How to Get Rid of R980 Ransomware Completely

Posted by John Larkin - August 3, 2016

R980 Ransomware Virus is Dangerous

If R980 has penetrated into your computer system, what can really be sure is that your files are encrypted. There are two ways to recognize this ransomware. Firstly, when you open an encrypted file, you can see the encryption prompt with its logo. Secondly, when the encryption is completed, it shows you a message about how to recover your files. Of course you are asked to pay some money. That is the real purpose of the cyber criminals who developed R980.

R980-ransomware
According to the research, though some computer users are fast enough to notice the infection process, they still cannot stop the encryption. This is a tricky ransomware which is able to modify the master boot record (MBR). Therefore, it will start every time you start the computer, so you have to be careful when you use the infected computer system. There is no doubt that you should not let R980 stay in your system and you must do something to get rid of it. In order to protect your computer, it is important to know that it is actually spread through spam emails. Cyber criminals put it in the attachments or links of the spam emails. Anyway, one thing is certain: If you want to use your computer, you should remove R980.

Guide to Remove R980 Ransomware Virus

Step 1: End the Malicious Processes
Step 2: Show Hidden Files in the System
Step 3: Find out Malicious Files and Remove Them
Step 4: Decrypt Encrypted Files


Step 1: End malicious process via Windows Task Manager

1. Right click on the Task bar and select Start Task Manager (click Task Manager for Windows 8, 8.1 and 10).
Taskbar-Start-Task-Manager

2. In Processes tab, find out the processes of R980 ransomware virus and right click on it. (For Windows 8, 8.1 10 users, click Details tab). Usually, their processes are named randomly. After that, select Open File Location.
open-file-location

3. Go back to Task Manager and click End Process button (For Windows 8, 8.1 and 10 users, click End task). After that, delete all suspicious files in the folder.
End-Process


Step 2: Show hidden files and folders

For Windows Vista and 7 users,

1. Click Start button to open Start Menu.

2. Open Control Panel and click Appearance and Personalization.
Control-Panel

3. Click Folder Options.
folder-option

4. In the View tab, click Show hidden files, folders and drives and click OK.
show all hidden files

For Windows 8, 8.1 and 10 users,

1. Open any folder in your computer.

2. Click View tab and then tick Hidden items to show all hidden files.
hidden-items-windows-8


Step 3: Locate the files of R980 and remove them

1. Hit Win and R keys on the keyboard to open Run box.
keyboard-windows-r

2. Type regedit and click OK.

3. Navigate to the location as below and remove the file displayed [RANDOM]

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun

4. Run this malware detect tool to find out malicious files in the system and delete them completely so that R980 ransomware virus will not come back again.


Step 4: Restore the system data from a recent backup to decrypt encrypted files

You can try the following recovery methods, but we cannot promise that they will help you recover your files, as R980 ransomware virus uses AES-265 and RSA encryption method.

Method 1: Use System Restore.

1. Press Ctrl+Shift+Esc keys simultaneously to open Task Manager.

2. At the top left corner, click File and then click New task (Run…).
file-new-task-windows-7

3. Type in rstrui in the box and click OK.
open-rstrui

4. Click Next.
system-restore-start

5. Select the restore point and click Next button.
select-restore-point

6. Click Finish button to confirm your restore point.
confirm-restore-point

7. Click Yes once you decide to restore your system.
last-confirm

Method 2: Use Shadow Volume Copies.

Shadow Copy (also referred as Volume Snapshot Service) is a technology in Windows that automatically backup copies or snapshots of computer files or volumes, even when they are being used. To recover your files, you can use Shadow Explorer that is for free.

1. Download Shadow Explorer from its official website and run it.
2. Select the drive and date of the backup files.
3. Right click the file or folder and click Export to save it.
shadow-explorer-export-file



The Previous:
The Next:

Leave a Reply



 



Our Users Are Saying:

"My laptop was so slow and got random blue screen error. I didn't know whom to turn to until I came across doofix. The agent Mike connected to my laptop and helped me change many settings of my system. I've never thought it's so easy to get things fixed. Now my laptop runs quite fast. Thanks for your great service!" ---Frank H, US