Home / Spyware Help / Scarab-Good Ransomware Removal Guide

Scarab-Good Ransomware Removal Guide

by 0 Comments

Do you know what Scarab-Good Ransomware is?

New variants of the infamous Scarab Ransomware keep popping up, and Scarab-Good Ransomware is the latest one to join the family. This infection, just like all others that came before it, has three main tasks: To invade an operating system, to encrypt personal files, and to introduce victims to the ransom demands. Unfortunately, it is programmed to do just that, and it can be completely successful if only the victim is tricked into executing the launcher of the infection. Who in their right mind would ever execute malware themselves? Unfortunately, the threat can conceal itself, and users execute it without realizing it. In most cases, ransomware is spread via attachments sent in spam emails, and so you have to be extra cautious about those. If you let the malicious ransomware in already, you must delete it as quickly as possible, but that will not save files if they are encrypted already. Continue reading to learn more about this, as well as how to remove Scarab-Good Ransomware.

After invasion, Scarab-Good Ransomware starts encrypting files almost immediately. It not only encodes the data of the files to render them unreadable but it also renames them and attaches the “.good” extension to their names. The renamed files are impossible to miss because they have long strings of random characters. If all of your files are dumped into one folder, you might have a hard time figuring out which files were corrupted. In every folder with corrupted files, you should also find a file called “HOW TO RECOVER ENCRYPTED FILES.TXT.” Because it has a normal name, it should be easy to spot. You are free to delete this file but keep in mind that it is not malicious. Also, it holds the message from the creator of Scarab-Good Ransomware, and you might be interested in that. That being said, you need to be extremely cautious about what you do with the information you are handed via the text file.Scarab-Good Ransomware Removal GuideScarab-Good Ransomware screenshot
Scroll down for full removal instructions

The message created by Scarab-Good Ransomware after the encryption of files informs that files were encrypted, and victims might have a hard time understanding what has happened without this message. Then, the message introduces users to a messaging service (bitmessage.ch) and lists an address (BM-2cUPRnXJRuFYKcDUCLugjrCPY58nrvHrAV@bitmessage.ch), using which victims can communicate with cyber criminals. It is stated that if you send an ID code (also listed in the message) along with 1-2 encrypted files, a price for a “decryption tool” will be revealed. We cannot say whether or not the ransom is big, but we can tell you that paying it would be a mistake. You want to focus on the removal of Scarab-Good Ransomware and not the ransom because cyber criminals cannot be trusted to keep promises.

It is very helpful if you know where the .exe file of the ransomware is. If you know it, you probably can successfully delete Scarab-Good Ransomware yourself. If you do not know where this file is, you should leave manual removal for another occasion. Instead, we suggest using the assistance of anti-malware software. It will quickly examine your system and delete every malicious component. If you are not sure about investing in anti-malware software, keep in mind that you are always at risk, and threats just like Scarab-Good Ransomware could attack you sooner or later.

Remove Scarab-Good Ransomware

  1. Delete the launcher of the ransomware (name and location are unknown).
  2. Launch Explorer (tap Win+E) and enter %APPDATA% at the top.
  3. Delete a file named OSK.exe if it still exists (should delete itself after encryption).
  4. Delete all copies of the HOW TO RECOVER ENCRYPTED FILES.TXT files (multiple locations).
  5. Launch RUN (tap Win+R) and enter regedit.exe to launch Registry Editor.
  6. Go to HKEY_CURRENT_USER\Software.
  7. Delete a [random name] key that is linked to the infection.
  8. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  9. Delete a [random name] value that is linked to the HOW TO RECOVER ENCRYPTED FILES.TXT file.
  10. Empty Recycle Bin and then perform a final system scan to check for leftovers.

In non-techie terms:

You cannot waste any time if you discover Scarab-Good Ransomware on your operating system. If you catch this threat in time, you might be able to remove it before it encrypts your files, but if your files are encrypted already, we do not have good news for you. There are no solutions we can offer you at this moment, and the decryption tool offered by the creator of the ransomware cannot be trusted. All they want is to get your money, and that is why the infection was created in the first place! Some users might have success deleting Scarab-Good Ransomware manually, but we advise using anti-malware software. Install it, let it scan and delete infections, and then keep it updated to ensure full-time protection thereafter.