What is Dharma ransomware

The researchers of computer viruses around the world agree that ransomware is the most dangerous form of the virus. Viruses of this type are capable of inflicting enormous damage in a short time, and are particularly dangerous if the owner of the infected computer doesn’t do backups. In recent years, the situation with ransomware is becoming worse and worse, and it may justly be called an epidemic. Hackers understand that viruses, using RSA and AES encryption algorithms are a gold mine, as users simply cannot decrypt the encrypted files as long as the virus code will be broken (and this might not even happen, as we see on example of Cerber and Locky viruses). So now the hackers do mass production of low quality ransomware, which infects users' computers, and is proficient only because the experienced malware fighters don’t have enough time to crack them all.

Our today’s object - Dharma ransomware can be considered a low-cost and low-quality virus. This virus uses the standard model of behavior for the ransomware: penetrates to the computer via spam e-mail, installs in the system and in "autorun" folder, and starts to work after you restart the computer. Once the user restarts the computer, the virus starts to encrypt the data, and sets the extension [This email address is being protected from spambots. You need JavaScript enabled to view it.] .dharma, where xxx is changed periodically (we’ve already seen “bitcoin143” and “worm01” prefixes) for encrypted files. It also uses .dharma, .wallet and .xtbl extensions. The virus was created on the principle of saving money and does not have anything extra. Obviously, it does not show the user a ransom message, and does not have a website to demonstrate the decryption capabilities. Hackers are giving all necessary info when the victim contacts them by e-mail.

How to remove Dharma ransomware

We still do not have data on who developed the Dharma virus, and had we encountered earlier with the creations of these developers, but the virus samples have already been obtained, and they are examined by experts. On this page we will reflect all further changes in situation with this virus, and so far the best choice for you would be the immediate removal of Dharma from your PC. Under this paragraph, you will find detailed instructions on how to remove the Dharma.

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

How to restore files

There are few ways to decrypt files without paying a ransom, but the might not work, because the only safe and 100% effective method is to load a previously saved backup. More info on this topic can be found in an extended article about how to restore files corrupted by ransomware.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.