Grandcrab Ransomware Virus Removal (+File Recovery) June 2019 Update

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Grandcrab Ransomware Virus for free. Our instructions also cover how any Gdcb file can be recovered.

In the passages below we will give answers to the following important questions: What kind of program is Grandcrab? In what ways can it spread? What is the possible negative outcome such software may be able to have on you and your system as a whole as a result of this infection? Moreover, we will also thoroughly explain the steps on how to cope with such file-encrypting versions of Ransomware like Grandcrab inside our Removal Guide below.

Common traits of Grandcrab:

To begin with, experts identify Grandcrab as a version of the most dangerous software known to mankind – Ransomware. Although this kind of malware could indeed be divided into several subcategories, the most common of them is the one comprising the file-encrypting Ransomware programs. Grandcrab is an exact representative of this subcategory. Briefly speaking, getting infected by a data-encrypting virus actually means that some of your files stored on the affected device are in real danger since the viruses from this malicious subcategory can and DO access the most regularly modified files and after that, they block them. Later on you receive a threatening alert, which informs you about the ongoing cyber-infection and the ransom you are expected to pay in order to have its damage undone.

Ransomware subcategories:

  • The aforementioned file-encrypting Ransomware: this malicious subcategory’s representatives may be used for data-encryption and the subsequent demands of a ransom. This is perhaps the most horrifying subtype of Ransomware you could ever get to know.
  • Ransomware used for blocking the screens of your mobile devices: no matter what sort of a portable device you own – a tablet, a phone or a laptop, you may catch such a version of Ransomware. Fortunately, in such a case, no files will get encoded, only your screen will be blocked. Actually, the ransom-demanding message that is displayed on the whole screen is the thing that makes you unable to access any icon or shortcut. In fact, that’s why the hackers want you to pay a ransom – for the removal of the cheeky pop-up covering your screen and stopping you from using your device.
  • As you might possibly expect, the screens of your desktop computers may also get blocked by Ransomware in a way similar to how such a virus may affect your portable devices. The way in which it acts is similar: no files get encrypted, you are simply prevented from accessing them by a huge notification broadcast on your desktop. After that, you are harassed into paying so as to remove this nasty alert.

Grandcrab Ransomware Virus Removal


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Grandcrab files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

Is there anything really efficient in the fight against Grandcrab (and Ransomware in general)?

Sadly, there are no removal tips and no program that can really be deemed efficient when it comes to encrypted files and Ransomware contamination. What we can advise you is on is how to never catch such a virus in the first place, or in other words learn to practice prevention. For instance, always make copies of your data and store them on independent drives from the ones your device has. Thus, via backing up your files you will considerably minimize the risks of getting harassed into paying any ransom in the future. What’s more, we need to encourage you to refuse to pay the demanded ransom as there is really no point in sacrificing your money after your encrypted data has already been put in danger. You should never willingly fund the cybercriminals who have unleashed Grandcrab. Make sure that you have tried everything else to remove the infection. Only after that should you consider proceeding with the payment of the demanded ransom. Furthermore, no one and nothing will ever guarantee you a successful decryption of your files, even if you have paid the hackers. Several of the strategies that could work in such a case are as follows:

  • Purchasing special software intended to deal with Grandcrab. However, the success of this is never promised, remember that.
  • Trying out our specialized Ransomware Removal Guide after this article. We cannot really promise your data will be decrypted, but it is worth giving it a go before considering anything else.

Some more advice on your device’s safety:

You had better always stay away from or ignore:

  • The emails you don’t expect, especially those coming from unfamiliar senders;
  • All the pop-ups on your screen that appear especially suspicious;
  • The ads in any form you can see on the Internet while browsing: pop-ups, banners and others.


Name Grandcrab
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


  • 127. 0. 0. 1 license. avira. com
    127. 0. 0. 1 62. 146. 210. 6
    127. 0. 0. 1 62. 146. 210. 10
    127. 0. 0. 1 3dns. adobe. com
    127. 0. 0. 1 3dns-1. adobe. com
    127. 0. 0. 1 3dns-2. adobe. com
    127. 0. 0. 1 3dns-3. adobe. com
    127. 0. 0. 1 3dns-4. adobe. com
    127. 0. 0. 1 3dns-5. adobe. com

    • All those IP addresses must be removed from your Hosts file – they are not supposed to be there so be sure to delete them from the file and then save the changes.

Leave a Comment