Gandcrab v2.1 Ransomware Removal (April 2019 Update)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

How irritating is this problem? (3 votes, average: 5.00)

This page aims to help you remove Gandcrab v2.1 Ransomware for free. Our instructions also cover how any .Crab file can be recovered.

In the next few paragraphs we have included some important information and facts about Gandcrab v2.1. This particular piece of malware falls under the Ransomware virus type and here you will have the opportunity to learn more about those highly-dangerous PC viruses.

Simply put the viruses from this family are normally used for file encryption and making it impossible for you to access some particular files on your PC. Expectedly, Gandcrab v2.1 is no exception and might do that as well. Another typical trait of this sort of malware is their tendency to display an alarming ransom-demanding message. Its aim is solely to notify you that your data may be lost for good if you refuse to pay the amount of money the hackers require from you.

What are Ransomware viruses’ overall characteristics?

What you can expect from all Ransomware versions is to lock up something on your device. By sealing certain data we mean making it unavailable to you. Immediately after the process of encryption has been carried out, you will be informed about that by the displayed ransom notification.

In the passages below, we will cover the elements of your system which are at risk of becoming victims of Ransomware. Moreover, we will be discussing all the versions of this malware and its usual sources. Also, we will give you some beneficial prevention tips and some possibly effective removal instructions to hopefully help you solve your problem.

How many subtypes does this malware comprise?

This malicious family has several different subcategories, each having specific functions. All of these subtypes contain highly dangerous programs that must be eliminated as soon as noticed.

  • Ransomware versions that encrypt user data: This subcategory is made up of Ransomware viruses which are programmed to infect your computer and block certain files. After the targeted files are rendered inaccessible to the user of the PC, the malware displays its ransom message where the ransom money is demanded and the payment methods are explained to the Ransomware’s victim.;
  • Ransomware versions that lock the infected device’s screen: This subfamily consists of the Ransomware-based programs used for preventing you from accessing the desktops of your PCs and the screens of your other devices such as tablets and smartphones. In such a case, your files wouldn’t typically get targeted by the malware. Still, accessing any file format again will be made impossible for you because the ransom notification itself prevents you from interacting with anything on the device. Of course, the request of a certain ransom will still be there, but this time in exchange for the access to your desktop or screen and not to your valuable files.;

Gandcrab v2.1 Ransomware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Gandcrab v2.1 files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

About Gandcrab v2.1

Sadly, Gandcrab v2.1 belongs to the former group of malware – the one that uses a highly advanced encryption algorithm to render the personal data on your machine inaccessible.

  • To tell the truth, this is the worse subcategory of Ransomware from the two that we mentioned above. Not only does Ransomware comprise the most fatal viruses in the cyber world, but Gandcrab v2.1 is also a representative that falls into most harmful subcategory.

The most typical sources of Gandcrab v2.1:

A lot of content online may be contaminated by Ransomware and be used to spread such viruses. Still, there are some sources that are more common than others:

  • Emails (ones with file attachments or links): Every fishy-looking email sent to you may carry viruses such as Gandcrab v2.1 (or other forms of Ransomware). We suggest that you simply do not open the ones you think could be spam. Moreover, just keep away from all suspicious attachments (such as strange .exe files, documents and images).;
  • Malicious ads: Malvertising is another frequently used source of Ransomware. It enables the distribution of pop-ups and other versions of ads that may be able to redirect to potentially infected web pages. That is the reason why you should avoid clicking on any fishy-looking adverts coming from the web. ;
  • Torrents (the illegal web platforms spreading pirated software in particular): Other possible sources are the software, movie and torrent-distributing online platforms (the ones that are illegal and normally disregard various copyright policies and laws).

What is the solution to such a problem after all?

There is no stated always-working solution against Ransomware and Gandcrab v2.1 after the infection has already successfully infiltrated the device.

However, it is still in your interest to try out all potential solutions leaving the ransom payment option as a last resort alternative. What is essential is to always avoid paying the wanted ransom before you have run out of other solutions. For example, we always advise our readers to first try out our Removal Guide below and go for something else only if it doesn’t succeed helping you with the Ransomware-related issue.


Name Gandcrab v2.1
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Leave a Comment