Scarab-Cybergod Ransomware Removal Guide

Do you know what Scarab-Cybergod Ransomware is?

Scarab-Cybergod Ransomware is a new version of the Scarab Ransomware, and it attaches a unique “.CYBERGOD” extension to the files it encrypts. Unfortunately, the infection also changes the names of the files it corrupts, and that might create problems identifying lost files and assessing the overall damage. Of course, even if you knew all names of the corrupted files, you would not be able to do anything to restore them, but you would be able to check if copies exist on external and/or online backups. We truly hope that backups exist; otherwise, you are in a tough situation. Why? Well, as we have already established, decrypting files is not possible, and free decryptors do not exist. Can you rely on the creator of the ransomware? That is very unlikely. Overall, we strongly suggest focusing on the removal of Scarab-Cybergod Ransomware first and foremost.

There are a few variants of the malicious Scarab encryptor, including Scarab-Deep Ransomware, Scarab-Bomber Ransomware, and Scarab-Oblivion Ransomware. These infections are usually named after the extensions that are added to the encrypted files. The encryption, unfortunately, is a silent process, and you are unlikely to notice the threat in action. On the contrary, you are likely to find it only after it introduces itself to you. It does that using a file named “From Jobe Smith.TXT,” and it should be created in every folder containing encrypted files. Note that it is perfectly safe for you to open this file, but you should delete all copies when you start the removal operation. The message in the file simply asks to send an ID and make an offer at or If you do that, you might put yourself in bigger danger, and the creator of the ransomware might ask you to pay money for a decryptor that is unlikely to be given to you anyway.Scarab-Cybergod Ransomware Removal GuideScarab-Cybergod Ransomware screenshot
Scroll down for full removal instructions

Scarab-Cybergod Ransomware also changes the Desktop wallpaper using a {random name}.bmp file created in the %UERPROFILE% directory. The file represents an image of a man, and two lines (“I AM CYBER GOD” and “I AM LAWNMOWER MAN”) are displayed on top. The time you discover this image might be the time you realize that malware has slithered in first. Needless to say, removing the BMP file and changing the Desktop wallpaper back to normal should not be difficult at all. The most complicated part is the decryption of files, and we have already established that it is unlikely that it would be possible to recover corrupted files. Therefore, corresponding with cyber criminals and sending them money is not something we recommend doing. Instead, you should focus on deleting Scarab-Cybergod Ransomware. Besides that, you also want to think about the security issues that you could be facing.

If Scarab-Cybergod Ransomware managed to slither in, there is a good chance you opened a corrupted file sent to you via email or that your operating system is vulnerable and can be attacked by malware in other ways. Without a doubt, you want to think about that before you delete Scarab-Cybergod Ransomware from your Windows operating system. While it might be very easy for you to remove this malicious infection manually – which you can do following the instructions below – you certainly could benefit from employing an anti-malware program. First and foremost, it would automatically find and remove all malicious components. Furthermore, it would keep your operating system protected.

Remove Scarab-Cybergod Ransomware

  1. Simultaneously tap Win+E to launch Windows Explorer.
  2. Enter %APPDATA% into the bar at the top.
  3. Right-click and Delete the file named helper.exe.
  4. Enter %UERPROFILE% into the bar at the top.
  5. Right-click and Delete the {random name}.bmp file that represents the Desktop wallpaper.
  6. Also, right-click and Delete the file named From Jobe Smith.TXT. Note that you must remove all copies.
  7. Simultaneously tap Win+R to launch RUN.
  8. Type regedit.exe and click OK to launch Registry Editor.
  9. Navigate to HKEY_CURRENT_USER\Software\.
  10. Right-click and Delete the {random name} key that is associated with the ransomware.
  11. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  12. Right-click and Delete the {random name} value linked to the From Jobe Smith.TXT file.
  13. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  14. Right-click and Delete the value named whelp that is linked to the helper.exe file.
  15. Exit all windows and then Empty Recycle Bin.
  16. Perform a full system scan using a legit malware scanner to check if your Windows system is clean.

In non-techie terms:

We're sure you need no explanation as to why deleting Scarab-Cybergod Ransomware is important. This infection is malicious, and its creator is not trying to hide that. The threat was created to encrypt your personal files, and when it does that, it asks you to communicate with the creator to obtain a decryptor. Without a doubt, you would be asked to pay a ransom if you did that, and doing that is not recommended at all. In this situation, you can accept the loss of your files, or you can lose your money as well. Whichever path you choose, you must remove Scarab-Cybergod Ransomware, and you can do that manually or using anti-malware software. While it should not be hard to erase this threat manually, employing an anti-malware program can be extremely beneficial. After all, you do not want to face another file encryptor or a different kind of malware in the future, do you?