Terminate Teamo Ransomware (Crypto-Malware/Ransomware)

Nov 15th 2017 - by Fix My PC FREE in: Blog PC Protection News Virus Removal | 0 Comment

ATTENTION, PLEASE!

Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.

We recommend downloading Restoro to eradicate Malware for you (it should cut down the time to about 15 minutes).

>> Download Restoro <<

 

Teamo ransomware, also known as Zika ransomware, is a new cyber threat created using the Hidden Tear open source platform. This ransomware seems to target Spanish-speaking users based on its ransom note which is written in Spanish. However, that does not mean that users who aren’t Spanish are safe from this threat as its uses a widely-used distribution in spreading its infection. Teamo ransomware is even categorized as a severe threat by security experts since there is no way to recover the encrypted files unless a decryption key is available which is safely tucked away on the ransowmare’s Command and Control server managed by the crooks behind this threat.

Once Teamo ransomware invades your computer, it will launch a connection to its Command and Control server and then start to scan the entire drive of the computer looking for files to encrypt. This ransomware encrypts important files, especially the user-generated ones such as audio, video, images, documents, configuration files, and other file formats. During the encryption, appends the .teamo extension on each of the targeted files and drops its ransom note named Hello Hi Hola como sea jaja.txt which is placed on the desktop of your computer. Here’s the content of the ransom note written in Spanish:

“Tus Archivos Han Sido Encryptados

(Your Files Have Been Encrypted)

Tus archivos han sido encryptados, lo que significa que ya no puedes abrirlos. Debo decir que no existe manera que los podamos recoperar  … Mentira, contactame. Zika

Your files have been encrypted, which means you can not open them any more. I must say there is no way that the recipes  …

Lie, contact me. Zika

Atte. Your Friend Zika.”

And here’s the ransom note translated to English:

“Your files have been encrypted, which means you can not open them any more. I must say there is no way that the recipes 🙁 …

Lie, contact me. Zika

Atte. Your Friend Zika.”

It is assumed that cyber crooks might try to improve Teamo ransomware to make it even stronger than it already is. Security experts also suspect that the crooks behind this ransomware might even add a Trojan module to allow them to spy on the victims and take control of the infected computer.

Even though there is no way for you to recover the encrypted files using their shadow volume copies, fear not for you can still use any backup copies of the affected files if you have them and if you don’t, you just have to eliminate Teamo ransomware first and then wait until a free decryptor is available.

How does Teamo ransomware spread?

Teamo ransomware spreads as a malicious executable file named eda.exe which is distributed on spam emails. The malicious email is disguised as something important to lure users into opening the email and downloading the attachment. It would be best if you stir clear of any unknown emails especially if they’re from unknown senders. Teamo also spreads using fake or illegal downloads, misleading fake updates as well as malvertising.

Refer to the instructions below to terminate Teamo ransomware and its associated files from your computer.

Step 1: Tap Ctrl + Shift + Esc keys to open the Task Manager.

Step 2: After opening the Task Manager, look for Windows Desktop.exe which is Teamo ransomware’s malicious process, right click on it and select End Process or End Task.

Step 3: Close the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.

Step 4: Look for Teamo ransomware or any suspicious program and then Uninstall it/them.

Step 5: Tap Win + E to launch File Explorer.

Step 6: After opening File Explorer, navigate to the following locations below and look for Teamo ransomware’s malicious components such as the ransom note Hello Hi Hola como sea jaja.txt as well as the malicious executable file eda.exe responsible for installing the crypto-malware in your computer.

  • %AppData%
  • %Local%
  • %Temp%
  • %Roaming%
  • %LocalLow%

Step 7: Close the File Explorer. Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use PC Cleaner Pro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.

Step 8: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.

Step 9: Navigate to the listed paths below and look for the registry keys and sub-keys created by Teamo ransomware.

  • HKEY_CURRENT_USER\Control Panel\Desktop\
  • HKEY_USERS\.DEFAULT\Control Panel\Desktop\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Step 10: Delete the registry keys and sub-keys created by Teamo ransomware.

Step 11: Close the Registry Editor.

Step 12: Empty your Recycle Bin.

To make sure that Teamo is completely removed and that nothing is left behind, use the following antivirus program. To use it, refer to the instructions below.

Perform a full system scan using SpyRemover Pro. To do so, follow these steps:

  1. Turn on your computer. If it’s already on, you have to reboot
  2. After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.

  1. To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
  2. Windows will now load the SafeMode with Networking.
  3. Press and hold both R key and Windows key.

  1. If done correctly, the Windows Run Boxwill show up.
  2. Type in explorer http://www.fixmypcfree.com/install/spyremoverpro

A single space must be in between explorer and http. Click OK.

  1. A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. Installation will start automatically once download is done.

  1. Click OK to launch it.
  2. Run SpyRemover Pro and perform a full system scan.

  1. After all the infections are identified, click REMOVE ALL.

  1. Register the program to protect your computer from future threats.

 

 

 

No Comment

Leave a Reply

Name Required

Website