GandCrab v5.0.4

OFFER *Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found.               Spyhunter's EULAPrivacy Policy and more details about Free Remover.

GandCrab v5.0.4

GandCrab v5.0.4 is a Ransomware cryptovirus which uses a special algorithm to encrypt the user’s files and to keep them hostage until a ransom is paid by the user. The files that this malware typically affects may be audios, videos, documents, databases, pictures and etc. After entering the computer, GandCrab v5.0.4 immediately gets down to its shady business and renders the targeted data inaccessible by locking it with a very complex encryption. The users can rarely notice the presence of the Ransomware on their system while it performs the malicious encryption.

Once the process is completed, however, GandCrab v5.0.4 usually displays a ransom note on the victim’s screen. This ransom note typically contains instructions which prompt the user to perform a ransom payment in order to obtain a decryption key for their affected data. In order to prevent possibilities for data restoration, the malware may also erase the shadow copies from the Windows OS.

All in all, GandCrab v5.0.4 is a very dangerous virus, which is designed by hackers with malicious intentions. The criminals do not hesitate to use their creation for ruthless blackmailing which is why, in this article, we will do our best to offer some solutions, which may potentially help the victims of GandCrab v5.0.4 remove the nasty Ransomware and deal with its harmful effects without paying the ransom.

The invasion technique, which GandCrab v5.0.4 Ransomware uses

The infection methods of the Ransomware threats are very tricky. For these viruses, it is most important to enter the system unnoticed in order to perform their encryption without getting interrupted. For this reason, the hackers often use the help of various malware transmitters. They usually distribute the Ransomware via intriguing offers, email attachments, fake software update notifications, infected installers, Trojans and more. When the user clicks or downloads the infected malware carrier, the harmful code of the virus gets activated and infects the system in a hidden way, oftentimes exploiting existing vulnerabilities or weaknesses in the system.

Spam emails also play a significant role in the distribution of threats like GandCrab v5.0.4. When the user opens an infected email link or a junk mail attachment, the malicious scripts enter the system and immediately get down to their encryption. Sadly, without any specialized antivirus software that has active Ransomware protection, it is oftentimes not possible (or at least very unlikely) to detect the infection and stop it on time. The victims usually come to know what has happened to their files post factum, when the encryption process has already been successfully completed.

The malevolent activities of GandCrab v5.0.4 Ransomware

Once GandCrab v5.0.4 sneaks inside your system and completes its encryption your most valuable files will immediately become inaccessible. You may not be able to open or use them in any way regardless of any of the tricks you may try. To add to the frustration, the hackers who control the infection will put a scary ransom message on your desktop and will prompt you to release carry out a ransom payment (oftentime required within a short deadline). They may offer to send you a special decryption key if you pay the money they require but they may also threaten to delete your files permanently if you don’t follow strictly their instructions.

But what should you do then? Well, if you agree to pay the amount hoping that they will send you the decryption key to unlock your files, you should know that you’d be basically risking your money without knowing if you’d actually get anything for them in return. The crooks may send you the promised decryption solution but they may also lie to you and try to extract more money from you by asking you for another payment again and again. Weather you want to go for this course of action is a decision that is all yours to make. But if you ask us for advice, we would tell you that paying the ransom amount is usually not the best solution. The hackers may fool you anytime so we suggest you to not risk your hard earned money in this way.

What to do if your PC has been infected with GandCrab v5.0.4?

The Ransomware infections have been mainly designed to scare the web users and to blackmail them for their money. They take your files hostage and demand a ransom to return your access to them. But what can you do when your system has been infected by this kind of virus? Here are some options that you can use to deal with this nasty infection:

  • Don’t Panic – It is very important to remain calm and to abstain from doing anything impulsive which may not be the best way to handle the attack.
  • Remove the Infection – it is a good idea to remove GandCrab v5.0.4 from your system by using a malware removal tool or a detailed Removal Guide (both of those are available on this page) and remove all the infected files. You can later try to recover your data by using a data recovery tool. (In case you don’t have a backup of your files.)
  • Use Backups – You may decide to clean your entire system, remove the infection completely from your PC and restore your files with your own backups. You may also check out your system for any working files or system backups and then copy them back.
  • Reinstall Windows – The last option is to reinstall your Windows OS. It will completely remove all your data as well as the infection. You will get a completely new infection free PC but you will lose all the information that was previously kept on it.


Name GandCrab v5.0.4
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool [banner_table_recovery]
Detection Tool

Remove GandCrab v5.0.4 Ransomware

GandCrab v5.0.4

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

GandCrab v5.0.4


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

GandCrab v5.0.4

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

GandCrab v5.0.4
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result
GandCrab v5.0.4ClamAV
GandCrab v5.0.4AVG AV
GandCrab v5.0.4Maldet

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

GandCrab v5.0.4

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

GandCrab v5.0.4

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:

GandCrab v5.0.4

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

GandCrab v5.0.4

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

GandCrab v5.0.4 

How to Decrypt GandCrab v5.0.4 files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.


  • One of the Gandcrab 5.0.4 affected computers has the following potentially suspicious links at the bottom of the hosts file. cracksmind. com www. cracksmind. com

  • 127. 0. 0. 1 cpm. paneladmin. pro
    127. 0. 0. 1 publisher. hmdiadmingate. xyz
    127. 0. 0. 1 hmdicrewtracksystem. xyz
    127. 0. 0. 1 mydownloaddomain. com
    127. 0. 0. 1 linkmate. space
    127. 0. 0. 1 space1. adminpressure. space
    127. 0. 0. 1 trackpressure. website
    127. 0. 0. 1 doctorlink. space
    127. 0. 0. 1 plugpackdownload. net
    127. 0. 0. 1 texttotalk. org
    127. 0. 0. 1 gambling577. xyz
    127. 0. 0. 1 htagdownload. space
    127. 0. 0. 1 mybcnmonetize. com
    127. 0. 0. 1 360devtraking. website
    127. 0. 0. 1 dscdn. pw
    127. 0. 0. 1 bcnmonetize. go2affise. com
    127. 0. 0. 1 beautifllink. xyz

    127. 0. 0. 1 app. drivereasy. com

    • Those IPs should be removed fro your Hosts file as they are likely related to the issue. Delete them from the file, save the changes and complete the remaining steps from the guide.

Leave a Comment