Dr Jimbo Ransomware Removal Guide

Dr Jimbo Ransomware is another infection created in Russia. It is not extremely popular at the time of writing; however, the situation might quickly change because it is known to be distributed through spam emails. Malware experts always thoroughly test ransomware infections because all of them are extremely dangerous, i.e. they are capable of encrypting personal files and then asking users to pay the considerable amount of money for the key. Dr Jimbo Ransomware does not differ from other well-known ransomware infections, e.g. Crypt38 Ransomware, Dedcryptor Ransomware, and Apocalypse Ransomware as well because it also locks all the personal files, e.g. pictures, music, videos, documents, etc. stored on the computer and then demands a ransom. Fortunately, it does not encrypt files placed in the %WINDIR% directory, which means that it will not destroy your Windows OS, and you could turn on your computer and surf the web normally. Of course, you will not be allowed to open any of your files and your new files might be locked in the blink of an eye too. Those users who do not want to allow Dr Jimbo Ransomware to encrypt other files again need to remove it immediately. As it will not be a very easy task, we suggest reading this article from the first sentence till the end before you erase it.

It has been found that Dr Jimbo Ransomware needs several minutes to encrypt all the files stored on the computer. Once it finishes doing that, it immediately opens the .txt file with the ransom note. In addition, it adds the .encrypted filename extension to all the files it touches. If you have already encountered this ransomware infection, you already know that it encrypts all the most valuable files in order to be able to ask users to pay money. In order to tell users what has happened to their files, Dr Jimbo Ransomware creates .txt files in every affected folder. It seems that these text files will also have names of encrypted files, e.g. mydocument.doc.How_To_Decrypt.txt. If you open any of these files after the encryption process is finished, you will notice the following text:

Attention!

All your data was Encrypted!

If you wanna get it back contact via email:

dr.jimbo@bk.ru

WARNING: If you don’t contact next 48 hours, then all DATA will be damaged unrecoverably!!!

Users are asked to write an email to the given email address if they want to get instructions on how to unlock their files. There is no doubt that you will be asked to transfer the particular sum of money for the decryption key, so, to be honest, there is no point in contacting cyber criminals if you know that you are not going to pay money in any way. Actually, it is a clever decision to keep the money to yourself because nobody knows whether cyber criminals will unlock files after you pay the ransom. We are sure that you do not want to lose your money and do not get anything in exchange, so we suggest trying to unlock files in a different way, for example, you should wait for the decryption tool to be released and then use it instead of supporting cyber criminals.

You will, of course, immediately notice if the ransomware infection enters your system because new files will be created and your personal files will be locked. Of course, these are not the only changes Dr Jimbo Ransomware will apply. Specialists working at 411-spyware.com have also managed to find out that this ransomware infection will create the main ransom note file in %HOMEDRIVE% and will add the value in the RUN registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run) to be able to open the .txt file with the ransom note for users after the encryption of all the files. If you remove the ransomware infection fully, these modifications will no longer be visible as well.

It has been noticed that Dr Jimbo Ransomware does not create copies of itself, and it does not block system utilities, e.g. Registry Editor, which means that it will not be that hard to get rid of it. Of course, less experienced computer users might still find the process difficult, so we have prepared the manual removal instructions for them. Feel free to use them but do not forget that you might also need to remove other infections that hide on your computer and perform activities silently.

Delete Dr Jimbo Ransomware

1. Find and remove the malicious file you have downloaded and executed.
2. Launch RUN (Win+R).
3. Enter %HOMEDRIVE% in the box and click OK.
4. Locate the main ransom note, right-click on it, and select Delete.
5. Launch RUN again and enter regedit.exe in the box. Click OK.
6. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
7. Locate the value Happy Letter.
8. Right-click on it and select Delete.
9. Empty your Recycle bin.
10. Restart your PC.