Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Scarab-Glutton Ransomware

Scarab-Glutton Ransomware is another malicious application that may claim your files were encrypted due to some security problem with your computer. Needless to say, while it might be true the malware got in because the system was not protected enough, it does not mean it was legal to lock your files. Our researchers say the text document this threat drops is a ransom note as it suggests users who wish to get their files back would have to pay for it. Naturally, if you have no wish to put up with any demands or fund cybercriminals, we recommend paying no attention to their message and erasing Scarab-Glutton Ransomware at once. If you would like to try to remove it manually, you should check the instructions placed at the end of this text. Reading the article might be useful as well since in it we will discuss the threat’s distribution channels and other important details.

As usual for such infections, Scarab-Glutton Ransomware should be spread through unsecured RDP connections or malicious email attachments. This is why our researchers recommend being more careful when opening emails containing links or files sent by people you do not know or if such content comes unexpectedly and raises suspicion. Additionally, it would be wise to strengthen the system by installing a reliable antimalware tool on it. Besides, users should change old passwords that might be weak or compromised and update outdated tools.

If Scarab-Glutton Ransomware manages to enter the system the malware might create a few executable files in the %APPDATA% directory as well as some Registry entries in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software locations. According to our specialists, the threat’s value name created in the Run key might be used to make the infected computer relaunch the malicious application in case the victim restarts the computer. Consequently, the malware would start encrypting user’s files again after restart. It may not affect the data that is already locked, but it could damage files created after the infection appeared. In other words, if you received Scarab-Glutton Ransomware and you want to keep using the device, it affected it would be best to erase the malicious application first.

Furthermore, talking about the encryption process, it might take only a few minutes if the user does not have a lot of data on the computer and it could take much more if there are a lot of files to encipher. In any case, once the files are encrypted the user should not only notice they have an additional .glutton extension (e.g., photo.jpg.glutton), but also there could be a new Desktop picture. Not to mention, Scarab-Glutton Ransomware should drop a ransom note. As we explained earlier, it may claim the user’s files were encrypted because of specific security problems. What user should realize it was not done to protect their data. Unfortunately, the hackers who created this malware released this threat to extort money from anyone who encounters it.

The ransom note (text file named !!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT) does not say how much the user is supposed to pay, but even if it is a small amount of money we would advise you not to risk it. The hackers could lie about their intentions or in other words; they may not bother sending decryption tools even if they have them. For this reason, we recommend not to take any chances and erase the malicious application at once. The infection could be deleted manually if you complete the steps listed in the removal instructions located below. This task may appear to be complicated for less experienced users, and if it is the case for you, we would recommend downloading reliable antimalware tools instead. At first, you should let it perform a system scan so that it could detect Scarab-Glutton Ransomware and other possible threats. Then, you should wait for the results to be displayed and review the detections or click the removal button and get rid of them all at the same time.

Eliminate Scarab-Glutton Ransomware

  1. Tap Ctrl+Alt+Delete.
  2. Launch Task Manager.
  3. Look for the infection’s process.
  4. Select the malicious process and press End Task.
  5. Leave the Task Manager.
  6. Click Win+E.
  7. Find these locations:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  8. Look for the malware’s installer, then right-click it and press Delete.
  9. Search for this path: %APPDATA%
  10. Find files named winupmgr.exe and PresentationFontCache.exe or titled similarly.
  11. Right-click the listed executable files and press Delete.
  12. Then go to %USERPROFILE%
  13. Find the document called !!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT, right-click it and press Delete.
  14. Exit File Explorer.
  15. Press Win+R.
  16. Insert Regedit and press Enter.
  17. Navigate to this path: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  18. Search for a couple of value names created by the threat: one of them might have a random name and the other should be called Windows Update Manager.
  19. Right-click the malware’s created value names and press Delete.
  20. Go to HKEY_CURRENT_USER\Software
  21. Find a key with a random name, for example, fUuqvZeAGZoZ.
  22. Right-click this key and press Delete.
  23. Close Registry Editor.
  24. Empty Recycle bin.
  25. Restart the system.
Download Spyware Removal Tool to Remove* Scarab-Glutton Ransomware
  • Quick & tested solution for Scarab-Glutton Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.