Poop Ransomware

Poop Ransomware is a malware based on an open-source program known as Hidden Tear that can be used for encrypting various files. The malicious application encrypts pictures, documents, and data alike located on specific directories and then shows a note asking to pay a ransom. Unfortunately, the sum is not a small one as, at the moment of writing, 1.2277114 Bitcoins is around 1137 US dollars. If you do not want to risk losing such an amount of money, we do not recommend putting up with any demands. If you have backup copies, you could use them to recover encrypted files. Otherwise, the enciphered data might be lost for you, although given the threat targets files only in a few specific directories, it is possible it might not affect a lot of your essential files. To read more about the malware, you should continue reading our article, and if you want to know how to erase Poop Ransomware, we encourage you to have a look at the instructions located below the text.

Poop Ransomware is likely to be spread through usual channels. Most hackers who distribute such threats use Spam emails and malicious file-sharing websites. To be more precise, it is possible the malicious application’s victims could receive it after opening some suspicious email attachment or software installer. This is why we recommend keeping away from emails that come from people you do not know, especially if they carry attachments or links to other websites. Also, you should stay away from unreliable file-sharing sites. The safest way to obtain the software or updates you need is to download such content from legitimate web pages. You may not even have to search for such sites yourself as, usually, when a system or a tool needs an update, it leads you to its official website. Another thing you can do to make sure you do not accidentally launch a malicious file is to scan questionable data downloaded from the Internet with a reliable antimalware tool.

Our researchers say that if Poop Ransomware enters the system, it ought to create a copy of its launcher in the %APPDATA%\Windows location. The copy should be called local.exe and the “Windows” folder it is supposed to be hiding in is created by the malware too. In other words, the malicious application might hide in a fake Windows folder. This name choice makes sense as many users know that they should not interact with data belonging to their operating system unless they are experienced and know what they are doing. Therefore, it is likely that inexperienced users would not think it is a fake Windows folder and would leave it be. Next, Poop Ransomware is supposed to start encrypting user’s data. As said earlier, it encrypts files only in specific locations, which are: %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, %USERPROFILE%\Documents, %USERPROFILE%\Pictures, %USERPROFILE%\Contacts, and %USERPROFILE%\Links. The rest of the files on a computer should be unaffected.

Later on, the malicious application ought to open a window called SYSTEM HACKE AND FILES ENCRYPTED. On it, users should see a pink text in a black background saying: “Hello, Your computer has been encrypted with a High Level (Military Grade) AES-256 Bit encryption technique.” The rest of the message explains the user should not look for help and pay a ransom if he wishes to get his files back. Otherwise, hackers behind Poop Ransomware threaten to place user’s files and sensitive information on the dark web. It is doubtful the hackers could do so as our researchers did not notice the malware collecting any data. The threats could be on the ransom note to scare a victim and convince him to pay a ransom. We do not recommend doing so if you do not want to risk losing around one thousand US dollars in vain. The hackers may promise to send Poop Ransomware’s decryption tools, but there are no guarantees they will do so.

If you decide not to put up with any demands, we encourage you to eliminate Poop Ransomware. To remove it from the system manually, you could follow the deletion instructions available at the end of this paragraph. The other way to erase the malicious application is to do a full system scan with a chosen antimalware tool. Do not forget to make sure the tool is reliable and keep it up to date if you want it to guard your system from threats you could yet encounter in the future.

Eliminate Poop Ransomware

1. Click Ctrl+Alt+Delete.
2. Choose Task Manager and select Processes.
3. Find a process belonging to the threat.
4. Mark it and click End Task.
5. Exit Task Manager.
6. Click Win+E.
7. Find these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. See if the malicious application’s launcher (suspicious recently downloaded file) is still there.
9. Right-click it and select Delete.
10. Go to %APPDATA%
11. Find a folder called Windows (should contain a single executable file that might be called local.exe).
12. Right-click the fake Windows folder and select Delete.
13. Exit File Explorer.
14. Empty your Recycle Bin.
15. Restart the computer.