Home / Spyware Help / Dever Ransomware Removal Guide

Dever Ransomware Removal Guide

by 0 Comments

Do you know what Dever Ransomware is?

Dever Ransomware is one of the Crysis/Dharma Ransomware family threats. If you find it on your system, it is likely that all of your photos, documents, and other important files are no longer readable. The malicious application encrypts them while using a robust encryption algorithm. Thus, such data can only be restored with specific decryption tools that, unfortunately, are in the malware creators’ possession. According to the threat’s ransom note, hackers are willing to trade decryption tools if victims agree to pay ransom. As you can imagine, such people cannot be trusted and if you deal with them, you could get scammed. Therefore, before deciding what to do, we advise you to read our full article to learn more about the malicious application. We also recommend checking the removal guide available below, if you are thinking about deleting Dever Ransomware manually.

Victims of threats like Dever Ransomware often wonder how such malicious applications manage to get in. That is because they are often disguised as harmless-looking text documents, installers of legit software or updates, and so on. Consequently, some users open such files without thinking that they could be dangerous and infect their devices unknowingly. Usually, malicious installers come from Spam emails, unreliable file-sharing web pages, and other questionable sources. Thus, one of the things we advise to you, if you want to stay away from potentially harmful files, is not to download or launch data that comes from such sources. Plus, we recommend scanning all files obtained from unknown senders or untrustworthy websites with a reputable antimalware tool to be sure they are not harmful.

What’s more, threats like Dever Ransomware often hide their presence in the beginning so that victims would notice them only when it is already too late. To be more precise, the malicious application might work in the background until it finishes encrypting all targeted files. During this process affected files should receive this extension .id[random characters].[lizethroyal@aol.com].Dever and become unreadable. After doing this, the malware should no longer hide its presence. Our researchers say that Dever Ransomware might create a ransom note called Info.hta and a document containing a shorter version of it called info.txt. Next, it should launch Info.hta to place a window with a ransom note on top of a victim's screen. The note should claim that users can get decryption tools for a price that will be determined after they contact the malware’s creators via email.Dever Ransomware Removal GuideDever Ransomware screenshot
Scroll down for full removal instructions

Furthermore, cybercriminals should offer to decrypt up to five files free of charge. While this may prove that they have the needed decryption means, it would still not guarantee that you would get the needed decryption tools. Thus, even if you put up with the hackers’ demands, there is still a chance they could scam you. If you do not want to risk your money for something you might not get, we advise against paying ransom. Also, we recommend deleting Dever Ransomware because it can auto-start with the system and each time that it does so, it could start encrypting new files. If you want to get rid of it manually, you could use the removal guide placed below. Naturally, if the task seems complicated, we encourage you to use a reputable antimalware tool instead.

Erase Dever Ransomware

  1. Restart the computer in Safe Mode with Networking.
  2. Press Windows Key+E.
  3. Navigate to these paths:
    %USERPROFILE%\Desktop
    %USERPROFILE%\Downloads
    %TEMP%
  4. Find the malware’s launcher (suspicious recently downloaded file), right-click it and select Delete.
  5. Check these locations:
    %LOCALAPPDATA%
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  6. Locate suspicious executable files that could belong to the ransomware, right-click them and press Delete.
  7. Go to:
    %USERPROFILE%\Desktop
    %HOMEDRIVE%
  8. Find files called Info.hta, right-click them and press Delete.
  9. Then find and delete files named info.txt.
  10. Close File Explorer.
  11. Press Windows Key+R.
  12. Type Regedit and click Enter.
  13. Navigate to these paths:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  14. Look for value names belonging to the malware, right-click them and press Delete.
  15. Close Registry Editor.
  16. Empty Recycle Bin.
  17. Restart your computer.

In non-techie terms:

Dever Ransomware is a harmful file-encrypting application that, without a doubt, was created for money extortion. This is why the malware’s creators programmed it to encrypt data that could be valuable to victims like photos, text files, videos, and so on. Once encrypted the files need a particular decryptor and a unique decryption key to be deciphered. Cybercriminals offer such means in exchange for Bitcoins. The price is unknown as hackers claim it will be decided after victims contact them. No matter how huge or small the sum could be, you should think whether you wish to risk losing it in vain. It could happen because despite the cybercriminals’ offer to decrypt a few files for free and their promises, there are still no guarantees that the needed decryption tools will reach you after you pay. Whatever you decide, we advise deleting Dever Ransomware with the removal guide available above or a reputable antimalware tool. We advise it because the malware can restart with the system and it might keep encrypting files every time it starts running again; it may affect new data.