Remove GandCrab v5.0.2 Ransomware (+File Recovery)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

How irritating is this problem? (4 votes, average: 5.00)

This page aims to help you remove GandCrab v5.0.2 Ransomware for free. Our instructions also cover how any GandCrab v5.0.2 file can be recovered.

If you don’t seem to be able to open most (if not all) of your files stored on the hard-drive of your PC, then your machine has most likely fallen prey to a nasty virus infection of the Ransomware cryptovirus category. Here, we will be talking about one such malware threat that is mostly known under the name of GandCrab v5.0.2. This is an advanced piece of malware that uses the method of encryption as means of locking-up the files of the user whose PC has been attacked. The idea is that, once the data as been locked with the encryption code of the virus, the victim would no longer be able to open, use or modify/edit any of the sealed data-files and would, in turn, be forced by the hackers who have locked the files to make a ransom payment for the decryption of the files. Usually, the hackers would program their Ransomware cryptovirus to put a notification message on the user’s desktop through which message the malware victim would learn about the demanded ransom payment sum and about how the money is supposed to be paid. If you are in a similar situation where GandCrab v5.0.2 has made your personal data files inaccessible, then you basically have two general courses of actions: pay the money and hope that the hackers will hold true to their word and will send you the decryption details for your files or attempt to deal with the situation in an alternative way so as not to risk your money by sending them to some anonymous online criminals.

Remove GandCrab v5.0.2 Ransomware


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt GandCrab v5.0.2 files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

We are not going to lie to you by giving you any false hopes – dealing with a Ransomware such as GandCrab v5.0.2 and recovering your files is usually something that can’t be guaranteed regardless of which of the two courses of action you decide to follow. Paying the money, for instance, might get you your files back but there’s no way of knowing if the hackers would actually keep their promise and send you the decryption key that you so desperately need. If they simple decide to keep the ransom but not send you anything in return, you would have wasted your money in vain. Therefore, we have tried to come up with an alternative that our readers can use:

The guide that we offer you on this page is supposed to help you with two things: to remove the malicious Ransomware program from your computer so that your PC will once again be safe for further use and to potentially restore at least some of your data without needing to pay money to the anonymous criminals behind GandCrab v5.0.2. Although not the easiest task, removing the infection is still something that can usually be done with a relatively high chance of success. However, when talking about the restoration of the sealed data, the things are different. You see, the problem is that the encryption that such cryptoviruses use tends to be very advanced and unique for each Ransomware version meaning that what has worked for one Ransomware might be utterly ineffective against another one. We have provided our readers with some general file restoration tips and methods that might help some of you overcome the encryption imposed by GandCrab v5.0.2 but, as we already said, when it comes to restoring data locked by a Ransomware virus, no guarantees can be given. Still, if you try using the alternative solutions available to you, you’d at least not risk losing money for a decryption key that might not even get send to you after you pay.

Preventing Ransomware infections from occurring in the future

It is really important to have a good understanding of the most commonly employed distribution techniques that insidious threats the likes of GandCrab v5.0.2 tend to use in order to reach more and more computers. Normally, the majority of users land malware programs after interacting with insecure web ads, fishy online offers and requests, after opening and downloading the attachments from spam e-mail messages or social network messages as well as when downloading and installing pirated software or software that is of low-quality on their computers. Of course, there are many other methods that can be used to spread such nasty viruses – the ones we just mentioned are only the most commonly employed ones.

Since Ransomware threats rarely show any significant symptoms once an infection has occurred, it is really important that you always have a trusty antivirus program with special Ransomware-detection features. Also, a really good prevention tip against GandCrab v5.0.2 and other similar threats would be to get your data backed-up so that even if the computer you use gets invaded by Ransomware, you’d still have copies of any important files you might fear losing saved on external drives and locations.


Name GandCrab v5.0.2
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Your system’s use of RAM and CPU might go up for no apparent reason during the time the Ransomware encrypts your files but other than that, there would normally be no visible indications of the infection.
wDistribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Leave a Comment