EbolaRnsmwr Ransomware Removal Guide

EbolaRnsmwr Ransomware is a file-encrypting threat. However, the variant we came across does not encrypt any files unless they are located on a folder named test. Also, the directory has to be on the user’s Desktop. Under such circumstances, we suspect the malicious application is not finished yet. Thus, we doubt it could be widely distributed until it is fully developed. Nonetheless, even as a test version it can disable user’s Task Manager, change his Desktop wallpaper, and so on. If you read the rest of our article, we will tell you more about the threat. What’s more, slightly below the article we will place manual deletion instructions, although we would like to stress while they should help eliminate EbolaRnsmwr Ransomware the way it works now, they might if you come across another variant.

If EbolaRnsmwr Ransomware was being spread, it could travel with malicious email attachments or infected software installers. For this reason, our specialists advise staying away from torrent and other untrustworthy file sharing web pages. As for suspicious files received via email, we would recommend checking them with a reputable security tool or not to open them if you suspect something could be wrong, for example, the sender’s email address might appear to be forged. Besides, such malicious programs can enter the computer by exploiting its vulnerabilities. Therefore, it is same important to ensure your system has no weaknesses as to keep away from potentially malicious material.

Once EbolaRnsmwr Ransomware settles in it should start encrypting files located in the %USERPROFILE%\Desktop\Test folder. Of course, if there is no such directory on your Desktop, the malware should not affect any data. Otherwise, the files would have an additional .101 extension, and you should be unable to open them. After the encryption process, the malicious program changes the user’s Desktop wallpaper, drops a text document, and displays a pop-up window. All of them should contain a ransom note saying the user has to pay if he wants to decrypt his data. Fortunately, in this case, you do not even have to consider the option, and if EbolaRnsmwr Ransomware encrypted any data, we would advise not to put up with any demands. The hackers may promise anything to make their victims pay, but they do not always keep up to their words. What we are trying to say is that paying the ransom can be hazardous as there is still a risk the user could get scammed. Knowing this, we advise deleting the malware instead of making the payment.

A bit below this paragraph you should see instructions that explain how to remove EbolaRnsmwr Ransomware or to be more precise the variant we came across. It means that if the hackers launch another variant these instructions might not be able to help you as some files or locations could be changed. As a result, it might be wiser to employ a reliable security tool of your choice and let it remove the malware for you.

Get rid of EbolaRnsmwr Ransomware

1. Tap Win+R.
2. Insert Regedit and press Enter.
3. Navigate to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
4. Locate a value name titled DisableTaskMgr, right-click it and choose Modify.
5. Instead of 1 type 0 and save changes.
6. Leave Registry Editor.
7. Press Ctrl+Alt+Delete.
8. Select Task Manager.
9. Find a process described EbolaRnsmwe, select it and press End Task.
10. Look for another process called 000payload.exe, select it as well and press End Task.
11. Exit Task Manager.
12. Tap Win+E.
13. Go to:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
14. Find the file that infected the computer, right-click it and click Delete.
15. Navigate to: %APPDATA%
16. Find a file titled 000payload.exe, right-click it and press Delete.
17. Go to: %USERPROFILE%\Desktop
18. Right-click text file titled READ_ME.txt and select Delete.
19. Find this location: %USERPROFILE%\Documents
20. Right-click a file named pass.decrypt and press Delete.
21. Close File Explorer.
22. Empty your Recycle bin.
23. Reboot the computer.