JCandy Ransomware Removal (+File Recovery) Nov. 2017 Update

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


This page aims to help you remove JCandy Ransomware for free. Our instructions also cover how any JCandy file can be recovered.

Among all the online threats that Internet users are exposed to, there is hardly anything more malicious than Ransomware. This type of malware is extremely dangerous and in today’s article, we are going to tell you more about its specifics, as well as the best prevention and protection methods that may help you keep it at bay. A specific version of file-encrypting Ransomware called JCandy has recently been reported to our team, so in the next lines, you will learn more about it as well. This malware usually encrypts the files of its victims and asks them to pay ransom in exchange for a decryption key. To those of you, who don’t want to have a close encounter with such threat, there are some useful tips in the paragraphs that follow. Those of you, who, unfortunately, have found these tips too late and have already had their files encrypted by JCandy, can find an effective removal solution, which we have provided in the removal guide below.

What is Ransomware and what types of it may you encounter?

Ransomware is basically the name of a malicious software category, which security experts have classified as such based on certain behavioral traits. Typically, any Ransomware threat would take something valuable for the user hostage and will place ransom demands in exchange for its release. Various types of ransom-demanding programs are known to security experts, and all of them can seriously harm your devices and your data. In general, there are three main groups, which we will list below:

  • the group of the file-enrcypting Ransomware programs: This group is the biggest and the most famous among all. The infections that fall into this category, (JCandy included) normally infect you in a very stealthy way, (using a Trojan horse or some other tricky transmitter) and then secretly infiltrate your entire computer. All the information they can find there is then encrypted with a very complex cryptography, which prevents the victim form opening or using the affected data without a special decryption key. As you can guess, the moment the encryption process is over, the hackers place a ransom message on the screen and start to blackmail the victim to pay ransom in exchange for that key, otherwise, they are threatened to never access their data.
  • the group of the screen-locking RansomwareUnlike the file-encrypting Ransomware, which blocks the access to the data found on the infected computer, the screen-locking type blocks your access to the entire computer. The infection places a full-screen ransom alert, which prevents you from reaching the menu, the icons or any other options and asks you to pay a certain amount of money in order to make it disappear.
  • the group of the mobile device RansomwareUnfortunately, with the increased usage of portable devices such as smartphones and tablets, the hackers have created a Ransomware version, which can target them as well. The malware usually acts as a screen-locking one and asks the victims for ransom in order to remove its screen-covering alert form the infected device.

Where does JCandy spread and how can it infect you?

The cybercriminals, who create threats like JCandy, use very diverse distribution methods and sophisticated malware attacks in order to infect as many online users as possible. Unfortunately, we cannot list them all, but here are some of the most common ones, which you should keep in mind:

  • Malvertising – this method is a very popular one because it can easily trick the users and make them click on an infected transmitter without realizing. Usually, the hackers insert their threat inside a good-looking ad, an offer, some top sale message, a pop-up link, a banner or some other harmless-looking type of online content. The moment you click on them, you get contaminated automatically.
  • Fake software update notifications – very often the criminals may use fake notifications that may prompt you to update or install some critical software patch or a new version of a program, which in fact is a hidden exploit kit or a Trojan horse. The moment you come in contact with the message, the malware activates and invades your system.
  • Spam messages and malicious email campaigns – A great share of Ransomware infections happens thanks to the distribution of infected email attachments, spam messages with illegal content or other sketchy notifications that you may get in your email inbox or social media.

How to deal with JCandy?

Unfortunately, there is no universal solution when it comes to dealing with Ransomware infections. Threats like JCandy are very harmful and both removing the virus as well as saving your encrypted data can be very challenging. In fact, your data is at great risk no matter what course of action you may take. If you pay the hackers, there is no guarantee they will send you the decryption key. If you remove JCandy, you still may not be able to recover your data to the fullest. Still, we suggest you first try every possible alternative, which gives you some hope. For instance, the removal guide below can help you remove the infection and clean your PC from its traces. There are also some file-restoration steps, which may turn out to be helpful. The only 100% sure method, however, is the good old file backup, so make use of your file copies or try to extract some with the help of the instructions.

JCandy Ransomware Removal


 

Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

Step3

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

Step4

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

Step5 

How to Decrypt JCandy files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

  • the group of the screen-locking Ransomware: Unlike the file-encrypting Ransomware, which blocks the access to the data found on the infected computer, the screen-locking type blocks your access to the entire computer. The infection places a full-screen ransom alert, which prevents you from reaching the menu, the icons or any other options and asks you to pay a certain amount of money in order to make it disappear.
  • the group of the mobile device Ransomware: Unfortunately, with the increased usage of portable devices such as smartphones and tablets, the hackers have created a Ransomware version, which can target them as well. The malware usually acts as a screen-locking one and asks the victims for ransom in order to remove its screen-covering alert form the infected device.

Where does JCandy spread and how can it infect you?

The cybercriminals, who create threats like JCandy, use very diverse distribution methods and sophisticated malware attacks in order to infect as many online users as possible. Unfortunately, we cannot list them all, but here are some of the most common ones, which you should keep in mind:

  • Malvertising – this method is a very popular one because it can easily trick the users and make them click on an infected transmitter without realizing. Usually, the hackers insert their threat inside a good-looking ad, an offer, some top sale message, a pop-up link, a banner or some other harmless-looking type of online content. The moment you click on them, you get contaminated automatically.
  • Fake software update notifications – very often the criminals may use fake notifications that may prompt you to update or install some critical software patch or a new version of a program, which in fact is a hidden exploit kit or a Trojan horse. The moment you come in contact with the message, the malware activates and invades your system.
  • Spam messages and malicious email campaigns – A great share of Ransomware infections happens thanks to the distribution of infected email attachments, spam messages with illegal content or other sketchy notifications that you may get in your email inbox or social media.

How to deal with JCandy?

Unfortunately, there is no universal solution when it comes to dealing with Ransomware infections. Threats like JCandy are very harmful and both removing the virus as well as saving your encrypted data can be very challenging. In fact, your data is at great risk no matter what course of action you may take. If you pay the hackers, there is no guarantee they will send you the decryption key. If you remove JCandy, you still may not be able to recover your data to the fullest. Still, we suggest you first try every possible alternative, which gives you some hope. For instance, the removal guide below can help you remove the infection and clean your PC from its traces. There are also some file-restoration steps, which may turn out to be helpful. The only 100% sure method, however, is the good old file backup, so make use of your file copies or try to extract some with the help of the instructions.

SUMMARY:

Name JCandy
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

 

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!