Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

.xtbl extension

New Scarab Ransomware variants just keep popping up, and the newest one attaches the unique “.xtbl” extension to all of the files that it encrypts. Due to this, this particular version of the threat is often known as “XTBL Ransomware.” However you choose to identify it, if you have found files with the added extension, you are in trouble. That is because once the files are encrypted, not much can be done about the issue. Sure, a decryptor is likely to exist, but you are unlikely to obtain it even if you obey cyber criminals and all of their demands. Unfortunately, you cannot eliminate the infection by removing .xtbl extension from the corrupted files. In fact, your files cannot be saved, and the only thing that can make the situation better is if you have backups of the corrupted files stored externally. Whether or not this is the case, you need to delete the malicious ransomware as soon as possible.

There are quite a few different versions of the Scarab Ransomware, including Pgpsnippet Ransomware, Scarab-Oblivion Ransomware, or Scarab-Horsuke Ransomware. All of these threats invade systems using disguises or with the help of malware and remote attackers. The variant we are discussing today could have slithered in without your notice as you opened a corrupted spam email attachment, or it could have been downloaded by another malicious infection that is active on your operating system. Note that if you do not see malware, that does not mean that it does not exist. Install a trusted malware scanner to confirm or deny the existence of other threats that might require removal. In fact, you should do this the moment you see the .xtbl extension attached to your personal files. Of course, in this situation, it is only natural if you try to figure out what is going on first, and a file named “IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT” is likely to help you with that. This file is created by the infection, and you should find it in all folders where corrupted files with the .xtbl extension exist.

The main message of the file is that you need to email a special ID code to This is an email address created by cyber criminals, and because of it, some users might recognize the threat by yet another name, “Joxe Ransomware.” A unique email address is the second thing besides the .xtbl extension that helps distinguish different Scarab Ransomware variants as unique threats. The ransom note informs that you can send two files so that they could be decrypted for free. Needless to say, this is meant to make you believe that decryption is possible. The bad news is that cyber criminals cannot be trusted, and so if you email them and then follow the instructions to pay a ransom, you are likely to find that your files are still corrupted and that the .xtbl extension is still attached to their original names. So, what should you do? If backups exist, all you need to do is remove the infection and all of the corrupted copies of your files. If backups do not exist, you should at least try to use legitimate file decryptors (they are unlikely to help). Besides that, you do not have other options.

The only good thing about this ransomware – if we can call it that – is that removing it is not difficult. That is because it is likely to delete itself after execution. Needless to say, you still need to double-check if that is the case because you do not want the remnants of malware to stay present. The guide below shows the most common location of the executable of this ransomware in case it does not eliminate itself. We have to remind again that you CANNOT remove the infection by deleting .xtbl extension from the corrupted files. If you have any queries about this malware, you can start a discussion in the comments section, and our malware researchers will be sure to join in.

.xtbl extension Ransomware Removal

  1. Simultaneously tap Win+E to launch Windows Explorer.
  2. Next, type %APPDATA% into the bar at the top and hit Enter.
  3. Look for ransomware files, and if they exist, Delete them.
  4. Delete all copies of the IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT file.
  5. Empty Recycle Bin to eliminate this malicious threat completely.
  6. Install a malware scanner you can trust and use it to perform a full system scan. If any remaining threats are found, delete them as soon as possible.
Download Spyware Removal Tool to Remove* .xtbl extension
  • Quick & tested solution for .xtbl extension removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.