Bad Rabbit Ransomware Virus Removal (+File Recovery) Nov. 2018 Update

This page aims to help you remove Bad Rabbit Ransomware Virus for free. Our instructions also cover how any Bad Rabbit file can be recovered.

Yet another dangerous Ransomware virus that goes under the name of Bad Rabbit has recently been reported and we are here to give you some basic and essential information about the new piece of malware so that you can protect your PC against it. This is believed to be a new variant of the Petya ransomware. We can also offer our readers a guide aimed at helping with the removal of the nasty virus so go ahead and take a look at it once you finish reading here. The guide manual is at the bottom of the present article.

bad rabbit ransomware

bad rabbit ransomware

What is Ransomware?

A Ransomware is a virus that is used to extort money from its victims by locking their files or their whole PC and demanding a ransom payment. Bad Rabbit, in particular, is what is known as a Ransomware cryptovirus, which means that it uses encryption to block your access to the targeted user files. As the encryption is finished, the owner of the locked data is told that they would have to make a ransom payment to the attacker if they want to regain access to the inaccessible data. In most cases, the victim is notified about the requested ransom via a pop-up message displayed on their screen or through a notepad generated on their desktop within there are also instructions on how to transfer the money.

How do cryptoviruses operate?

It is important for you to have a basic idea of how Bad Rabbit actually functions, which is why we will elaborate upon this topic in the current paragraph. The first thing that happens when the Ransomware lands on your machine and becomes active is it scans your hard drives and targets all files from a predetermined list of file formats. Once the malware has localized each file that belongs to the list of file types, it goes on to make encrypted copies of the targeted data. After each copy is made, the original file are deleted from the user’s system which leaves the hacker’s victim with only the locked copies. The idea is that the user would receive the code to unlock those copies (which are identical to the originals) as long as they pay the demanded ransom.

Note: Here, it is important to note that paying the money does not guarantee the retrieval of the data – after all, you’d be dealing with anonymous criminals that you can certainly not trust whatsoever.

Bad Rabbit Ransomware Virus Removal



Restoring basic Windows functionality
Before you are able to remove the Bad Rabbit ransomware virus from your computer you need to be able to access it in the first place. Since the ransomware will prevent Windows from booting itself your first job is to repair the Master Boot Records (MBR) of your drive.
To do that you’ll need your original Windows OS DVD (or an USB bootable drive for advanced users)
  1. Insert the DVD (or the USB) into the computer, then run the computer and choose to boot the OS from the DVD/USB. You may have to change Windows boot priorities from the bios by pressing Del
  2. When Windows boots from the DVD/USB select Windows Repair
  3. Open the Command Prompt and write the following commands inside:     enter: bootrec / fixmbr, bootrec / fixboot and bootrec / rebuildbcd
  4. Your Windows OS should now be able to boot normally. You can proceed with the removal of the virus as usual.




Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Bad Rabbit files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

Ransomware detection

One very big issue that people have with Ransomware cryptoviruses like Bad Rabbit is that those are rather tricky to detect in time. Even though the malware tries to lock the user’s files, the method it uses to do that (encryption) isn’t actually a malicious one. Encryption is a commonly utilized data-protection technique and a lot of legitimate programs use it – due to this, a lot of antivirus programs might fail to spot the virus making it possible for the Ransomware to operate without getting detected whatsoever. Additionally, the potential symptoms that such a virus might trigger aren’t many and are in many instances very subtle and unnoticeable. For example, during the encryption your PC might start to use unusually high amounts of RAM and CPU as well as free hard disk space, but if the machine is more powerful, those would be rather difficult to spot as they won’t lead to a significant productivity slow-down.


One other important aspect related to Ransomware like Bad Rabbit is that the attackers who use it normally demand that the ransom is transferred in Bitcoins. This makes it pretty much impossible to trace the transaction as the Bitcoin currency us known for being practically untraceable. Bear that in mind if you contemplate making the payment – once you send the money, there’s pretty much no chance that you’d ever get them back regardless of whether you are sent the decryption key or not. Due to this, it is advisable to try any other options that you might have before going for the ransom. As we mentioned in the beginning of the article, there’s a guide below which might help you deal with a potential Ransomware threat. Bear in mind, though, that the success of the guide is not guaranteed for each instance of an attack by Bad Rabbit.

Prevention tips

The most crucial thing one needs to bear in mind when trying to improve the overall security of their system is what their regular online activities and habits are. Avoiding shady websites and learning to tell the difference between web spam and legitimate content is key to making your PC safer. Another thing that can greatly help against Ransomware in particular is file backups – a backup will keep your files safe and even if Ransomware attacks, you will still be able to access your valuable data through the backup device/location. Lastly, do not ignore the importance of having a good and fully updated antivirus program in order to stop other threats such as Trojans, which could be (and often are) used as backdoors for Ransomware.



Name Bad Rabbit
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Increase in the used RAM, CPU and hard-disk storage space, potential PC slow and overall unusual system behavior.
Distribution Method Ransomware hackers tend to use malvertising, spam Internet messages and illegal websites as their go-to distribution methods.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    • These IP’s are not supposed to be in the Hosts file in your computer so you should delete them from there and then save the changes. After doing so, proceed with the rest of the guide.


Leave a Comment