• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Virus › .Darus file extension ransomware virus (Restore, Decrypt .darus files)

.Darus file extension ransomware virus (Restore, Decrypt .darus files)

Myantispyware team July 22, 2019     No Comment    

A ransomware called Darus file virus is another development of cybercriminals. The principle of its functioning and the method of distribution is the same as in the case of the Tocue, Gusau, Madek, the only difference is the .darus extension added to the documents, photos and music that are infected with it.

Files encrypted by Darus ransomware virus

Files encrypted by Darus ransomware virus

Getting to the user’s PC system, the Darus ransomware virus starts searching for files in all folders and recursively, and after their detection, encrypts each of them using complex ciphered combination that completely blocks them and leads to their dysfunction. This crypto virus is capable of blocking various files such as documents, photos, archives, drawings, video materials, database and web application-related files, as well as its destructive effects can be subjected to backups. Darus file virus encrypts almost of files, including common as:

.odm, .tax, .rtf, .vtf, .docm, .xar, .csv, .wpl, .pptx, .kdb, .mdbackup, .dwg, .p7b, .webp, .xxx, .js, .ysp, .zw, .3dm, .pfx, .wp, .3ds, .jpg, .y, .asset, .rwl, .yml, .gho, .pptm, .dbf, .itdb, .wp7, .sav, .lvl, .0, .pem, .x, .png, .itm, .sidn, .2bp, .fpk, .x3d, .ybk, .wav, .wpb, .py, .ltx, .pkpass, .wri, .odb, .avi, .vpk, .srf, .big, .layout, .1, .hvpl, .xlsx, .ptx, .x3f, .orf, .nrw, .wsh, .sr2, .bay, .wbc, .xlsm, .crt, .cfr, .sid, .mdb, .wgz, .p12, .wdp, .qic, .wbmp, .odt, .wps, .raf, .wdb, .rw2, .wm, .wsc, .ods, .yal, .xyp, .wma, .mrwref, .7z, .pdd, .odc, .kdc, .accdb, .t13, .wpe, .eps, .pst, .wpt, .zif, .bkf, .kf, .snx, .gdb, .wsd, .iwd, .raw, .xmmap, .rofl, .fsh, .sb, .jpe, .wot, .ff, .fos, .ibank, .dba, .svg, .wmf, .ai, .bik, .xwp, .mp4, .pef, .wpd, .rim, .dcr, .apk, .qdf, .xx, .mlx, .dxg, .hkdb, .dmp, .xlk, .x3f, .odp, .wps, .xmind, .litemod, .sum, .xf, .xls, .forge, .wpa, .desc, .css, .wmo, .xll, .vcf, .xld, .zdc, .xls, .wp4, .vfs0, .mpqge, .sidd, .wmv, .slm, .arw, .wbm, .psk, .r3d, .xbplate, .wcf, .cas, .xpm, .bc7, .t12, .hkx, .xdl, .wpg, .cr2, .cdr, .sie, .wb2, .wmv, .rgss3a, .zip, .xlgc, wallet, .bar, .cer, .xml, .zdb, .psd, .z3d, .1st, .map, .ws, .d3dbsp, .rb, .vdf, .doc, .pdf, .wpw, .dazip, .lrf, .wire, .txt, .xlsx, .bsa, .iwi, .flv, .ppt, .mcmeta, .upk, .wpd, .rar, .zi, .esm, .bkp, .wmd, .wbd, .jpeg, .icxs, .blob, .indd, .wma, .sis, .epk, .srw, .xlsm, .wp6, .docx, .z, .der, .xbdoc, .zip, .pak, .itl, .zabw, .xyw, .webdoc, .m4a, .sql, .wp5, .syncdb, .hplg, .dng

All locked files become useless and get the .darus extension and each directory containing the encrypted files contains a ransom instructions informing the user about the presence of ransomware virus in the computer and its destructive impact on the target files. The cyber criminals inform each user that he has the ability to recover encrypted files only paying a ransom. After transferring the specified amount to cyber criminals, the victim will receive a private key from them, which will allow to decrypt files affected by the Darus ransomware virus. If the money for the purchase of a key for decrypting files will be transferred to the cyber criminals within 72 hours, they are ready to give the victim a discount of 50%.

