How to remove Diablo6 virus and restore encrypted files

On August 9, the Racco24 virus researcher discovered a new version of the Locky virus, which is now distributed under the name Diablo6. In this article, we will tell you more about this virus, but we should start from the very beginning.

Diablo6 ransomware virus

The Locky virus a year ago became the biggest threat on the Internet, thanks to a massive campaign to spread it, a complex structure, frequent updates and other factors. As a result, scammers, according to various estimates, earned from several tens to several hundreds of thousands of dollars, and safely exchanged them from BTC to the real money several months ago, using special services in the Bitcoin system, which makes it possible to hide the transaction recipient. It is worth noting that files encrypted with the Locky virus can not be decrypted even now. The spread of the virus was suspended, apparently by the scammers themselves, for unknown reasons, but no later than yesterday a new version of the virus was discovered. So far, it cannot be said whether a full return of the virus will occur, or it is just a one-off action, but so far the distribution of the Diablo6 version is very active.

Diablo6 ransomware virus

The virus gets on users' computers with the help of a proven scheme - fake e-mails. Now scammers have changed their tactics, and do not try to guess at the right user at random. In their previous companies, the letters contained messages that implied that the attached file was the requested report, or a bill for services or goods. Now scammers do not try to guess, and the message reads "Files attached. Thanks." This means that the letter is likely to be opened by any user who conducts business correspondence, and expects any files. This makes the old method even simpler and more dangerous. Opening such a letter, you will see a ZIP file that contains a VBS script that initiates the download of the virus. The virus is automatically downloaded to the %Temp% folder and installed on the computer. Further all goes under the standard scheme: scanning of the computer and file encryption. Encrypted files get the extension .diablo6 and their name changes to a random combination of numbers and letters. The repurchase amount is 0.49 BTC or approximately $ 1600.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab

Startup

Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

 

Antivirus scanner

Why we recommend SpyHunter antimalware as removal tool

Removes virus fully: all files and even registry keys of malware will be deleted

Protects your system in the future

24/7 free support team

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you performed all actions, described in previous paragraph - it's time to restore the files. In fact, this is not literally decryption, since the encryption manners owned by fraudsters are too complicated. Generally, to recover the data, you should ask for support on anti-malware communities or from famous virus fighters and antivirus program vendors. If you picked the by-hand data restore - read this item, which describes all the safest manners.

To restore information, follow the article about files decryption.

Add comment

Security code
Refresh

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.