How to uninstall .Crab virus

What is crab virus

crab virus refers to the GandCrab ransomware. This is file-encrypting malware that has many different versions. This particular version is often referred to as crab virus because it adds the .crab file extension to encrypted files. Once files are encrypted, they cannot be opened until they’re decrypted with a special decryption tool, which cyber criminals will try to sell you. Buying the tool is not recommended because that does not guarantee file decryption. Do not forget that you are dealing with cyber criminals who will not necessarily feel any obligation to help you recover files.

If you find your files encrypted with crab virus and you have no backup, you should be able to use a free GandCrab decryption tool released by malware researchers. You can find it here. Do not forget that you also need to uninstall crab virus. The following section will explain how ransomware could have gotten into your computer and what you can do to avoid it in the future.

Ransomware distribution methods

Ransomware usually infects computers through spam emails. Spam emails are usually fairly obvious but many users still open them. Typically, spam emails carrying ransomware/malware use money-related topics to catch a potential victim’s attention and pressure him/her to open the attachment. The sender may claim to be from FedEx supposedly notifying you about your delivery, your bank warning you about an unusual transaction, or a tax agency claiming you are eligible for a tax refund.

When dealing with such emails, make sure to always check the email address to see if it’s legitimate. You should also scan the attached file with anti-malware software or with a service like VirusTotal.

Updating your Windows and programs is also very important if you want to avoid malware. Certain vulnerabilities may be used to infect a computer with malware so it is critical to patch them with updates.

What does crab virus do?

As soon as the ransomware is able to, it will start encrypting your files. Like most ransomware, it primarily targets pictures, videos and documents. All encrypted files will have the .crab extension added to them. A ransom note will then be displayed. The notes are files CRAB-DECRYPT.txt and KRAB-DECRYPT.txt. The note will explain that your files have been encrypted, and if you want to recover them, you will need to buy the decryption tool. As we’ve mentioned above, paying the ransom is not a good idea. There are no guarantees that you will get your files back as crooks could just take your money and not send you the decryptor. By paying you would also be making ransomware a profitable business for criminals, encouraging them to continue.

Furthermore, since a free decryptor is available, paying the ransom would not make any sense. Use the above linked decryptor to decrypt files encrypted with crab ransomware. And if you did not have backup before, we suggest you invest some money into it. There are various different backups available, depending on what you want. You could use the cloud, or purchase an external hard drive. Whichever option you choose, make sure you regularly backup your files.

crab virus removal

You will need to use anti-malware software to remove crab virus, there’s no way around it. If you try manual crab virus removal, you could end up doing more damage. Instead, use reliable anti-malware software to delete crab virus.

Learn how to remove .Crab virus from your computer

• Step 1. Delete ransomware via anti-malware
• Step 2. Delete .Crab virus using System Restore
• Step 3. Recover your data

Step 1. Delete ransomware via anti-malware

• a) Windows 7/Windows Vista/Windows XP
• b) Windows 8/Windows 10

a) Windows 7/Windows Vista/Windows XP

1. Start menu -> Shut down -> Restart.
2. Press and keep pressing F8 until Advanced Boot Options loads.
3. Select Safe Mode with Networking and press Enter.
4. When your computer boots, download anti-malware software via your browser.
5. Launch the program, scan your computer and delete the infection.

b) Windows 8/Windows 10

1. Press the Windows key on your keyboard and click on the power icon.
2. Select Restart while holding the Shift key.
3. Choose Troubleshoot and then Advanced options.
4. In Advanced options, choose Startup Settings and select Enable Safe mode with Networking (or just Safe Mode).
5. Press Restart.

Step 2. Delete .Crab virus using System Restore

• a) Windows 7/Windows Vista/Windows XP
• b) Windows 8/Windows 10

a) Windows 7/Windows Vista/Windows XP

1. Start menu -> Shut down -> Restart.
2. Press and keep pressing F8 until Advanced Boot Options load.
3. Select Safe Mode with Command Prompt, and press Enter.
4. In Command Prompt, type in cd restore and press Enter.
5. Then type in rstrui.exe and press Enter again.
6. A new window will appear where you will have to choose a restore point. Choose one dating back prior to infection and press Next, and then Finish.

b) Windows 8/Windows 10

1. Press the Windows key on your keyboard and click on the power icon.
2. Select Restart while holding the Shift key.
3. Select Troubleshoot and then Advanced options.
4. In Advanced options, choose Startup Settings and select Enable Safe mode with Command Prompt.
5. In the Command Prompt window that appears, type in cd restore and press Enter.
6. Then type in rstrui.exe and press Enter again.
7. In the window that appears, you will have to select a restore point dating back prior to infection. Select one and press Next, then Finish.

Step 3. Recover your data

• a) Method 1. Data Recovery Pro
• b) Method 2. Windows Previous Versions
• c) Method 3. Shadow Explorer

When your files are encrypted by ransomware, you may be able to recover them. Below, you will find methods that could help you with file decryption. However, bear in mind that file decryption is not guaranteed. These methods are not always reliable, thus the best way to recover files would be via backup. And if you don't already have it, we suggest you invest in it.

a) Method 1. Data Recovery Pro

1. Download the Data Recovery Pro program.
2. Install and run the program.
3. Press Start Scan to see if data can be recovered.
4. If it finds recoverable files, you can restore them.

b) Method 2. Windows Previous Versions

If you had System Restore enabled prior to infection, your files should be recoverable through Windows Previous Versions.

1. Find a file you want to recover and right-click on it.
2. Properties -> Previous Versions.
3. Choose a version from the list and press Restore.

c) Method 3. Shadow Explorer

Some ransomware does not delete automatically created copies of your files, which are known as Shadow Copies. If they were not deleted, you should be able to recover them via Shadow Explorer.

1. Download Shadow Explorer from a reliable source.
2. Install and run the program.
3. Choose a disk that contains encrypted files and if it contains folders with recoverable files, press Export.