Click on screenshot to zoom
Danger level 5
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Shows commercial adverts
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Genocheats Ransomware

No doubt, Genocheats Ransomware is a vicious threat all users would like to avoid as it can ruin a lot of files. Apparently, it damages data by encrypting it with a secure cryptosystem to make it unreadable. Consequently, the user should be unable to launch such files. Unfortunately, if you have no backup copies, the only way to recover the locked data is to get a decryption tool. The problem is the malicious application’s developers demand their victims to pay for it, and in such situations, there are no reassurances, so even if you act according to the provided instructions, it does not guarantee you will be able to recover any data. In any case, if you do not plan on putting up with the hackers' demands we encourage you to slide below and learn how to remove Genocheats Ransomware at once. As for those who would like to receive a bit more information about the malware we encourage you to continue reading this article.

At the moment of writing, there is still no information on how this malicious application is being distributed. Nonetheless, this is not the first time we are encountering such a threat, and so our researchers have a few possible distribution channels they could mention, for example, Spam emails, harmful file-sharing web pages, malicious pop-up ads, etc. Therefore, to keep away from malware similar to Genocheats Ransomware, we would recommend checking attachments received from unfamiliar senders with a reliable antimalware tool first. Additionally, you should stay away from sites that could be harmful and try not to interact with any suspicious pop-up ads.

If the malicious application manages to get in, it should create a copy of itself in the %HOMEDRIVE%\{user name} directory. Then, the malware is supposed to erase the file that infected the system and start the encryption process. Our researchers say it may target %USERPROFILE% and its subfolders, for example, Desktop, Links, Contacts, Music, and so on. Besides the mentioned directory on the C disk, it is quite possible, Genocheats Ransomware could target folders located on the other disks, although we cannot be one hundred percent sure. What’s more, files that get locked might get a second extension called .encrypted, for example, document.docx.encrypted, photo.jpg.encrypted, etc.

Afterward, the infection should download a specific picture from the Internet and rename it to ransom.jpg. Our researchers say, the mentioned picture should become the infected computer’s new Desktop picture. The text on it claims the malicious application encrypted all files and the user can only decrypt them by paying a ransom of 10 US dollars. Once the requested sum is paid in Bitcoins, the user is asked to contact Genocheats Ransomware’s creators via email. As you see they promise that their reply letter will deliver specific decryption tools, bus as we explained earlier you cannot be one hundred percent sure they will hold to this promise. They may not bother to send the decryption tool or might not even have it. Not to mention, after seeing you are willing to pay they could try to ask for even more money.

If you do not want to take any chances, you should erase the malware and look for other ways to recover your data, for example, use backup copies, try various recovery programs, etc. One of the ways to eliminate Genocheats Ransomware is to remove all data associated with it manually. Naturally, such a task could be a bit complicated for less experienced users and for this reason we prepared step by step deletion instructions available a bit below this paragraph. Still, if the process looks too complicated even while following the given instructions, it would be advisable to use a reliable antimalware tool instead. Then all you would have to do is scan the computer with it and press the provided deletion button that should appear right after the scan. If you want to ask more about the malicious application or its removal you could also leave a question at the end of this page.

Eliminate Genocheats Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Go to the Task Manager.
  3. Find the malware’s process.
  4. Mark this process and click End Task.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Navigate to:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. Check if the malicious program’s launcher is still there.
  9. If it is; right-click it and press Delete.
  10. Then navigate to %HOMEDRIVE%\{user name}
  11. Look for a file called local.exe, right-click it and press Delete.
  12. Go to %HOMEDRIVE%\user
  13. Find a folder called Rand123 and containing a file titled lsass.exe.
  14. Right-click the whole folder (Rand123) and press Delete.
  15. Stay in the same directory (%HOMEDRIVE%\user).
  16. Locate a file called ransom.jpg and erase it as well.
  17. Close File Explorer.
  18. Empty your Recycle bin.
  19. Reboot the system.
Download Spyware Removal Tool to Remove* Genocheats Ransomware
  • Quick & tested solution for Genocheats Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.