Robm Virus

Robm

Robm is a harmful piece of malware that locks up important user data in order to extort money from the victim through blackmailing. Robm will only release the files if a set amount of money is paid by the user.

Robm 1024x626
The Robm ransomware will leave a _readme.txt file with instructions

If you have been targeted by this malicious program, you must be looking for a way to set your files free and remove the threat from your computer. We may be able to help you with this but you must first realize that full recovery from this virus attack may not be possible at the moment. All you could do is try all possible options that may solve the issue and hope that some of them would allow you to minimize the damages.

The main problem when encountering a Ransomware threat such as .Iisa, .Pqgs (that’s what these viruses are called) is dealing with the lockdown on the files. The removal of the virus itself is usually not incredibly difficult if you have access to proper guidance or to a reliable anti-malware tool that can take care of the Ransomware for you (both of those things are available down this page). However, simply removing the virus won’t liberate the files and you will still need to deal with that. Below, we will explain the different options you can try with regard to file recovery and we will tell you what we think would be the best course of action in a situation like this.

The Robm virus

The Robm virus is an incredibly harmful Ransomware infection for Windows that initiates a data-locking process once it enters the computer. The data-locking process conducted by the Robm virus uses encryption to ensure that no one can open the files without a special private key.

Robm Virus 1024x611
The Robm virus encrypted files

The goal of the hackers behind this virus infection is to make you pay them money for the key that will release your files. Paying to receive this key is one of the potential ways to recover your files. However, this is also the most inadvisable option to go for because it is a risky one. The only guaranteed thing here is that you would part with a significant amount of money if you pay. Receiving the decryption key, on the other hand, is not guaranteed whatsoever – you can only hope to have it sent to you by the hackers but whether that would happen in the end or not is uncertain. That is why we advise you to first opt for some of the alternative variants that you will find in our guide.

The .Robm file encryption

The .Robm file encryption is the locking algorithm that the virus uses to keep you from accessing the files in your PC. There are several alternatives that may allow you to bypass the .Robm file encryption and obviate the need to obtain the decryption key.

The best alternative here is to restore your files from your own backups once you remove the virus. However, we assume most of you don’t have any extensive backups of their important data, in which case you can try the suggestions from our guide, but not before you make sure to eliminate the virus itself by following the instructions from the removal section of said guide.

SUMMARY:

NameRobm
TypeRansomware
Detection Tool

Remove Robm Ransomware


Step1

If you are infected with Robm, you should know that the malicious files of this ransomware may be hidden in several system locations. This means that you will need to go through each location and delete each and every malicious entry individually if you want to remove the threat manually.

Before you do so, however, you should bookmark this page in your browser, so you can have quick access to it or open the removal guide on another device and follow the instructions from there.

As soon as you’ve confirmed that you can easily refer back to this guide, the next step is to restart your PC in Safe Mode. If you need assistance, click to this URL and follow the instructions provided there, then return to this article to finish the Robm removal.

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

One or more malicious processes may be operating in the background on your computer in order to support the activity of the ransomware. Therefore, the next thing that you should do is you should immediately launch the Task Manager (enter Task Manager in Start menu search field and hit Enter) to see what processes are running on your computer by clicking on the Processes tab.

To fool the people who are trying to remove it, Robm it may use the name of a real process or a random name. If you don’t know which processes are harmful, you’ll need to search for additional red flags such as excessive CPU and Memory usage, as well as sketchy names or random characters and symbols in the names of the processes.

malware-start-taskbar

Right-click on any suspicious process that grabs your attention, choose Open File Location, then run the files saved there through the powerful free virus scanner accessible here:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    Wait for the scan to finish, and if any harmful files are detected, immediately end the process and remove those files from their File Location Folder.

    Step3

    If the computer is compromised, it is a good idea to check the Hosts file for any unauthorized changes that may take place under Localhost.

    To do so, first click on the Start menu button in the bottom left corner of the screen and type the following into the search field:

    notepad %windir%/system32/Drivers/etc/hosts

    Press Enter, and the Hosts file should open right away. Find Localhost in the text by scrolling down and look at the IP addresses that are found below.

    Let us know if you see any IPs that look out of place, such as the ones shown in the sample image below, by leaving us a comment after this guide or simply close your Hosts file if no suspicious modifications have been made in it.

    hosts_opt (1)

     

    Next, search for msconfig in the Start menu search bar, then press Enter.

    msconfig_opt

     

    To check what apps are scheduled to start automatically with your system, click on the Startup tab. If you discover startup items that don’t belong to any of your usual applications, or if they have an “Unknown” Manufacturer or a strange name, it’s a good idea to research them online and uncheck their checkbox if you find out they’re harmful.

    Step4

    The system’s registry is a common place where malware tends to inject harmful files that help it remain on the system for longer. 

    Therefore, if Robm has infected you, the registry should be carefully searched for ransomware-related items and those should be deleted in order to totally eliminate the ransomware from your computer.

