Bbbw Virus


Bbbw is a major threat to the files in your computer. Bbbw is able to encrypt your files and then make you pay a ransom for releasing them.

The bbbw ransomware will leave a _readme.txt file with instructions

In the event that you’ve recently turned your computer on just to find a strange message on the screen telling you about locked files, and ransom payments, we are sorry to say that you have probably been infected with Bbbw or variants such as Qqqe, Yoqs.

Security experts have been doing their best to warn the web users about this new addition to the ransomware family, and the methods to protect from it. Nonetheless, if the prevention tips are reaching you too late, we have prepared a removal guide that will lead you through the steps you need to take to remove Bbbw from your system. We have also included instructions that could be effective in restoring the files that the virus has encrypted. But before you move to them, bear with us, as this is one of the most dangerous, and difficult types of malware to manage.

The Bbbw virus

The Bbbw virus is a ransomware that uses encryption to deny its victims’ access to their files. The Bbbw virus is typically deprived of symptoms, so there’s nothing to give its presence away.

The bbbw virus will encrypt your files

There are rare situations, of course, when a noticeably sluggish performance of the system may indicate that the ransomware is running. The concerned users should check their Task Manager for a program that is consuming a lot of CPU or RAM, and if it seems unfamiliar they should shut down their computer immediately, and seek help from a professional.

The Bbbw file encryption

The Bbbw file encryption is the end result of the ransomware’s work. To reverse the Bbbw file encryption, you will need a special key.

Whether you are considering paying the ransom demanded by the hackers behind the malware or not, you should know that there may be better options out there. When making such a decision, there are a few factors to take into account, and we believe it is important that our readers are aware of them. For starters, there is a fair share of cases where victims have paid the amount demanded, and have never received the promised decryption key. They were left with a bunch of coded files, and empty pockets. Of course, there have been cases where the victims have been provided with a key, but there have been situations where that key has failed to work, and decrypt their files. This may not have been the intention of the hackers, but this is how programming works. Sometimes things go wrong in coding, and even the coders can’t (or don’t care enough to) provide a fix for it. Therefore, whatever you choose to do, we highly recommend that you carefully consider the risks. If you plan to use your computer in the future, we advise you to remove the virus because failing to do so could potentially lead to another encryption event. Furthermore, because Bbbw has possibly been let in by a Trojan Horse virus inside your system, you should run a full system scan to try to locate, and remove both of those threats from your computer.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
Data Recovery ToolNot Available
Detection Tool

anti-malware offerOFFER *Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

Remove Bbbw Ransomware


You’ll need to restart your computer in Safe Mode for the next steps, then return to this page to complete the remaining Bbbw removal instructions.

However, before restarting the computer, we recommend bookmarking these removal instructions so that you don’t lose them and easily reload the guide once the computer has booted up.

After you’ve verified that your machine has rebooted in Safe Mode, type msconfig into the Windows Search area. Then, at the top of the System Configuration window, click on the “Startup” tab.


Uncheck the checkboxes next to any startup items that Bbbw has added, then click the OK button. The infection-related startup items will no longer run as a result of this action.



To see if any malicious ransomware-processes have been launched in the background of the system, open the Task Manager (CTRL + SHIFT + ESC) and click on the Processes Tab:

If you find any suspicious processes, right-click on them and choose Open File Location from the shortcut menu.


With the help of the free virus scanner below, you’ll be able to scan the files connected with that process and check them for dangerous code:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If one or more of the process’s files have been identified as harmful by the scanner, you’ll know the process genuinely malicious. In this instance, you must first terminate the currently operating process (right-click>>End Process) before removing the harmful files from their File Location.


    By pressing and holding the Start Key and R at the same time, you can open a Run window on the screen. Then, in that window, copy and paste the following, then click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    Hosts file will open in Notepad. Swipe down the text until you see the phrase “Localhost“. When you’ve found it, pay attention to the IP addresses listed below.

    Please let us know if you see IPs similar to those in the sample image below by leaving a comment. It’s recommended not to make any changes in the file and, instead, wait for our response, which will include guidance on what to do if we notice anything troubling.

    hosts_opt (1)

    To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

    If you want to avoid the risk, we recommend downloading SpyHunter
    a professional malware removal tool.

    More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

    The most challenging step of the Bbbw removal is discovering and eliminating hazardous entries added by the ransomware in the Registry.

    In general, unless you are a computer expert, we do not recommend that regular users make any modifications to the Registry. Instead, we recommend removing any potentially hazardous registry files with a professional removal tool (such as the one available on this page). 

    Still, as we’re giving a manual removal method, we’ll try to describe the manual instructions for searching and cleaning your computer’s Registry in as much detail as possible.

    To begin, open the Registry Editor by navigating to the Windows Search field and typing Regedit in the search bar, then pressing Enter.

    To search for the ransomware, click CTRL and F at the same moment while you are inside the Editor and type the name of the virus into the Find box. If you locate any entries with that name in the Registry, carefully delete them because they could be linked to the infection.

    It’s also a good idea to check a few more places on your computer. To do so, type each of the lines below into the Windows Search area, open them and look for files and folders created around the time of the ransomware infection:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Look for suspicious subfolders or files in all directories and subdirectories. Select all files in the Temp folder and delete them. These are temporary files, and some of them may include Bbbw-related entries.


    How to Decrypt Bbbw files

    Once you’ve been infected, you’ll first need to figure out which ransomware variant you’re dealing with and how to remove it before you can think about any file recovery steps. Extensions appended to the ransomware-encrypted files may help in identifying the concrete ransomware’s variation.

    Next, after you know the version, you must carefully check that the ransomware infection has been totally removed from your computer. To prevent further damage to your computer, we recommend that you follow the removal instructions above and run a system scan with a professional anti-virus program or an online virus scanner.

    New Djvu Ransomware

    STOP Djvu, a sophisticated ransomware variant that is now attacking individuals all around the world, is the latest threat representative from the Djvu Ransomware strain. The .Bbbw extension on files encrypted with this variant helps the victims to distinguish it from other variants of the same infection.

    While dealing with new ransomware variations can be incredibly challenging, data encrypted with STOP Djvu might be decrypted if an offline key was used for its encryption. Furthermore, decryption software is available to help you recover your data. To get it, go to the following URL and click the Download button on the page:

    It’s critical that you run the decryptor as an administrator and then select “Yes” from the confirmation dialog box. Before continuing, read the license agreement and the short set of instructions on the screen. After that, click the Decrypt button to decrypt your data. Please note that there is no guarantee about file recovery with any decryption method, therefore, please, consider the possibility that the tool may be unable to decode data encrypted with unknown offline keys or online encryption.

    About the author

    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1