Delete GandCrab v5.2 Ransomware from Windows 10

Warning, many anti-virus scanner have detected GandCrab v5.2 Ransomware as threat to your computer
GandCrab v5.2 Ransomware is flagged by these Anti Virus Scanner
Anti Virus Software Version Detection
Microsoft 2018.0.5113 Generic
GData 4.6.115641 Trj.Win32.GandCrab v5.2 Ransomware.CB
Sophos AV 5.845249 Variant of Win32/Trojan.GandCrab v5.2 Ransomware.A
Sucuri SiteCheck 7.0.155 WinTools,
Suggestion: Uninstall GandCrab v5.2 Ransomware Completely – Free Download

GandCrab v5.2 Ransomware may have entered your pc through these software. If you have not installed them , then get rid of them bfgminer for OS X 3.10.0 , Tablatures 2.18 , CoffeeCup Menu Builder , RapidAlbum 1.3 , Wo ist der Eismann? 1.0 , iuPro 3.0.4 , INtex Cassa vX 2.1.4 , Peek and Drag 1.00 e , GrabIt 4.9 , Plane Finder AR 1.1 , Cave Fox 2001 1.1.2 , A Better Finder Creators & Types 3.2.6 , Aiseesoft DVD Audio Ripper , Classic Qong Arcade (Pong) 1.9.1 , LSQL 2.5.10 , djoPlayer 3.5.1 , FontForge 20130718 , GOM Player 1.0


GandCrab v5.2 Ransomware

In-Depth Analysis On GandCrab v5.2 Ransomware

GandCrab v5.2 Ransomware is actually part of a hugely popular Ransomware family. As a System user, almost everyone familiar with a fact that this Ransomware family is one of the worst cryptovirus that keep design, code and interface too much close to original malware. It has list with 126 file extension that lock users stored files. This Ransomware keep appearing on radar of the malware researchers.

Like the predecessor, GandCrab v5.2 Ransomware also enters inside the Windows PC secretly using several tricky and deceptive ways but mainly spread via spam emails. System users often tricked by the logos of trusted companies and promises of the easy money through money transfer services. The payload of such a ransomware is often located at the hacked or compromised site and macro-enabled document.

Once GandCrab v5.2 Ransomware gets installed it started the file encryption procedure immediately. This ransomware is capable to lock users all generated content such as audio or video clips, documents, databases, texts, PDFs, spreadsheets, presentations and many more. The locked files of this ransomware can be notified easily because it uses an extension. After performing the successful encryption procedure, its developers throws a ransom alert as an HTA application window.

HTA application window includes information about the encryption procedure of GandCrab v5.2 Ransomware. It mentioned that files are locked using AES-256 file encryption algorithm and the decryption of file is only possible by paying US dollars in Bitcoin. But team of security analysts are strictly warned victims to no do so because ransom note is just only a tricky way used to trick more and more System users just only for financial purposes. Therefore, team of security analysts are highly advised victims to get rid of GandCrab v5.2 Ransomware instead of paying the ransom demanded fee.

Remove GandCrab v5.2 Ransomware From Your PC

Step 1: Remove GandCrab v5.2 Ransomware in Safe Mode with Command Prompt

  • First of all disconnect your PC with network connection.
  • Click restart button and keep pressing F8 key regularly while system restart.


  • You will see “Windows Advanced Options Menu” on your computer screen.

Windows Advanced Options Menu

  • Select “Safe Mode with Command Prompt” and press Enter key.

safe mode with command promt

  • You must login your computer with Administrator account for full privilege.


  • Once the Command Prompt appears then type rstrui.exe and press Enter


  • Now follow the prompts on your screen to complete system restore.

Step 2: Remove GandCrab v5.2 Ransomware using MSConfig in Safe Mode:

  • Power off your computer and restart again.
  • While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.


  • Use the arrow keys to select “Safe Mode” option and press Enter key.

Safe mode

  • Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.


  • Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

  • Disable all the malicious entries and save the changes.
  • Now restart your computer normally.

Step 3 : Kill Malicious Process Related To GandCrab v5.2 Ransomware

  • Press Alt+Ctrl+Del buttons together.


  • It will open the Task manager on your screen.
  • Go to Process Tab and find GandCrab v5.2 Ransomware related process.
  • Click the End Process Now button to stop the running process.

Step 4 : Remove GandCrab v5.2 Ransomware Virus From Registry Entry

  • Press “Windows + R” key together to open Run Box.


  • Type “regedit” and click OK button.


  • Find and remove GandCrab v5.2 Ransomware related entries.












Now hopefully you have completely removed the GandCrab v5.2 Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.

Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the GandCrab v5.2 Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.


If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.

Skip to toolbar