What is .Combo ransomware? This week, computer security specialists has received reports of yet another ransomware called .Combo ransomware. This ransomware spreads via spam emails and malware files and appends the .combo extension to encrypted files.
Immediately after the launch, the .Combo ransomware scans all available drives, including network and cloud storage, to determine which files will be encrypted. The virus uses the file name extension, as a way to define a group of files that will be subjected to encrypting. Encrypted almost all types of files, including common as:
.snx, .sum, .xdl, .fsh, .psk, .2bp, .r3d, .mdbackup, .p12, .wpt, .zip, .csv, .hplg, .3ds, .t13, .hvpl, .rgss3a, .xpm, .sid, .mcmeta, .gho, .hkx, .ntl, .srf, .dcr, .jpg, .pst, .wbd, .0, .pak, .xyw, .kf, .qic, .slm, .cr2, .sav, .mpqge, .jpeg, .sidn, .xls, .wmv, .mov, .arch00, .xxx, .pptm, .sis, .erf, .xbdoc, .doc, .w3x, .ff, .bc6, .odm, .iwi, .wdp, .indd, .bar, .m3u, .p7c, .lbf, .wmv, .yml, .epk, .x3f, .litemod, .wire, .ltx, .7z, .icxs, .sr2, .pef, .cdr, .dng, .m4a, .fos, .wb2, .js, .xdb, .xls, .wot, .ztmp, .odb, .m2, .zip, .xlsm, .crt, .syncdb, .zdc, .xx, .wp5, .dwg, .wbc, .xld, .jpe, .eps, .ibank, .vfs0, .yal, .bsa, .wpl, .odp, .xlsm, .xmmap, .wcf, .wbm, .rim, .kdc, .dmp, .ncf, .db0, .webdoc, .xlsx, .wpg, .itdb, .vpp_pc, .rw2, .p7b, .dba, .tax, .wpw, .fpk, .cer, .das, .z, .upk, .x3d, .vdf, .xbplate, .zif, .rwl, .re4, .py, .dbf, .x3f, .xlsb, .ybk, .wsd, .z3d, .tor, .xml, .big, .rar, .odt, .menu, .dazip, .kdb, .der, .srw, .webp, .bik, .xar, .zdb, .mdf, .orf, .wsh, .xlsx, .rofl, .itm, .wri, .lrf, .itl, .mddata, .pkpass, .pem, .wpb, .iwd, .wmf, .mef, .wp6, .ppt, .wmd, wallet, .pdf, .layout, .wpd, .3dm, .1, .wp, .ysp, .x, .dxg, .gdb, .accdb, .bkf, .xy3, .cfr, .xyp, .wdb, .ptx, .avi, .raw, .mlx, .wma, .xf, .zabw, .psd, .nrw, .xlgc, .svg, .map, .zw, .rtf, .blob, .wma, .cas, .pfx, .odc, .sie, .png, .xlk, .1st, .ods, .wgz, .mp4, .css, .desc, .t12, .pdd, .qdf, .wotreplay, .wsc, .apk, .wm, .wbk, .txt, .d3dbsp, .y, .wps, .lvl, .mrwref, .ai, .vcf
When the virus encrypts a file, it will add the .combo extension to each encrypted file. Once the virus finished enciphering of all personal files, it will drop a file called “FILES ENCRYPTED.txt” with ransomnote on how to decrypt all personal files. You can see an one of the variants of the ransom note below:
all your data has been locked us
You want to return?
write email email@example.com or firstname.lastname@example.org
Unfortunately, there is no method for victim’s to decrypt photos, documents and music for free. In the guidance below, I have outlined few methods that you can use to remove .Combo ransomware virus from your PC and restore .combo files for free from a shadow volume copies or using file recover programs.
Table of contents
- How to decrypt .combo files
- How to remove .Combo ransomware
- How to restore .combo files for free
- How to protect your PC system from .Combo ransomware
How to decrypt .combo files
The encryption method is so strong that it is practically impossible to decrypt .combo files without the actual encryption key. The bad news is that the only way to get your files back is to pay ($300-1000 in Bitcoins) makers of the .Combo ransomware virus for a copy of the private (encryption) key. There is absolutely no guarantee that after pay a ransom to the makers of the .Combo ransomware virus, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware.
With some variants of this ransomware, it is possible to use Windows Shadow Copies or file recover tools to restore files that have been encrypted by .Combo ransomware virus. You can use the free utilities listed below in the article.
How to remove .Combo ransomware
Most commonly it is not possible to remove .Combo ransomware manually. For that reason, our team created several removal solutions which we have summarized in a detailed guidance below. Therefore, if you’ve the .Combo ransomware virus on your personal computer and are currently trying to have it deleted then feel free to follow the steps below in order to resolve your problem. Read it once, after doing so, please print this page as you may need to exit your browser or restart your PC.
Automatically remove .Combo ransomware virus with Zemana Anti-malware
We advise using the Zemana Anti-malware that are completely clean your personal computer of the ransomware virus. The tool is an advanced malware removal program designed by (c) Zemana lab. It is able to help you delete PUPs, ransomware viruss, adware, malware, toolbars, ransomware and other security threats from your machine for free.
Now you can setup and run Zemana Free to delete .Combo ransomware virus from your computer by following the steps below:
Visit the following page to download Zemana Anti-Malware install package named Zemana.AntiMalware.Setup on your computer. Save it to your Desktop so that you can access the file easily.
