Sad Computer Ransomware Removal Guide

Do you know what Sad Computer Ransomware is?

It is sad indeed if Sad Computer Ransomware finds its way into your operating system. This devious infection not only encrypts files but also can delete them. According to our research team, this threat is like a ticking bomb as it sets a timer of encrypted files. Once the time runs out, the corrupted files are eliminated. While that might sound like an awful thing, most likely, your files are gone even before they are erased. How come? The infection encrypts them using a complex encryptor, and unless you have a decryptor, restoring files is not possible. According to the attackers behind the threat, a ransom must be paid in return for the files, but we have to warn you that you are unlikely to see your files restored even if you pay double. That is why we suggest focusing on the removal of Sad Computer Ransomware.

If you have not faced Sad Computer Ransomware yet, make sure you stay away from suspicious websites, strange emails, and untrusted downloaders. You also want to make sure that all security updates are installed to ensure that no vulnerabilities are left exposed. If you did not take care of this, and the malicious threat got in already, your files must be encrypted already. The process is very quick and silent, and so you should realize that your files got corrupted only after you see the “.sad” extension attached to the encrypted files. However, before the files are encrypted, you might be shown an “Antivirus” pop-up with this message: “Are You Sure You want to install Antivirus software?” If you click “No,” your files should be spared, and if you click “Yes,” they should be encrypted. Afterward, a window entitled “Sad Computer” should show up to introduce you to the ransom note and a timer.Sad Computer Ransomware Removal GuideSad Computer Ransomware screenshot
Scroll down for full removal instructions

The message delivered via the infection’s window is also represented in a form of a text file named “sadcomputer_note.txt.” Copies of this file should be dropped everywhere along with encrypted files, and we recommend deleting every single one of them. The message is introduced as a QA, and it simply informs that encrypted files can be restored only after a ransom in paid in Bitcoin. On the left pane of the window, you can see the number of files encrypted, as well as the timer that shows how much time is left before the corrupted files are deleted. At the bottom, an address to the criminals’ Bitcoin Wallet is displayed, but there is no information regarding the sum of the ransom. Does that mean that the victim has to decide for themselves how much needs to be paid? We cannot know for sure. All in all, it is unclear how the attacker would identify the victim even if a specific sum was set, and so paying the ransom is definitely not recommended. At the time of research, the listed Bitcoin wallet (the address is 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2) had the total of 218 BTC received from 3455 transactions. Of course, it is hard to say how much – if any – was brought in by Sad Computer Ransomware.

Obviously, it is important to delete Sad Computer Ransomware from the operating system as soon as possible. This infection can be eliminated automatically using an anti-malware program. You could also try to get rid of it manually, but if you are not experienced, following the guide below might not be the best idea. On top of that, you also need to think about your virtual security, and that is something anti-malware software can take care of. Without a doubt, this is the software we recommend installing.

Remove Sad Computer Ransomware

  1. Delete every copy of the file named sadcomputer_note.txt.
  2. Launch Run by tapping Win+R keys at the same time.
  3. Type regedit and click OK to launch Registry Editor.
  4. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  5. Find the malicious value whose name represents your computer’s name.
  6. Right-click the value and choose Modify to access the Value data.
  7. Copy the location to the malicious [unknown name].exe file.
  8. Click OK, then right-click the value, and choose Delete.
  9. Launch Explorer by tapping Win+E keys at the same time.
  10. Paste the location of the .exe file into the field at the top.
  11. Right-click the [unknown name].exe file and choose Delete.
  12. Empty Recycle Bin and then perform a full system scan using a legitimate malware scanner.

In non-techie terms:

You want to delete Sad Computer Ransomware immediately. If you are stuck in regards to your personal files, know that they will not be decrypted even if you pay a hefty ransom to the attackers. Sadly, it does not look like it is possible to decrypt files manually, and free software that could help does not seem to exist either. Hopefully, backups exist, and once the malicious Sad Computer Ransomware is removed, you can easily replace the corrupted files. Speaking of removal, while users might be able to delete the infection manually, our recommendation is that all victims employ anti-malware software that would not only eliminate ransomware but would also reinstate full-time security.