Project57 Ransomware Removal Guide

Do you know what Project57 Ransomware is?

Project57 Ransomware might be an incomplete project because its ransom notes claim the user can get decryption tools for 0 Bitcoins. It is the same as giving decryption tools free of charge, which is unlikely to happen as most ransomware applications are created for money extortion. In some cases, sums reach a couple of thousands, although more often it is under five hundred US dollars. Having this in mind, we suspect this malicious application might be unfinished, or the hackers intend to ask for money when the user contacts them via email. Either way, our computer security specialists advise deleting Project57 Ransomware from the system. There is no point in leaving it unattended if you have no intention to put up with any demands, not to mention it could be risky. To eliminate it manually you should locate the malware’s created data, and the removal guide available below can help you with this task.

Usually, threats like Project57 Ransomware enter the system through malicious email attachments, installers, updates, or other questionable data from the Internet. Thus, to keep the system safe from malicious applications alike, users have to be extra careful with files obtained from unreliable sources. Naturally, it is safer to avoid downloading files from suspicious sources at all. As for data received via email, you should always inspect the sender’s line as well as the message the data comes with to search for clues that could give away it might be harmful. It is even easier and faster to determine whether the file is malicious or not if you scan it with a reputable antimalware tool. Thus, having a security tool, you could trust, would make it much easier to keep the computer safe.Project57 Ransomware Removal GuideProject57 Ransomware screenshot
Scroll down for full removal instructions

Our researchers say Project57 Ransomware was created while using a tool called Php2Exe, which is why it can work only alongside a specific DLL file that should be named php5ts.dll. This file should be placed in the same directory where the malware’s launcher is downloaded. Afterward, the threat is supposed to start encrypting user’s files. It looks like it targets only the data located in the %USERPROFILE% directory and its subfolders. Once affected, the file ought to be marked with the .[].костя баранин extension. Next, Project57 Ransomware should create a few files containing the ransom note on the user’s Desktop. Also, it might open a window containing the same message, according to which, the user’s files were encrypted, and to decrypt them he has to pay 0 Bitcoins in the specified Bitcoin account, before contacting the hackers via email.

Since the ransom note is written in Russian, it is more likely the threat is targeted at users speaking this language only. However, the fact the asked sum is zero makes us wonder whether the malware is being distributed yet, as it could be just a test version. Nonetheless, if you encounter it, we recommend deleting Project57 Ransomware with the removal guide available below or a legitimate antimalware tool of your choice.

Eliminate Project57 Ransomware

  1. Click Ctrl+Alt+Delete simultaneously.
  2. Pick Task Manager.
  3. Take a look at the Processes tab.
  4. Locate a process associated with this malicious program.
  5. Right-click it and choose Open File Location.
  6. Do not close the opened File Explorer window; put it aside for a moment.
  7. Select the malware’s process in the Task Manager and tap the End Task button.
  8. Go back to the File Explorer window opened before.
  9. Search for an .exe file that has the same name as the process you just ended.
  10. Right-click the malicious .exe file and select Delete.
  11. Find a file called php5ts.dll in the same location, right-click it and press Delete.
  12. Navigate to %USERPROFILE%Desktop
  13. Find files called DECRYPT.HTML and DECRYPT.TXT, right-click them and press Delete.
  14. Close File Explorer.
  15. Empty Recycle bin.
  16. Restart the computer.

In non-techie terms:

Project57 Ransomware is a file-encrypting threat, which means it should encipher victim’s data and then show a ransom note offering decryption tools in exchange for payment. The strangest part with this infection is its message claims the user has to pay 0 Bitcoins. It could be a mistake or a clever tactic to make victims contact the malware’s developers, as who would not want to recover their data for free. Also, it could mean the threat is still in development. What we recommend is erasing it from the system with the removal guide available a bit above this text or a chosen antimalware tool. Putting up with the hacker’s demands is always risky as they may attempt to scam you. Besides, if you have backup copies, you do not need any decryption tools as you can easily replace encrypted files with their copies. This is why our computer security specialists always recommend saving copies of precious files in removable media devices or cloud storage for emergencies such as this. Of course, before accessing your backup make sure the computer is malware-free for safety purposes.