Home / Spyware Help / Scarab-Bin Ransomware Removal Guide

Scarab-Bin Ransomware Removal Guide

by 0 Comments

Do you know what Scarab-Bin Ransomware is?

Scarab-Bin Ransomware is most likely a new file-encrypting infection from the Scarab Ransomware family. As the similar threats created before it, the malicious application was designed as a tool for money extortion. Once it enters the system, it seems the malware should start encrypting data precious to the device’s user. Later on, the shown ransom note should state the user can get decryption instructions if he contacts the infection’s developers. Sadly, it is most likely they would ask to a pay a ransom in exchange for their help. The worst part is by paying it one might end up being scammed since the hackers may take user’s money without bothering to help him. Therefore, our computer security specialists advice being extra cautious. For more information about Scarab-Bin Ransomware, we invite you to read our full report. As for erasing the malware, we can offer the removal guide available at the end of the main text.

For starters, we would like to talk about the malware’s distribution. Our computer security specialists suspect the threat could be spread through the same channels the other infections from Scarab Ransomware were distributed. To be more precise, we are talking about malicious Spam emails and unsecured RDP (Remote Desktop Protocol) connections. It means Scarab-Bin Ransomware could enter the system because of the user’s reckless behavior. Naturally, to avoid such malware in the future, we recommend updating outdated software and old password to reduce possible system’s vulnerabilities. Also, it would be a good idea to stay away from attachments sent by people or organizations you do not know. Especially, if the email urges to open the attached file by making you panic, for example, claiming some of your personal information was leaked, saying the system is in danger, and so on.

If the user launches the malicious file carrying Scarab-Bin Ransomware the system might get infected right away. The first thing the malware should do is create a couple of registry entries in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run directory. Plus, the threat could place a few other files in different locations. Such as an executable file called updlive.exe in the %APPDATA%\Microsoft\Windows directory or a randomly titled BMP file in the %USERPROFILE% location. The just mentioned picture should replace user’s Desktop wallpaper, and it might show a more or less the same message as the one you may find in a text document called HOW TO RECOVER ENCRYPTED FILES.TXT (should be placed in the same directory like the mentioned BMP file). We call it a ransom note because even though it does not ask to pay any ransom, it still provides instructions on how to get one’s data back.Scarab-Bin Ransomware Removal GuideScarab-Bin Ransomware screenshot
Scroll down for full removal instructions

The bad news is it might be not enough to contact the hackers behind Scarab-Bin Ransomware because usually such malware is created for money extortion. Meaning, the cybercriminals would most likely demand you pay a ransom if you want to decrypt the files the infection marked with .[mrbin775@gmx.de].bin extension, e.g., text.docx.[mrbin775@gmx.de].bin. As we explained in the first paragraph, there is not knowing if the hackers will hold on to their end of the deal. This is why for users who would not like to risk losing their savings we advise deleting Scarab-Bin Ransomware instead. To eliminate it manually one could follow the removal guide available below and get rid of it with automatic tools you should obtain a reputable antimalware tool.

Erase Scarab-Bin Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Go to the Task Manager.
  3. Find the malware’s process.
  4. Mark this process and click End Task.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Navigate to:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. See if you can locate an executable file launched before the computer got infected.
  9. Right-click the malicious file and press Delete.
  10. Then go to APPDATA%\Microsoft\Windows
  11. Look for an executable file that could be named updlive.exe.
  12. Right-click it and select Delete.
  13. Find this path %USERPROFILE%
  14. Delete the infection’s created BMP file (e.g., irPKqNYtrW.bmp) and text document called HOW TO RECOVER ENCRYPTED FILES.TXT.
  15. Close File Explorer.
  16. Press Windows Key+R.
  17. Type Regedit and select OK.
  18. Go to this location HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  19. Look for two value names: one of it might have a random title from letters, and the other one could be called Update Live.
  20. Right-click the described value names separately and select Delete.
  21. Close your Registry Editor.
  22. Empty Recycle bin.
  23. Reboot the system.

In non-techie terms:

Scarab-Bin Ransomware is a malicious application that may ruin all your precious photos, text documents, and other private data. Our computer security specialists who tested it report the malware encrypts user’s files with a strong encryption algorithm, which means the can be opened only if the user has a unique decryption tool and a decryption key. Unfortunately, to the victim, the listed means are available only to the infection’s developers, and we have no doubt they should ask to pay a ransom in exchange for decryption tools. The problem is there is not knowing if the threat’s developers will bother to deliver what they might promise. After all, once the payment is made, they can take it without having to send anything. It means if you agree to pay the ransom it will be impossible to get your money back even if the hackers scam you. Thus, we encourage our readers not to put up with any demands and eliminate this malicious application. To deal with it manually, you could follow the removal guide placed a bit above this text. However, if it looks a bit too complicated, you should not hesitate to employ a reputable antimalware tool instead.