RansomNoteCleaner (BETA)

Status
Not open for further replies.

BoraMurdar

Super Moderator
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
From
RansomNoteCleaner - Remove Ransom Notes Left Behind - Ransomware Tech Support and Help
RansomNoteCleaner (beta) is a program I have created to help remove pesky ransom notes left behind by known ransomware variants.

HHs54kc.png


This program is powered by my service ID Ransomware, and thus is always updated with definitions on the latest known ransomwares and their ransom notes. This also allows it to be flexible in detecting the ransom notes, as it uses the exact same data ID Ransomware uses for identifying variants.

When RansomNoteCleaner is first launched, it will contact the website, and pull down the latest information on known ransom notes; this is the only network activity done with the program, and no information about your system is uploaded or stored at all. If you have a network issue with reaching the website, the "Refresh Network" button is available to try again.

Clicking the "Select Ransomware(s)" button allows for selecting the exact variant(s) to clean ransom notes from. This is recommended if you have already identified the ransomware, as it will take much less time to search for the notes.

zlJwFda.png


Once the ransomware variant(s) have been confirmed, you may press the "Search for Ransom Notes" button to select a directory (or whole drive), and start the search for known ransom notes.

m1iU0uX.png


Once the scan has completed, the "Clean!" button will be available. A final window will display all found ransom notes before continuing with deletion. I highly recommend double-checking the file list before confirming the deletion. I am not responsible for loss of data if you confirm this step.



xf2cvJO.png


A full log of deleted ransom notes will be saved to a file "RansomNoteCleaner.log" in the same directory RansomNoteCleaner is run from.

Please note that this program does not decrypt data. It is simply a tool for removing the pesky ransom notes that are littered on the system after a ransomware attack.

Please also note that this program is in beta, and I take no responsibility for data loss. I recommend running it on a test directory before letting it loose on a whole drive. I highly advise reviewing the "Found Ransom Notes" screen before continuing with deleting files. A few false-positives may occur, as some ransomware use general filenames - one example I found, is a certain ransomware uses "README.txt", which can be a common name for a legitimate program's readme file; you can simply unselect these in the confirmation window.

You may download RansomNoteCleaner here: https://download.bleepingcomputer.com/demonslay335/RansomNoteCleaner.zip

Please let me know if you run into any issues, or any recommendations for the program.
smile.png
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top