Eliminating NRansom Reborn Ransomware (Ransomware/Screen-locker)

May 3rd 2018 - by Fix My PC FREE in: Blog PC Protection News Virus Removal | 0 Comment

ATTENTION, PLEASE!

Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.

We recommend downloading Advanced System Repair to eradicate Malware for you (it should cut down the time to about 15 minutes).

>> Download Advanced System Repair <<

 

What is NRansom Reborn ransomware? And how does it carry out its attack?

NRansom Reborn ransomware is a new version of the nRansom ransomware which was discovered in 2017. According to security experts, this new nRansom variant spreads via a malicious payload named “Hide My Ass VPN” software. Once this malicious file is opened, NRansom Reborn ransomware gets installed in the system and after it’s installed, it will make multiple changes in the system. Just like its predecessor, this new variant does not have the capability to encrypt files but it’s capable of locking the screen so that victims won’t be able to access their PCs. As you can see, nothing much has changed with this variant except the crooks behind this ransomware changed the email address to “die_yourself@protonmail”.

Similar to nRansom ransomware, NRansom Reborn ransomware asks its victims to send nudes in exchange for the unlock code as stated in the locked screen of the infected PC:

“NRANSOM REBORN

I have finally awaken

Your computer has been locked. Don’t worry, your

files are safe and are easily accessible by closing

window.

But how do you close this window?

The button at the bottom will close this window.

However, it will only close if you have the unlock

code

Getting the unlock code is easy. Go to protonmail

and send an email to me. my address is

die_yourself@protonmail.com

Send me 15 of your nudes and

then I will give you the unlock code

The code goes here—–> Unlock

Hitler did nothing wrong”

Victims are asked to send 15 nudes in exchange for the code to unlock the computer. However, sending nudes to the victims is probably the worst thing that you could do if you are one of the victims of this ransomware infection. The best thing you can do is to eliminate NRansom Reborn ransomware from your computer. In addition, NRansom Reborn ransomware also presents another note that states:

“Your computer has been locked and your files will be encrypted if you do not follow the instructions to get the code to unlock the machine. There is only one way to receive the unlock code. You must go to www.mail.india.com and create an account. Send an email to 2_kill_yourself@india.com We will not reply immediately. When we reply. Send at least 20 nude pictures of you. After that, I want you to record a video of you murdering 10 innocent people. Send that to me. Once we verify you, we will give you your numerical unlock code. IF YOU DO NOT UNLOCK THE MACHINE IN 5 HOURS WE WILL ENCRYPT YOUR FILES AND THEY WILL BE UNLOCKABLE FOREVER. THE VERIFICATION WILL ONLY WORK IF YOU OPEN BOOBS AND VAGENE !!!”

How does NRansom Reborn proliferate?

NRansom Reborn ransomware proliferates via spam emails where its malicious payload, Hide My Ass VPN software is attached. These malware-laden emails are often disguised to make them look like they were sent by some legitimate group or company so you have to be careful in opening emails or downloading attachments even if they look like they were sent by some well-known company.

Follow the removal instructions given below to obliterate NRansom Reborn ransomware from your system.

Step 1: Tap the Ctrl + Alt + Delete keys to open a menu and then expand the Shutdown options which is right next to the power button.

Step 2: After that, tap and hold the Shift key and then click on Restart.

Step 3: And in the Troubleshoot menu that opens, click on the Advanced options and then go to the Startup settings.

Step 4: Click on Restart and tap F4 to select Safe Mode or tap F5 to select Safe Mode with Networking.

Step 5: After your PC has successfully rebooted, tap Ctrl + Shift + Esc to open the Task Manager.

Step 6: Go to the Processes tab and look for NRansom Reborn.exe and then end its process.

Step 7: Exit the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.

Step 8: Look NRansom Reborn Ransomware and then uninstall it.

Step 9: Close Control Panel and tap Win + E keys to open File Explorer.

Step 10: Navigate to the following locations and look for NRansom Reborn ransomware’s malicious components such as “Hide My Ass VPN” and then delete them all.

  • %TEMP%
  • %APPDATA%
  • %Userprofile%\Robin
  • %Userprofile%\Cerber
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
  • %USERPROFILE%\Downloads
  • %USERPROFILE%\Desktop

Step 11: Close the File Explorer.

Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use Advanced System Repair this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.

Step 12: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.

Step 13: Navigate to the listed paths below and look for the registry keys and sub-keys created by NRansom Reborn ransomware.

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
  • HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
  • HKEY_CURRENT_USER\Control Panel\Desktop

Step 14: Delete the registry keys and sub-keys created by NRansom Reborn ransomware.

Step 15: Close the Registry Editor and empty your Recycle Bin.

To ensure the complete removal of NRansom Reborn ransomware you have to use a reliable program like Advanced System Repair. How? Follow the advanced removal steps below.

Perform a full system scan using asr. To do so, follow these steps:

  1. Turn on your computer. If it’s already on, you have to reboot
  2. After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.

  1. To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
  2. Windows will now load the SafeMode with Networking.
  3. Press and hold both R key and Windows key.

  1. If done correctly, the Windows Run Box will show up.
  2. Type in the URL address, https://www.fixmypcfree.com/download.php?asr in the Run dialog box and then tap Enter or click OK.
  3. After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
  4. Once the installation process is completed, run asr to perform a full system scan.

  1. After the scan is completed click the “Fix, Clean & Optimize Nowbutton.

No Comment

Leave a Reply

Name Required

Website