Home » Trojans » Melme@india.com Ransomware

Melme@india.com Ransomware Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 679
Category: Trojans

If you think that your computer cannot become infected with malware, then think again because Melme@india.com Ransomware can silently enter it when you open files attached to fake emails. Once on your computer, it will encrypt all of your personal files and offer you to purchase a decryptor. However, we urge you not to comply with its demands and remove it using an antimalware tool or the manual removal guide provided at the end of this article. From the outset, we want to inform you that once this ransomware has infected your PC and encrypted your files, you can decrypt them using its unique decryption key only, so third-party decryption tools, at least currently, are useless.

Melme@india.com Ransomware is by no means a unique application as it has dozens of clones that include ransomware such as Last_centurion@aol.com Ransomware, Cyber_baba2@aol.com Ransomware, and Malevich Ransomware. Therefore, this newest iteration of the base ransomware has nothing new to offer. As far as its distribution methods are concerned, this program is distributed in much the same way as its predecessors that are still on the loose we might add. So, according to our research, Melme@india.com Ransomware is disseminated using malicious emails that feature attached files Windows Script Files that, once opened, are executed by Windows Script Host. As a result, this ransomware’s executable will be dropped in one of the several predetermined directories that include, without limitation, %ALLUSERSPROFILE%\Start Menu\Programs\Startup and %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. Therefore, if your computer is not protected by an antimalware program, then this malicious application can secretly enter it and encrypt your files.

Like its predecessors, Melme@india.com Ransomware uses the RSA-2048 encryption key to encrypt almost all of the files on a computer’s hard drive. However, it will exclude several locations that include %Windows%, %System32%, %AppData%, and %Temp% because they contain files of the operating system and other files that are crucial for it to run properly. You can tell whether a file has been encrypted by looking at its file name that should look like similar to .id-B4500913.{Melme@india.com}.xtbl. The ID number at the beginning is different for each user, but the featured email address and file extension do not change.

While encrypting the files, this ransomware will drop two additional non-malicious files. The first one is placed on the desktop and is named Decryption instructions.txt. It is a simple text file that features text that reads “All of your files are encrypted, to decrypt them write me to email: Melme@india.com. In the case of no answer in 24 hours, write to Melme@india.com.” So it does not say anything about paying any money, but if you contact the cyber criminals via this email address, then, rest assured, they will ask you to make a transaction of 3 or more Bitcoins to their Bitcoin wallet. Needless, to say, that sum of money that may be demanded of you is pretty large, so your files may not be worth this kind of money. The other file is called how to decrypt your files.jpg, and it is placed in C:\Users\{user name}. It is an image file that is set as your computer’s desktop wallpaper, and it features text written in broken English. Again, the text makes reference to Melme@india.com.

We want to stress that paying the ransom is risky because the criminals might not keep their word and deliver you the decryption tool needed to decrypt your files. Again, your files may not be worth the hefty ransom that you are expected to pay. Therefore, you should consider removing this malicious program instead of paying the ransom. You can delete all of its files manually but since its executable in named randomly you may have a hard time identifying it. Therefore, we suggest using SpyHunter because it is entirely capable of dealing with Melme@india.com Ransomware.

  1. Press Windows+E keys.
  2. Enter each of the following addresses in the address bar.
    • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
    • %WINDIR%\Syswow64
    • %WINDIR%\System32
  3. Identify and delete the randomly named executable.
  4. Go to C:\Users\{user name} and delete C:\Users\user\how to decrypt your files.jpg
  5. Delete Decryption instructions.txt from the desktop.
  6. Close the window.
  7. Press Windows+R keys.
  8. Type regedit in the box and click OK.
  9. Go to HKCU\Control Panel\Desktop
  10. Find the string named Wallpaper, right-click it and click Modify.
  11. Erase C:\Users\{user name}\how to decrypt your files.jpg and click OK.
  12. Go to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers
  13. Delete the string named BackgroundHistoryPath0
  14. Then, go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  15. Find and delete the randomly named string set to launch the executable on system startup
Download Remover for Melme@india.com Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Melme@india.com Ransomware Screenshots:

Melme@india.com Ransomware

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *