Remove Malware Virus > Ransomware > Best Way To Delete Curumim Ransomware From Contaminated PCs

Best Way To Delete Curumim Ransomware From Contaminated PCs

November 10, 2017

Ransomware

, , , ,

Technical Description on Curumim Ransomware

 

Malware researchers had revealed a new file-encoder virus named Curumim Ransomware on November 4th, 2017. It appears to be a customized build of an open-source ransomware project identified as HiddenTear platform discovered back in year 2015 by Utku Sen. Cyber extortionists responsible for this vicious attack have used the code of HiddenTear project in order to develop a nasty file-encrypting virus which is especially programmed to target the computer users located in Portugal. Report from the infected users from Brazil suggest that the malware may be a creation of a localized campaign. Besides, Curumim Ransomware uses an open-source code in order to encode the data stored on affected machine and suggest the victim's to write an email to '[email protected]' and asks con artists for the help with the recovery of their enciphered files.

Curumim Ransomware

Once the ransomware encrypts the file stored on the contaminated machine, it appends the enciphered file name with '.curumim' extension. Furthermore, the file extension used by the operators of this malware appears to translate from Brazilian Portuguese language to English as 'Young Indian'. In the ransom note displayed by Curumim Ransomware, you can find an image of a tribesman which is placed on the desktop of an affected system. According to the cyber security experts, it has the ability to alter the computer's desktop background image with a black screen consists a text colored in red on top and also the depiction of a small boy with the origin of South America. This wallpaper is used by the ransomware threat in order to inform the compromised system users on why their PC files cannot be read and appended with an unknown file extension '.curumim'.

What to do after Curumim Ransomware attack?

The ransom note displayed by this malware in the affected system's desktop appears in Portuguese language. Unluckily, the Curumim Ransomware uses secure cryptographic algorithm in order to encode the files and it is nearly impossible to decrypt the data. Therefore, it is important you to keep an eye online to see if the security investigators released the decryption key. In such circumstances, you should avoid writing an email to the cyber hackers responsible for this dangerous attack, because they will a hefty sum of ransom money that can be more than 600 BR (Brazilian Real) to provide the decryption key. However, the restoration of enciphered files is not guaranteed and hackers may not provide the exact decryption tool which is needed for file decryption. Hence, it would be better for you to delete Curumim Ransomware from your PC as soon as possible to avoid any kind of damages.

Free Scan your Windows PC to detect Curumim Ransomware

rmv-notice

Remove Curumim Ransomware From Your PC

Step 1: Remove Curumim Ransomware in Safe Mode with Command Prompt

  • First of all disconnect your PC with network connection.
  • Click restart button and keep pressing F8 key regularly while system restart.

F8-keyboard

 
  • You will see “Windows Advanced Options Menu” on your computer screen.

Windows Advanced Options Menu

  • Select “Safe Mode with Command Prompt” and press Enter key.

safe mode with command promt

  • You must login your computer with Administrator account for full privilege.

daver

  • Once the Command Prompt appears then type rstrui.exe and press Enter

picture6

  • Now follow the prompts on your screen to complete system restore.

Step 2: Remove Curumim Ransomware using MSConfig in Safe Mode:

  • Power off your computer and restart again.
  • While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.

F8-keyboard

  • Use the arrow keys to select “Safe Mode” option and press Enter key.

Safe mode

  • Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.

msconfig01

  • Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

  • Disable all the malicious entries and save the changes.
  • Now restart your computer normally.

Step 3 : Kill Malicious Process Related To Curumim Ransomware

  • Press Alt+Ctrl+Del buttons together.

ctrl+alt+del

  • It will open the Task manager on your screen.
  • Go to Process Tab and find Curumim Ransomware related process.
  • Click the End Process Now button to stop the running process.

Step 4 : Remove Curumim Ransomware Virus From Registry Entry

  • Press “Windows + R” key together to open Run Box.

Win+R

  • Type “regedit” and click OK button.

Type-regedit-to-open-registry

  • Find and remove Curumim Ransomware related entries.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Now hopefully you have completely removed the Curumim Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.

Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the Curumim Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.

freescan1

If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.

footer-1

Related Posts

Skip to toolbar