all devices connected to your Local Network. Don’t wait to see what will happen. All possible outcomes are unwanted. Take action against the infection now!

Manual WINDOWS\INFPUB.DAT Removal Instructions

The WINDOWS\INFPUB.DAT infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the WINDOWS\INFPUB.DAT infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down WINDOWS\INFPUB.DAT related processes in the computer memory

STEP 2: Locate WINDOWS\INFPUB.DAT startup location

STEP 3: Delete WINDOWS\INFPUB.DAT traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down WINDOWS\INFPUB.DAT related processes in the computer memory

• Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Carefully review all processes and stop the suspicious ones.

• Write down the file location for later reference.

Step 2: Locate WINDOWS\INFPUB.DAT startup location

Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

Clean WINDOWS\INFPUB.DAT virus from the windows registry

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”

• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:

Step 4: Undo the possible damage done by WINDOWS\INFPUB.DAT

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for WINDOWS\INFPUB.DAT, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

• Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
• go to Network and Internet
• then Network and Sharing Center
• then Change Adapter Settings
• Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!

 

• Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove WINDOWS\INFPUB.DAT Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.