BeethoveN Ransomware Removal Guide

The researchers discovered a new malicious application programmed to encipher files on the infected computer; it is known as BeethoveN Ransomware. If you had the misfortune to encounter it too, we encourage you to get rid of it as soon as possible. The malware’s creators may promise to help you decrypt the enciphered files, but no doubt there are no guarantees they are going to keep up to their promises. Consequently, we advise you to keep your money to yourself and erase the infection. What’s more, users should know there are two versions of BeethoveN Ransomware: the earlier one is believed to be a test version, while the later one seems to be a fully-developed variant. We will talk more about their differences later in the article, so if you wish to find out other details about the malware, reading the rest of our report is most advisable.

The malicious application should be spread through infected email attachments. Such files might arrive together with Spam emails or other letters from unknown senders. In other words, BeethoveN Ransomware’s source could be any suspicious file sent via email. For this reason, our specialists advise users to be extra cautious with any attachment that raises even the smallest suspicion. It would be a good idea to keep a trustworthy antimalware tool since with it you could check possibly malicious files in just a couple of minutes. As a result, the computer might avoid being infected as it could happen if you open the corrupt file instantly, without scanning it first.

After the malware’s installer is launched the threat should place a file called BeethoveN.exe on the user’s Desktop. It is BeethoveN Ransomware’s copy and once launched it opens a pop-up window, which we will describe further in the text. For some reason, the malware may create a Registry entry in the HKEY_CURRENT_USER path. To be more precise, it might add a key called Environment, and within this key, there should be a directory titled as SAVETHETREES. Our specialists ensure us this Registry entry does not have any purpose. Perhaps, the ransomware’s creators suggest they are attacking their victims in order to save the planet? In such case, we cannot see how damaging your files could help such a cause, so you should not let these hackers trick you.

Furthermore, at the time the files mentioned above are created, BeethoveN Ransomware should encipher various private data found on the device with RSA or AES cryptosystems. Such files could be marked with .BeethoveN extension, for example, speech.docx.BeethoveN. Later, depending on the infection’s version, it might drop either FILELIST.txt or FILEUST.txt. Both of the documents contain the ransom note. However, the text in them might be slightly different. FILEUST.txt should be placed by the malicious application’s test version since it does not provide contact details or name the price like the updated text document does (FILELIST.txt). The ransom note should also appear on the pop-up window which can be opened by launching BeethoveN.exe.

It seems to be the hackers want to be paid $400 or around 0.16 BTC, although the ransom note says the price is negotiable. In any case, paying the ransom or dealing with the malware’s developers is not something we would advise you to do. There is a chance you could be tricked and lose your money in vain. If you do not wish to take these chances, we urge you not to waste any time and remove this malicious application immediately. Users who want to erase it manually could follow the instructions placed below the article. Provided they appear to be too difficult or you want to be certain there are no other threats on the system, we would recommend using a reliable security tool.

Remove BeethoveN Ransomware

1. Tap Ctrl+Alt+Delete.
2. Select Task Manager.
3. Find a process associated with the malicious application, select it and click End Task.
4. Exit the Task Manager.
5. Press Windows key+E to open Explorer.
6. Check the listed folders:
   Desktop
   Temporary Files
   Downloads
7. Search for the malware’s installer, right-click it and press Delete.
8. Navigate to Desktop again and look for the listed data:
   BeethoveN.exe
   FILELIST.txt
   FILEUST.txt
9. Right-click these files and choose Delete.
10. Close the Explorer.
11. Press Window key+R.
12. Type Regedit and click Enter.
13. Go to this path HKEY_CURRENT_USER
14. Find a key called Environment that has a key named SAVETHETREES.
15. Right-click the Environment key and press Delete.
16. Exit the Registry Editor.
17. Right-click the Recycle bin and empty it.
18. Restart the PC.