EbolaRnsmwr Ransomware Removal Guide

Do you know what EbolaRnsmwr Ransomware is?

Ransomware infections continue to be one of the most commonly developed computer threats these days. EbolaRnsmwr Ransomware is among the ransomware infections detected the most recently by specialists. It is not doubt quite a dangerous infection, but it will not necessarily lock files on your computer if you ever encounter it. At the time of analysis, it encrypted files in only one folder – the Test folder placed on Desktop. Most likely, ordinary users will not keep this folder on their Desktops. As a consequence, even if they encounter EbolaRnsmwr Ransomware, they will not find their files encrypted. What this also shows is that this ransomware infection is still in development, according to our research team. Without a doubt, the malicious application might be finished one day and start encrypting users’ files no matter where they are located. Ransomware infections usually demand money from users, no matter they lock files on affected computers or not, but it does not mean that users should transfer money to them. You simply do not know whether your files will be unlocked even if you make a payment. Needless to say, it is pointless to pay for the decryption of files that have not been even encrypted, so if you have encountered the same version of EbolaRnsmwr Ransomware analyzed by our specialists, the only thing you need to do is to completely remove the malicious application from the system.

EbolaRnsmwr Ransomware immediately disables Task Manager and changes Wallpaper once launched. Then, it searches for a folder named Test placed on %USERPROFILE%\Desktop. If the folder is found and it contains files in .txt, .doc, .xls, .mp4, .mp3, .pptx, .odt, .png, .html, .jpg, .psd, .gif, .css, and some other popular formats, they get encrypted immediately. The ransomware infection adds the .101 filename extension to all encrypted files, for example, picture.jpg.101, but you will probably not notice any changes applied to your files because you will most likely not even have such a folder with files placed on your Desktop. One of the main symptoms that EbolaRnsmwr Ransomware is the one that has entered the system is a window with red borders opened on Desktop. It contains a lengthy message for victims. It is mainly used to explain users what has happened to their computers and how they can fix the problem they have encountered. Even though the ransomware infection will try to convince you that your files have been encrypted, it is very likely that your files have not been touched so do not rush to send money to cyber criminals behind the threat. Unlike some other threats recently analyzed by our malware researchers, EbolaRnsmwr Ransomware does not demand money. Users are told that only Amazon gift cards will be accepted.EbolaRnsmwr Ransomware Removal GuideEbolaRnsmwr Ransomware screenshot
Scroll down for full removal instructions

What about the EbolaRnsmwr Ransomware distribution? Well, it does not seem that this threat is distributed actively. This is probably because it is still in development. Of course, we cannot guarantee that it will not become a prevalent computer threat in the future, so if you have not encountered it yet, it does not mean that you cannot encounter it in the future. Of course, there are a few security measures that can help you to prevent the entrance of this malicious application. First, never open any email attachments sent to you from senders you cannot recognize and know nothing about. Second, it is only a question of time when you will encounter malware if you download tons of pirated software from dubious websites.

EbolaRnsmwr Ransomware has disabled your Task Manager, dropped several files on your computer, and launched malicious processes for them if you have encountered it, so you will have to take care of them all to delete the ransomware infection fully. You will find instructions that will help you do this provided below.

Remove EbolaRnsmwr Ransomware manually

  1. Press Win+R.
  2. Type gpedit.msc.
  3. Click OK.
  4. Access User Configuration.
  5. Click Administrative Templates.
  6. Access System.
  7. Open Ctrl+Alt+Del Options.
  8. Double-click on Remove Task Manager.
  9. Set Not Configured and click OK.
  10. Delete the malicious file, aka the malware dropper.
  11. Press Ctrl+Shift+Del.
  12. Under Processes, locate the process with the EbolaRnsmwe description.
  13. Right-click on this process and select Open File Location.
  14. Kill the malicious process and delete the malicious file associated with the process.
  15. Kill the process named 000payload.exe via Task Manager.
  16. Delete the malicious file 000payload.exe from %APPDATA%.
  17. Remove READ_ME.txt from %USERPROFILE%\Desktop.
  18. Go to %USERPROFILE%\Documents and delete pass.decrypt.
  19. Change your altered Wallpaper.
  20. Empty Recycle Bin.
  21. Perform a system scan with a diagnostic antimalware scanner.

In non-techie terms:

EbolaRnsmwr Ransomware is a malicious infection you might encounter one day if you act carelessly and your computer is not protected against malware at all. It has been developed to lock users’ files and then demand a ransom, but since it is still in development, it encrypted files in only one folder (named Test) at the time of analysis. The encountered ransomware infection must be removed fully ASAP. Do not wait until it gets an update and locks your personal files.