Home / Spyware Help / Diablo_diablo2@aol.com Ransomware Removal Guide

Diablo_diablo2@aol.com Ransomware Removal Guide

by 0 Comments

Do you know what Diablo_diablo2@aol.com Ransomware is?

Diablo_diablo2@aol.com Ransomware is a threat built on the basis of the CrySIS Ransomware engine. It uses the RSA-2048 encryption algorithm so that it could enter the computer and then immediately lock files with an unbreakable key. This is not a unique thing – our specialists have found out that a bunch of other ransomware infections act the same too, e.g. Saraswati Ransomware, Green_ray Ransomware, and Ecovector3@aol.com Ransomware. All these infections, including Diablo_diablo2@aol.com Ransomware, focus on the encryption of the most valuable files, for example, documents, photos, and music files. They do that to obtain money from users in an easy way. We do not encourage you to pay money for cyber criminals since you do not have any guarantees that you will receive the decryptor after making a payment. There are, of course, free data recovery tools that might help you to unlock files available for download on the web, so you should try them first instead of transferring money cyber criminals require. Of course, the free tool might not help you to recover files too. In such a case, you should put those files in one folder and keep it until the free decryptor is released.Diablo_diablo2@aol.com Ransomware Removal GuideDiablo_diablo2@aol.com Ransomware screenshot
Scroll down for full removal instructions

Once Diablo_diablo2@aol.com Ransomware finishes encrypting files on a user’s computer, it places two files on the system: How to decrypt your files.txt and How to decrypt your files.jpg. The .txt file contains only one sentence DECRYPT FILES EMAIL diablo_diablo2@aol.com, whereas the .jpg file, which replaces the original wallpaper, contains the following text:

Your data is encrypted!!!

To return the file to an email email

diablo_diablo2@aol.com

Even though it is not that easy to understand what cyber criminals have in mind, one thing is clear – they want you to contact them by the provided email address. There is no doubt that they ask you to do so to be able to ask you to pay money for the decryptor. In most cases, cyber criminals ask users to pay money in Bitcoins so that they stay anonymous. If you have already contacted them, you probably already know that the decryptor is not a cheap tool. We suggest that you do not support cyber criminals by transferring money to them even though you need your files back badly because they might not send anything in exchange, i.e. you will not get the decryptor. Also, you might be able to recover your files free of charge. This is especially true if you have copies of your files on a USB flash drive or another external storage device.

Diablo_diablo2@aol.com Ransomware not only encrypts files and creates two files on the infected computer. Research has shown that this computer infection also places its executable file to several different directories. We know where these files can hide; however, the exact place of the .exe file is unknown, which makes it really hard to delete Diablo_diablo2@aol.com Ransomware manually. What is more, this computer infection makes modifications in the system registry. It modifies two Values (Wallpaper and BackgroundHistoryPath0) to change the Desktop wallpaper. Also, it creates the Value in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to be able to launch automatically, for example, after the computer restart. Unfortunately, this also means that it might scan the system again, find new files, and encrypt them all once again. To prevent this from happening, you need to delete this ransomware infection fully right now.

It is not easy to delete Diablo_diablo2@aol.com Ransomware manually, so we suggest using the manual removal guide you can find below. If you have never erased malicious software yourself, it will be easier for you to acquire the reliable antimalware scanner, e.g. SpyHunter and then open its scanner to perform the system scan with it.

Remove Diablo_diablo2@aol.com Ransomware

  1. Open Explorer.
  2. Find the .exe file that belongs to the ransomware infection in these directories (it will not be in all of them).
  • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
  • %WINDIR%\Syswow64\
  • %WINDIR%\System32\
  1. Open the Registry Editor (launch RUN, type regedit in the box, and click OK).
  2. Move to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  3. Delete the Value that has been created by the ransomware infection.
  4. Open HKCU\Control Panel\Desktop.
  5. Right-click on the Wallpaper Value and select Modify.
  6. Clear the Value data field and click OK.
  7. Right-click on the BackgroundHistoryPath0 Value in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers and select Modify.
  8. Empty the Value data field.

In non-techie terms:

Ransomware infections are on the rise, so you need to be very careful. Our security specialists have two pieces of advice for you. First, you should stay away from spam emails as cyber criminals use the spam mail to distribute ransomware. Secondly, you need to acquire the security tool. As long as it is active, malicious software will not be able to enter your computer.