    Attention! Inexperienced users should avoid making modifications or removing registry files, as this is related to a high risk of the system’s overall stability and performance.  For this reason, we highly recommend that you use the professional removal program listed on this page to prevent any incorrect deletions and alterations that may damage the OS and the applications installed on it. 

    If you still want to deal with Robm manually and know what you are doing, type Regedit in the Start menu search area and open the Registry Editor from the search results.

    Then, use the CTRL and F key combination to open a Find box where you can type the ransomware’s name. Start a search by clicking on the Find Next button and carefully delete any results that you are sure belong to Robm.

    Once again, be cautious when deleting files and directories that are not linked to the ransomware, since doing so might harm your system in a way that may require a full preinstallation. 

    We also recommend that you search the following five locations for entries related to the ransomware. To open them, simply type each one in the Start menu search bar and hit Enter from the keyboard.

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete any files or folders that you suspect are connected to Robm or were added around the time of the infection. When you open Temp, select all the files in there, and remove them. Let us know if you have any difficulties by leaving us a comment below, and we’ll do our best to assist you.

    Step5

    How to Decrypt files encrypted by Robm

    To decrypt data encrypted by Robm, you must follow a different process depending on the version of the malware. To find out the version of the ransomware, look at the extension of the encrypted files. 

    However, keep in mind that the malware must be entirely removed from the system before you can decrypt any data.  To remove Robm and other infections from your computer, we highly recommend using professional anti-virus programs like those featured in this post.

    1.Old Stop Ransomware

    If you need to decrypt files encrypted by the OLD Stop ransomware, (a version with the .puma, .pumas, .pumax extensions) you can use the Stop Puma decryptor.

    https://www.emsisoft.com/ransomware-decryption-tools/stop-puma

    This decyprtor can also be used for decrypting files with the .STOP, .SUSPENDED, .WAITING, .PAUSA, .CONTACTUS, .DATASTOP, .STOPDATA, .KEYPASS, .WHY, .SAVEfiles, .DATAWAIT, .INFOWAIT extensions.

    To run the decryptor, select “Run as Administartor” from the context menu of the decrypt STOPPuma.exe file that you have downloaded. Once you’ve read and accepted the terms of the agreement, you may proceed. When the software first launches, a window similar to the one shown below will appear.

    To use this decryptor, you’ll need a pair of files, one of which is encrypted, and the other is in its original form. Prepare the relevant pairs of files, select them from the decryptor’s window and then press the Start button.

    The decryptor will notify you as soon as the key is discovered. We recommend utilizing several pairs of files in case an error occurs when looking for a key; this ensures that the proper key has been identified.
    You will be able to decrypt the files after the proper key is discovered. Click the Decrypt button once you’ve selected the location of the encrypted files.

    2. Stop Djvu ransomware

    If you want to decrypt files affected by a Stop Djvu ransomware version you need to find several pairs of files, each of them consisting of an encrypted file and its original copy. The file size should be over 150kb. Once you find and prepare the pairs of files, click on this link:

    https://decrypter.emsisoft.com/submit/stopdjvu/

    Using the Browse button, locate the encrypted file and its original copy, then press Submit  to upload the files to the server. Be patient, as the key search process may take some time. A message will be shown on the website after the key has been discovered, at which point you will be prompted to download the decryptor. Download the decryptor by clicking on the link that reads “Click here to download the decryptor“.

    The website from which you need to download the decryptor will open. Click the Download button and save the decrypt_STOPDjvu.exe file on the computer. After downloading the file, right-click on it and select “Run as Administrator” from the menu.

    If Windows displays UAC Promt to you, choose Yes. Next, please read the license terms and the instructions before moving on to the next step. After selecting a disk or directory, click the Decrypt button in the main window. This will begin decrypting files for which a key was discovered in the previous step.

    To decrypt files that the decryptor says it cannot decrypt, you need to find two pairs of files, one of which is encrypted, and the other is an original copy of that same encrypted file. Then use them to search for a decryptor for them.

    3. New Djvu Ransomware

    The latest version of STOP Djvu ransomware encrypts files with the .Robm extension. Currently, it is only possible to decode files encrypted by an offline key. This decryptor may be downloaded and used to assist you:

    https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

    The STOPDjvu.exe file may be downloaded by clicking the Download button.

    Select “Run as Administrator” from the context menu, then press the Yes button to allow the application to launch. Read the license agreement and the short instructions to make your work with the decryptor easier and after a new window is opened, click the Decrypt button to begin the process of unlocking your files. Unknown offline keys or online encryption may be at blame if the decryptor skips over encrypted files without decrypting them.

    If you face any difficulties with the instructions in this guide, or you have a suspicion that Robm is still hiding somewhere in your system, please use the anti-virus program recommended on this page or run any questionable-looking files through the free online virus scanner available here


    About the author

    blank

    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment