1 of 2
Danger level 8
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Grand_car@aol.com Ransomware

Grand_car@aol.com Ransomware announces its appearance on the system by replacing user’s usual Desktop image with Decryption instructions.jpg. As the text says, the malware encrypts all data and requests users to email the malware’s creators. Our researchers have seen such behavior while testing other ransomware applications, such as Meldonii@india.com Ransomware, Green_ray Ransomware, Redshitline Ransomware, and others. The worst thing about these infections is that they encrypt not only the personal data but also program files. It means that you might be unable to use your private data or launch some of the software, which you downloaded or purchased yourself. Sadly, it is impossible to decrypt any files at the moment, so we would advise users to get rid of the malware. Grand_car@aol.com Ransomware can be eliminated with the instructions below or a legitimate antimalware tool. For more details about the threat, read the full article.

The malicious program locks files with the RSA-2048 cryptosystem. Each enciphered file gets a unique additional extension. For example, a PDF document named as text.pdf could look like text.pdf.id-A5611024.grand_car@aol.com.xtbl after its encryption. It is worth to mention that the malware can encrypt any data, although it skips system files. In other words, after the infection, your computer should be able to load the operating system and a few other programs created by Microsoft. Thus, without the decryption tool, all other software on the computer would have to be reinstalled. As for the encrypted personal files, they can be recovered from removable media devices, cloud storages, and so on.

Grand_car@aol.com Ransomware might be spread in other ways too, but it is most likely distributed through Spam emails. Such emails should deliver an infected file to the malware’s victims. The attachment might have a title that provokes the user to open it, or it could be a fake invoice or any other document. Therefore, no matter how curious you are, if the email was categorized as spam, you should take extra precautions. For instance, you could try to scan the attached file with an antimalware tool. On the other hand, if it does not seem to be important, users should simply avoid such data.

Once you launch the infected file, it might be too late, as Grand_car@aol.com Ransomware would start placing its data on the computer. Later it encrypts your files and changes the Desktop wallpaper. In addition, the malware should place a text document named as Decryption instructions.txt. Both the text document and wallpaper contains the same information. It says that your data is locked, and you need to use this email address grand_car@aol.com to contact the malicious program’s creators. The email from them should state how much the user needs to pay for the decryptor. Also, it might include instructions on how to transfer the money. We advise against paying the ransom, although it is your choice. Nevertheless, we have to warn users that Grand_car@aol.com Ransomware’s developers may not necessarily give you the decryptor. It happens from time to time that users pay the ransom, but they do not get anything in return. You have to realize that there are no guarantees, and you will not be able to get any money back once you make the payment.

If you do not want to pay the ransom, you could recover locked data from backup. In case there are no copies at all, users could leave the encrypted data and see if someone from volunteer IT specialists will manage to create a working decryptor. Nonetheless, first of all, it might be better to take care of the infection. It creates a lot of files on the computer and quite a few Registry entries. If you are up for the task, slide below the article and try to erase the malicious data manually with our recommended removal steps. However, it could be easier to eliminate it with a trustworthy antimalware tool. Its scanning feature should locate all files related to Grand_car@aol.com Ransomware. After the scan, the tool would present a deletion button that you need to click only once, and the threat will be erased. Also, do not forget that you can leave us a question below the article if you want to learn anything else about the infection.

Eliminate Grand_car@aol.com Ransomware

  1. Press Win+E to launch the Explorer.
  2. Locate the following paths one by one:
    %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  3. Search for executable files with random titles that belong to the malicious program.
  4. Right-click each file separately and press Delete.
  5. Close the Explorer.
  6. Press Win+R, type regedit and click Enter.
  7. Navigate to: HKCU\Control Panel\Desktop
  8. Locate a value name titled as Wallpaper.
  9. Right-click it, select Modify and instead of Decryption instructions.jpg type title of any other picture.
  10. Locate this directory: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers
  11. Search for a value name called BackgroundHistoryPath0.
  12. Right-click it, select Modify and replace Decryption instructions.jpg with any other wallpaper you like.
  13. Find the following path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  14. Locate value names with random titles (their value data should point to %WINDIR%\Syswow64\*.exe and %WINDIR%\System32\*.exe).
  15. Right-click these value names separately and press Delete.
Download Spyware Removal Tool to Remove* Grand_car@aol.com Ransomware
  • Quick & tested solution for Grand_car@aol.com Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.