Author: Zemana Ltd
Category: Security tools
Update: February 14, 2019
Start the installer after it has been downloaded successfully and then follow the prompts to install this utility on your computer.
During install you can change some settings, but we advise you don’t make any changes to default settings.
When install is finished, this malware removal tool will automatically start and update itself. You will see its main window as on the image below.
Now click the “Scan” button . Zemana AntiMalware tool will start scanning the whole PC system to find out the .Combo ransomware and other malicious software. Depending on your computer, the scan can take anywhere from a few minutes to close to an hour. While the tool is scanning, you can see count of objects and files has already scanned.
As the scanning ends, Zemana Anti-Malware (ZAM) will show a scan report. Review the report and then click “Next” button.
The Zemana Free will remove the .Combo ransomware virus and add items to the Quarantine. When disinfection is finished, you may be prompted to reboot your system to make the change take effect.
Use MalwareBytes Anti-Malware to remove .Combo ransomware
You can delete .Combo ransomware automatically through the use of MalwareBytes Anti-Malware. We recommend this free malware removal utility because it can easily remove ransomware, ad-supported software, malicious software and other unwanted software with all their components such as files, folders and registry entries.
- Please go to the link below to download the latest version of MalwareBytes Anti-Malware for MS Windows. Save it on your MS Windows desktop or in any other place.
Category: Security tools
Update: February 5, 2019
- When the download is finished, close all applications and windows on your PC system. Open a directory in which you saved it. Double-click on the icon that’s named mb3-setup.
- Further, press Next button and follow the prompts.
- Once installation is finished, click the “Scan Now” button for scanning your PC system for the .Combo ransomware virus and other malware. A system scan may take anywhere from 5 to 30 minutes, depending on your machine. When a malicious software, ad-supported software or PUPs are found, the number of the security threats will change accordingly. Wait until the the checking is finished.
- Once that process is finished, you will be shown the list of all detected threats on your personal computer. You may delete items (move to Quarantine) by simply press “Quarantine Selected”. When the cleaning procedure is done, you can be prompted to reboot your PC.
The following video offers a few simple steps on how to get rid of browser hijackers, ad supported software and other malware with MalwareBytes Free.
Remove .Combo ransomware with KVRT
KVRT is a free removal tool that can scan your personal computer for a wide range of security threats such as the .Combo ransomware virus, adware, PUPs as well as other malicious software. It will perform a deep scan of your system including hard drives and Microsoft Windows registry. When a malware is found, it will help you to get rid of all detected threats from your personal computer with a simple click.
Download Kaspersky virus removal tool (KVRT) by clicking on the following link. Save it on your Desktop.
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the download is done, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is complete, you’ll see the KVRT screen as on the image below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button for checking your personal computer for the .Combo ransomware virus, other trojans and harmful applications. This procedure can take quite a while, so please be patient. During the scan KVRT will search for threats exist on your system.
After the checking is finished, KVRT will create a list of malware as displayed on the screen below.
Review the report and then click on Continue to start a cleaning procedure.
How to restore .combo files for free
In some cases, you can recover files encrypted by .Combo ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted personal files.
Restore .combo files with ShadowExplorer
In some cases, you have a chance to restore your documents, photos and music that were encrypted by the .Combo ransomware virus. This is possible due to the use of the tool called ShadowExplorer. It is a free application which made to obtain ‘shadow copies’ of files.
Installing the ShadowExplorer is simple. First you will need to download ShadowExplorer on your personal computer from the link below.
Category: Security tools
Update: February 27, 2018
When the downloading process is finished, extract the downloaded file to a directory on your PC. This will create the necessary files as displayed in the following example.
Start the ShadowExplorerPortable application. Now choose the date (2) that you want to recover from and the drive (1) you wish to restore files (folders) from as shown on the screen below.
On right panel navigate to the file (folder) you want to restore. Right-click to the file or folder and press the Export button as displayed on the screen below.
And finally, specify a folder (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Restore .combo files with PhotoRec
Before a file is encrypted, the .Combo ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your files using file restore programs like PhotoRec.
Download PhotoRec from the following link.
Category: Security tools
Update: March 1, 2018
Once the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder like below.
Double click on qphotorec_win to run PhotoRec for Windows. It’ll show a screen as shown in the following example.
Select a drive to recover as displayed in the figure below.
You will see a list of available partitions. Select a partition that holds encrypted personal files as displayed in the following example.
Press File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is done, click OK button.
Next, press Browse button to select where recovered personal files should be written, then click Search.
Count of recovered files is updated in real time. All restored personal files are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the restore is finished, click on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as shown on the screen below.
All restored files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your PC system from .Combo ransomware
Most antivirus software already have built-in protection system against the virus. Therefore, if your personal computer does not have an antivirus application, make sure you install it. As an extra protection, run the CryptoPrevent.
Use CryptoPrevent to protect your PC system from .Combo ransomware
Download CryptoPrevent on your Microsoft Windows Desktop by clicking on the following link.
Run it and follow the setup wizard. Once the installation is done, you will be shown a window where you can select a level of protection, as on the image below.
Now click the Apply button to activate the protection.
Now your personal computer should be clean of the .Combo ransomware. Uninstall Kaspersky virus removal tool and MalwareBytes Anti Malware (MBAM). We recommend that you keep Zemana (to periodically scan your computer for new malware). Probably you are running an older version of Java or Adobe Flash Player. This can be a security risk, so download and install the latest version right now.
If you are still having problems while trying to remove .Combo ransomware virus from your computer, then ask for help here.