Sitaram108 Ransomware Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 732
Category: Trojans

Sitaram108 Ransomware is a malicious computer infection that comes from a notorious group of cyber threats. This program will deny file access, saying that you can decrypt your files if you contact the “technical support.” Needless to say, this technical support thing is a scam devised to trick unsuspecting users into giving away their money. You should never pay a single cent to the criminals who have created this infection. Rather than that, remove Sitaram108 Ransomware at once, and then look for ways to restore your files. Dealing with cyber criminals is never an option because you cannot trust them, and you can never know what other trick they might pull off.

We have mentioned that this program belongs to a group of similar infections. To name just a few, there are Alex.vlasov@aol.com Ransomware, Meldonii@india.com ransomware, Radxlove7@india.com Ransomware, and others in the roster. All of these programs share infection symptoms and behavioral patterns. For instance, when you get infected with these applications, they change your background by modifying Wallpaper entry in the Windows Registry. Then, of course, they connect to the Internet without your permission, and they cannot be removed via Control Panel. Everything is done to make an impression there is no other way out of this situation but to pay.

Just like most of the other programs in the group, Sitaram108 Ransomware uses two email addresses for communication with the infected users: sitaram108@india.com and sitaram108@aol.com. We would like to point out that the servers used by this infection to host their inboxes barely have anything to do with it. The cyber criminals simply make use of the service, most probably without permission. That is why the connection between the program and its command and control center is really shaky, and it might be impossible to receive the decryption tool necessary if the server goes down.

Unfortunately, it is virtually impossible to restore the files on your own because Sitaram108 Ransomware uses the RSA-2048 encryption algorithm. It is one of the most complicated algorithms out there, and unless you have the original decryption key, the decryption is out of the question. Needless to say, only the criminals (in theory) have the decryption key, but it is very likely a public decryption tool would soon appear for this and other similar infections. Computer security specialists already know that Sitaram108 Ransomware is based on the CrySiS ransomware engine, so they have a lead they can work on.

In the meantime, it is your job to make sure you delete Sitaram108 Ransomware and everything associated with it from your system. You will find manual removal instructions right below this paragraph. Do not feel discouraged if the instructions seem really long. Everything is doable!

Nevertheless, if you are not use to working with the Registry Editor, then perhaps it would be for the best to turn to the professionals. Using a licensed antispyware tool is one of the most efficient ways to solve such problem. Not to mention that a computer security application will also protect your PC from other threats in the future. Should you have any further questions regarding your computer’s security or your file decryption, please leave us a comment.

How to Remove Sitaram108 Ransomware

  1. Press Win+R and the Run prompt will open.
  2. Type %APPDATA% into the Open box and click OK.
  3. Navigate to Microsoft\Windows\Start Menu\Programs\Startup.
  4. Find and delete a random name .exe file*.
  5. Press Win+R and type %ALLUSERPROFILE%. Click OK.
  6. Navigate to Microsoft\Windows\Start Menu\Programs\Startup.
  7. Locate and delete a random name .exe* file.
  8. Press Win+R and type %WINDIR% into the Open box. Press OK.
  9. Go to the Syswow64 folder and remove a random name .exe* file.
  10. Go back to the WINDOWS directory and open System32.
  11. Find and delete a random name .exe* file.
  12. Press Win+R again and enter regedit into the Open box. Click OK.
  13. Navigate to HKEY_CURRENT_USER\Control Panel\Desktop.
  14. Right-click the Wallpaper value on the right pane.
  15. Delete or change the wallpaper image path. Click OK.
  16. Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers.
  17. Delete the value with the value data C:\Users\user\Decryption instructions.jpg on the right.
  18. Go to HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Run.
  19. Delete the values with the following value data:
    %WINDIR%\Syswow64\*.exe
    %WINDIR%\System32\*.exe
  20. Scan your computer with a licensed antispyware tool.

*could also be titled Payload1.exe or Payload_c.exe.

Download Remover for Sitaram108 Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Sitaram108 Ransomware Screenshots:

Sitaram108 Ransomware
Sitaram108 Ransomware
Sitaram108 Ransomware

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *