Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Coban Ransomware

Coban Ransomware might belong to the CryptoMix Ransomware family. Consequently, it is quite similar to other malicious programs from the same family, for example, Mole Ransomware, CryptoShield Ransomware, Revenge Ransomware, and so on. According to our computer security specialists who tested the malware, it can lock almost all data located on the infected computer. Thus, it is safe to say the threat is highly malicious and could cause its victims a lot of damage. If you are one of them, we recommend reading the rest of the article and learn more about Coban Ransomware. Users who choose to eliminate the threat should know there will be deletion instructions located at the end of the text to guide them through the removal process. What’s more, if you have any questions you can post a comment just below the instructions.

After entering the system, the infection is supposed to create a couple of executable files called BC0EBCF2F2.exe or similarly in the %ALLUSERSPROFILE% and %ALLUSERSPROFILE%\Application Data directories. Then, Coban Ransomware could add a couple of Registry entries in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce paths. These two Registry entries allow the threat to auto-start with Windows. It means the malware could launch itself automatically every time you turn on the computer. Soon after it is launched, it should start the encryption process, during which it is supposed to lock all data expect the files located in the Windows and Program Files directories. Therefore, after the encryption process, the user might be unable to launch a lot of various files and not just his personal data, for example, photos, pictures, videos, etc.

All encrypted files are not only marked with an additional .coban extension but also renamed. The new title should consist of 32 random letters and numbers, for example, 0AE2C47210495B46345CAE8D130F3F8E.coban. Moreover, once Coban Ransomware finishes locking user’s files, it should drop copies of a text document called _HELP_INSTRUCTION.TXT in most of the directories containing encrypted data. The message inside of it explains that “All your files are already encrypted due to a vulnerability in the system!” It is not completely untrue because the fact the malware was able to get it might mean the computer is not protected enough. It could also mean you might be a bit too careless when it comes to opening email attachments, software, installers, and other data downloaded from the Internet since most of the ransomware applications are distributed through Spam emails, questionable file-sharing web pages, malicious websites, etc.

Furthermore, the mentioned text document or the malware’s ransom note states that “For decoding it is necessary to pay ransom by bitcoins” and asks to contact Coban Ransomware’s creators via email. You should know that it is your choice whether you wish to deal with these people as well as the fact there are no guarantees they will help you even if you pay the ransom. The hackers might just not bother to send you decryption tools, or they could try to extort even more money from you. In other words, if you are not prepared to risk your savings you may have no other option but to live without the encrypted files or wait and hope the volunteer IT specialists manage to create a free decryption tool. Another way to restore data without paying the ransom is to use the copies you could have on cloud storage, removable media devices, social media accounts, and so on.

It is important to know that before attempting to recover encrypted files from backup it is advisable to erase the malicious application first. As you see as long as it is on the system and can launch itself automatically after each restart, there is a possibility it might damage newly added files too. To remove Coban Ransomware manually, you could follow the instructions located below the article. The second option would be to install a reliable antimalware tool and do a full system check-up. After the system is scanned, the tool should allow you to erase any identified threats jus by clicking the provided deletion button. Clearly, this way of removing the malware could be more beneficial since you may get rid of other potential threats too. Plus, if the tool is kept up to date it might be able to protect the computer in the future.

Eliminate Coban Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. See if you can find a process belonging to the malware.
  4. Select this process and press End Task to kill it.
  5. Exit Task Manager.
  6. Tap Win+E.
  7. Navigate to the listed directories:
    %ALLUSERSPROFILE%\Application Data
  8. Find files called BC0EBCF2F2.exe, right-click them and select Delete.
  9. Exit File Explorer.
  10. Press Win+R, type regedit and tap Yes.
  11. Go to the provided locations:
  12. Look for value names called BC0EBCF2F2, right-click them and press Delete.
  13. Exit Registry Editor.
  14. Empty Recycle Bin.
  15. Restart the computer.
Download Spyware Removal Tool to Remove* Coban Ransomware
  • Quick & tested solution for Coban Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.