Darus ransom note

Darus virus – ransom note


 

Threat Summary

Name Darus file virus
Type Filecoder, File locker, Ransomware, Crypto virus, Crypto malware
Encrypted files extension .darus
Ransom note _readme.txt
Contact gorentos@bitmessage.ch, gorentos2@firemail.cc
Ransom amount $490, $980 in Bitcoins
Symptoms Unable to open personal files. All of your personal files have a odd file extension appended to the filenames. Your file directories contain a ‘ransom note’ file that is usually a .html, .jpg or .txt file. Ransom note with cybercriminal’s ransom demand and instructions.
Distribution ways Malicious email attachments. Malicious downloads that happen without a user’s knowledge when they visit a compromised web-page. Social media posts (they can be used to entice users to download malware with a built-in ransomware downloader or click a suspicious link). Flash Drives containing malware.
Removal To remove Darus ransomware use the removal guide
Decryption To decrypt Darus ransomware use the steps

 

We suggest you to remove Darus file virus without a wait, until the presence of the ransomware has not led to even worse consequences. You need to follow the steps below that will help you to completely remove Darus from your computer as well as restore (decrypt) encrypted files, using only few free utilities.

Quick links

  1. How to remove Darus ransomware
  2. How to decrypt .darus files
  3. Darus decryption tool

How to remove Darus file virus

There are not many good free antimalware applications with high detection ratio. The effectiveness of malicious software removal tools depends on various factors, mostly on how often their virus/malware signatures DB are updated in order to effectively detect modern worms, trojans, ransomware and other malware. We suggest to run several applications, not just one. These programs that listed below will allow you remove all components of the Darus ransomware from your disk and Windows registry.



How to remove Darus ransomware virus with Zemana Free

Zemana Anti Malware can scan for all kinds of malicious software, including ransomware, as well as a variety of Trojans, viruses and rootkits. After the detection of the Darus ransomware, you can easily and quickly remove it.

  1. Visit the following page to download the latest version of Zemana for MS Windows. Save it to your Desktop.
    Zemana AntiMalware
    Zemana AntiMalware
    120023 downloads
    Author: Zemana Ltd
    Category: Security tools
    Update: July 16, 2019
  2. Once you have downloaded the installation file, make sure to double click on the Zemana.AntiMalware.Setup. This would start the Zemana setup on your machine.
  3. Select installation language and click ‘OK’ button.
  4. On the next screen ‘Setup Wizard’ simply click the ‘Next’ button and follow the prompts.
    Zemana SetupWizard
  5. Finally, once the setup is finished, Zemana Free will open automatically. Else, if does not then double-click on the Zemana icon on your desktop.
  6. Now that you have successfully install Zemana, let’s see How to use Zemana Free to uninstall Darus virus from your computer.
  7. After you have started the Zemana, you’ll see a window as displayed on the image below, just press ‘Scan’ button . Zemana Free program will scan through the whole computer for the crypto virus.
  8. Now pay attention to the screen while Zemana scans your computer.
    Zemana AntiMalware (ZAM) scan for Darus ransomware virus, other malware, worms and trojans
  9. When the system scan is finished, Zemana Anti-Malware (ZAM) will create a list of unwanted applications and ransomware viruses. Once you’ve selected what you wish to delete from your computer press ‘Next’ button.
    Zemana Free scan is finished
  10. Zemana may require a reboot system in order to complete the Darus ransomware removal process.
  11. If you want to fully delete ransomware from your personal computer, then press ‘Quarantine’ icon, select all malicious software, adware software, PUPs and other threats and click Delete.
  12. Restart your machine to complete the ransomware removal process.

Delete Darus with MalwareBytes Anti-Malware (MBAM)

You can uninstall Darus ransomware virus automatically with a help of MalwareBytes Free. We recommend this free malware removal utility because it may easily uninstall crypto malware, adware, malware and other undesired apps with all their components such as files, folders and registry entries.

Click the link below to download MalwareBytes Anti-Malware. Save it on your Desktop.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
298433 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

When the download is done, close all windows on your PC system. Further, launch the file called mb3-setup. If the “User Account Control” prompt pops up like below, press the “Yes” button.

MalwareBytes Free for Windows uac prompt

It will display the “Setup wizard” that will assist you install MalwareBytes on the computer. Follow the prompts and do not make any changes to default settings.

MalwareBytes Anti Malware for MS Windows install wizard

Once installation is finished successfully, click Finish button. Then MalwareBytes will automatically launch and you can see its main window as displayed on the screen below.

MalwareBytes Free for Microsoft Windows

Next, click the “Scan Now” button to begin checking your machine for the Darus crypto virus related files, folders and registry keys. This process may take some time, so please be patient. While the utility is checking, you may see count of objects and files has already scanned.

