1 of 2
Danger level 9
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Connects to the internet without permission
  • Shows commercial adverts
  • Normal system programs crash immediatelly
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Redshitline Ransomware

Redshitline Ransomware is a type of Trojan whose job is to encrypt important files on your computer and demand that you pay a ransom in return for the decryption key that only the people who control Redshitline can provide. Chances are, however, that you might not receive the key after you pay. Therefore, all you can do is remove this infection and try to restore your files from backups stored on other storage media, or what have you. In this article, we are going to discuss how this ransomware works, how it is disseminated, and, most importantly, how to delete it.

First and foremost, we want to inform you that your computer probably became infected with this ransomware after you opened a malicious email attachment. The attachment can contain anything from a self-extracting file archive to Microsoft Word document with enabled macros to a simple executable file that drops Redshitline Ransomware’s payload which is then run automatically. You probably did not even notice that something was going on in the background, a mark of a ransomware made by professional hackers.

However, when this infection springs into action everything becomes apparent. Redshitline Ransomware will scan your computer for certain file types, such as zip, 7z, rar, m4a, qt, 3g2, and so on. Furthermore, it will add its extension .IDB4500913.redshitline@india.com.xtbl to each encrypted file. Nevertheless, it will skip predetermined folders that contain essential files for running the operating system because it is not in the interest of its owners to make your computer unusable. This particular ransomware uses the RSA-2048 encryption algorithm. RSA is a cryptosystem that was used for secure data transmission, but for the last decade or so malware developers have used it to encrypt files to extort money. 2048 indicates the length of the encryption key. In this case, it is a 2048-bit key which is reasonably secure, and thus, extremely difficult to crack. To date we do not know of any third-party software that could decrypt the files once they have been encrypted by Redshitline Ransomware.

Once the encryption process is complete, the ransomware will change your computer’s desktop wallpaper and drop a text file named How to decrypt your files.txt in every folder that contains an encrypted file. This text file contains instructions on what to do to get the decryption key. This ransomware’s developers try to pressure you to take hasty steps by claiming that if you do not reply to the provided email address (Redshitline@india.com or Redshitline@aol.com) it will be too late, and you will not be able to decrypt the files. This is probably true, but we urge you not to rush in and pay the ransom because it is more than likely that you will not receive the decryption key.

Now let us delve deeper into the technical information regarding Redshitline Ransomware. We have tested this ransomware’s sample and found that its point of execution is located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. This ransomware’s subkey name is random (e.g. rvpjmcnd) but its Value Data is C:\Windows\System32\5aba34027d2db0e1cffda281021c61903cac21f3759fc045278480204138b647.exe. Note that the random name of the executable may also differ. Furthermore, the aforementioned directory is where this ransomware is located. So now that you know what this ransomware can do and where it is located, it is high time to move to its removal process.

As dangerous as Redshitline Ransomware can be, you can get rid of it without having to use antimalware software. Our test has shown that you can delete its executable file at C:\Windows\System32 and its point of execution registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. So feel free to consult the instructions below. Alternatively, you can use our recommended antimalware application called SpyHunter. In closing, we want again want to stress that if you pay the ransom, you may still not get your decryption key, so we suggest not taking this risk.

How to remove this ransomware

  1. Simultaneously press Windows+R keys.
  2. Type regedit in the resulting window.
  3. Click OK.
  4. In Registry Editor, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  5. On the right side of the window, locate and delete the randomly named string whose Value Data is C:\Windows\System32\5aba34027d2db0e1cffda281021c61903cac21f3759fc045278480204138b647.exe
  6. Close Registry Editor.
  7. Then, simultaneously press Windows+E keys.
  8. In the Explorer window’s address bar enter C:\Windows\System32
  9. Locate 5aba34027d2db0e1cffda281021c61903cac21f3759fc045278480204138b647.exe
  10. Right-click on this executable file and click Delete.
  11. Empty the Recycling bin.
  12. Done.

Removal using anti-malware software

  1. Launch your web browser.
  2. Go to http://www.pcthreat.com/download-sph
  3. Download our recommended antimalware scanner.
  4. Install and run the program.
  5. Perform a full system scan.
  6. Click Fix Threats.
Download Spyware Removal Tool to Remove* Redshitline Ransomware
  • Quick & tested solution for Redshitline Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.