Remove Gandcrab v5.0.9 Ransomware (+File Recovery)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

How irritating is this problem? (5 votes, average: 5.00)

This page aims to help you remove Gandcrab v5.0.9 Ransomware Virus for free. Our instructions also cover how any Gandcrab v5.0.9 file can be recovered.

The cryptovirus sub-category of Ransomware is undoubtedly one of the worst and one of the most advanced forms of malware and it is usually quite difficult to handle such a cyber threat. The way this sort of malware works is it first infiltrates your machine, scans the hard-drives and locates all personal data files that belong to certain file formats – usually the targeted file formats are ones that are commonly used by the users such as different text document formats, images, spreadsheets, videos, audio files and so on and so forth. Once all targeted files have been accounted for, the malicious cryptovirus would go on to encrypt all of them. The purpose of the encryption isn’t to harm the files in any way but to make them inaccessible for the user of the PC. The idea is that once the user realizes that their data has been locked-up by the Ransomware, they’d be forced to pay for the release of the files by making a ransom payment to the hackers who, in turn, promise that they’d send the decryption key for the sealed files to the victim. A big problem here is that there can’t be any guarantees that this is how things would always go down should the malware victim pay the money. For all the user knows, they could get tricked into paying and then receive no decryption key for their files meaning that the money would have been utterly wasted. This is one of the main concerns that the security researchers have in mind when they advise the victims of Ransomware should normally try to deal with the cryptovirus in some other way different from paying the money. Of course, there are also many instances where the hackers do indeed keep their promises and send the details needed for the unlocking of the files after the money has been received. Nonetheless, if there’s a way to remove the malware and recover the files without paying anything, one would understandably go for that option instead of sending their money to some anonymous Internet crooks.

Gandcrab v5.0.9

Since this particular cryptovirus is one of the more recently released Ransomware representatives, below we will try to offer you some possible alternatives on how to remove it and possibly restore the files:

Remove Gandcrab v5.0.9 Ransomware


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Gandcrab v5.0.9 files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

We already told you that paying the demanded ransom is not the best course of action as it won’t really guarantee that you’d actually retrieve your locked-up data. However, sadly, neither would trying any of the available alternatives. We understand that this might sound rather grim and we absolutely do not mean to discourage you. It is pretty much always better to try out all available alternative solutions and possible methods of dealing with a virus like Gandcrab v5.0.9 that do not include paying the ransom. However, we also do not wish to lie to you by telling you that what we offer as potential solutions would work in all cases. Still, though, trying out the guide on this page will most likely help you remove the virus and should, at the very least, make your computer safe and clean once again so that any new files won’t also get encrypted by the Gandcrab v5.0.9 cryptovirus. The problem, however, is that once you remove the infection, the already locked files are likely to remain that way since the encryption doesn’t normally go away after the malware gets removed. That is why, there is a separate section in the guide from this article where we offer you a couple of possible ways you can try to restore your data after Gandcrab v5.0.9 has been taken away. As we said above, we can’t make any promises but trying the suggested solutions won’t cost you anything and so you will at least not be risking your money in the process of trying to recover your data.

Distribution of Gandcrab v5.0.9 and other cryptoviruses

Ransomware threats, though not the most commonly encountered undesirable programs, don’t seem to be going anywhere in the near future so you must at least learn how to stay away from them. The most important thing here is to be cautious with your online activities – if you see a shady-looking ad or some suspicious spam-like e-mail gets sent to you or if some obscure download request pops-up on your screen while browsing, be sure to avoid them as those are all common sources of unwanted and potentially hazardous programs. Something that can really help you against Ransomware in particular is backing up the important files that are on your PC and placing their copies on safe locations that aren’t connected to your machine.


Name Gandcrab v5.0.9
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Ransomware threats are really sneaky and usually display no symptoms.
Distribution Method Shady online messages and social media spam, random deceitful adverts, sites with illegal content or adult sites, backdoor Trojan Horse infections, etc.
Data Recovery Tool Currently Unavailable
Detection Tool

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Leave a Comment