MalwareBytes AntiMalware (MBAM) for Microsoft Windows detect Darus ransomware virus, other malicious software, worms and trojans

When the scanning is done, a list of all items found is prepared. All found threats will be marked. You can remove them all by simply press “Quarantine Selected” button.

MalwareBytes Anti-Malware for Microsoft Windows, scan for crypto malware is complete

The MalwareBytes AntiMalware (MBAM) will delete Darus crypto malware related files, folders and registry keys and move items to the program’s quarantine. When the task is done, you can be prompted to reboot your computer. We advise you look at the following video, which completely explains the procedure of using the MalwareBytes AntiMalware (MBAM) to delete browser hijacker infections, adware and other malicious software.

Remove Darus ransomware with KVRT

KVRT is a free portable program that scans your computer for adware, PUPs and crypto viruss like Darus and helps remove them easily. Moreover, it will also allow you uninstall any harmful web-browser extensions and add-ons.

Download Kaspersky virus removal tool (KVRT) from the following link.

Kaspersky virus removal tool
Kaspersky virus removal tool
95497 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

Once the downloading process is complete, double-click on the Kaspersky virus removal tool icon. Once initialization process is complete, you’ll see the KVRT screen as shown in the figure below.

Kaspersky virus removal tool main window

Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next click Start scan button . KVRT tool will start scanning the whole personal computer to find out Darus crypto virus and other malicious software.

Kaspersky virus removal tool scanning

As the scanning ends, KVRT will show a list of detected threats as shown on the image below.

Kaspersky virus removal tool scan report

All detected threats will be marked. You can delete them all by simply click on Continue to begin a cleaning process.

How to decrypt .darus files

To date, there is no other method to restore the encrypted files, but only to pay the money to cybercriminals. Developers of free Darus decryption utilities which can unlock these files are working on creating them, but the result is not yet, and it is not known when it will be.

Should you pay the ransom

Never pay the ransom! However, the victim who will pay the money to developers of the Darus crypto malware cannot be completely sure of obtaining a special code key, because he is dealing with unscrupulous and dishonest people who are ready to commit any immoral actions, including hiding after receiving the money from the victim, and not providing a decryption tool (key) to decrypt encrypted photos, documents and music.

Files encrypted by Darus ransomware virus

Files encrypted by Darus ransomware virus

Of course, it can not be considered that the only correct method out of the situation when your machine is affected with Darus ransomware, will be the payment of ransom, as this only leads to the prosperity of illegal actions of fraudsters. The smart thing to do is to try to recover the locked files from the backup or wait for the release of the Darus decryption tool to decrypt them. You can also try to unlock photos, documents and music using free programs listed below.

Darus decryption tool

With some variants of Darus ransomware, it is possible to decrypt encrypted files using free tools listed below.




Michael Gillespie (@) released the Tocue decryption tool named STOPDecrypter. It can decrypt .Darus files if they were locked by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.

STOPDecrypter

Darus decryption tool

STOPDecrypter is a program that can be used for Darus files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .Darus files using this free tool.

  1. Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
    download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  2. After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
  3. Further, select ‘Extract all’ and follow the prompts.
  4. Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.

If STOPDecrypter does not help you to decrypt .Darus files, in some cases, you have a chance to restore your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given here.

 

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Virus

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Spleasedon.fun
How to remove Spleasedon.fun pop-ups (Virus removal guide)
Important Defender update available SCAM
Important Defender update available POP-UP SCAM (Virus removal guide)
unwanted ads
How to uninstall SearchForWords app/extension from Mac (Virus removal guide)
Bengekoo.com
How to remove Bengekoo.com pop-ups (Virus removal guide)
Firewall Spyware Alert SCAM
Firewall Spyware Alert POP-UP SCAM (Virus removal guide)

Follow Us

Search

Useful Guides

remove chrome extension
How to remove Chrome extensions installed by enterprise policy
remove android virus
How to remove virus from Android phone
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)

Recent Posts

Files encrypted by .tocue ransomware virus
.Tocue file extension ransomware virus (Restore, Decrypt .tocue files)
Yeskapchabest.info
How to remove Yeskapchabest.info pop-ups [Chrome, Firefox, IE, Edge]
15Z4Y1q5QufvFPvRBKhwVhQyFTLwEQ5f4J Bitcoin email scam
15Z4Y1q5QufvFPvRBKhwVhQyFTLwEQ5f4J Bitcoin email scam
My Email Fast
How to remove My Email Fast [Chrome, Firefox, IE, Edge]
Search.hmyemailfast.net
How to remove Search.hmyemailfast.net [Chrome, Firefox, IE, Edge]

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.