ThiefQuest is a file-locking ransomware virus which can be used to extort money from its Mac victims. ThiefQuest typically uses sophisticated cryptography to render digital files inaccessible so that the hackers behind the infection can ask for a ransom.
Hundreds of web users are losing access to their most valuable files every day due to accidental infection with this new ransomware virus and may fall prey to the money extortion scheme launched by the crooks behind ThiefQuest. Originally named EvilQuest, the malware was later renamed ThiefQuest to avoid confusion, as EvilQuest is the name of a video game.The victims are typically asked to immediately transfer a certain amount of money to a given cryptocurrency account in order to receive a decryption key for the files that the virus has encrypted. If you are on this page, however, we assume that you are not ready to pay a ransom to some anonymous hackers and are more interested in how to remove the infection and restore your files by other means. That’s why, in the next lines, we will provide you with information about the specifics of ThiefQuest and the methods that you can use to deal with it.
The ThiefQuest Ransomware
The ThiefQuest ransomware is a virus threat that seeks to keep its victims’ most valuable data unavailable so it can harass them to pay a ransom. The crooks behind the ThiefQuest ransomware promise that, in exchange for the payment, they will send the victims a unique decryption key for their files.
Typically, the hackers inform the attacked user about the payment instructions by placing a ransom notification on their screen shortly after the file-encryption is done. If the files that have been encrypted are of not such a great importance to you or you have backups from where you can recover them, however, you have the option to remove the virus and use your computer as before. The manual guide below contains instructions on how to remove ThiefQuest and a professional program that can help you do that without much of hassle. If the virus has been able to detect and encrypt files of significant interest to you, though, you may have to carefully consider all the risks and the alternatives for file recovery in order to deal with the consequences of the attack in the best possible way.
The ThiefQuest on Mac
The ThiefQuest on Mac file encryption is a method used to protect files from being accessed without a decryption key. The ThiefQuest on Mac file encryption is a sophisticated algorithm that can only be reversed with the application of a matching decryption key.
Yet even though the hackers may tell you that the only way to recover your files is to pay the required ransom, many security professionals advise that you should take time to think about the various alternative approaches to this problem instead of simply transferring the necessary amount and waiting for the crooks to send you a key. In fact, paying the ransom should be your very last resort because there is no way to tell whether the hackers will really provide such a key or not. That’s why our suggestion is to take a look at the removal guide on this page as well as the file recovery options that we have listed there.
|Danger Level||High (Ransomware is by far the worst threat you can encounter)|
|Symptoms||Very few and unnoticeable ones before the ransom notification comes up.|
|Distribution Method||From fake ads and fake system requests to spam emails and contagious web pages.|
|Data Recovery Tool||Not Available|
Some threats reinstall themselves if you don't delete their core files. We recommend downloading ComboCleaner to remove harmful programs for you. This may save you hours and ensure you don't harm your system by deleting the wrong files.
ThiefQuest Mac Ransomware Removal
The first thing you need to do is to Quit Safari (if it is opened). If you have trouble closing it normally, you may need to Force Quit Safari:
You can choose the Apple menu and click on Force Quit.
Alternatively, you can simultaneously press ⌘ (the Command key situated next to the space bar), Option (the key right next to it) and Escape (the key located at the upper left corner of your keyboard).
If you have done it right a dialog box titled Force Quit Applications will open up.
In this new dialog window select Safari, then press the Force Quit button, then confirm with Force Quit again.
Close the dialog box/window.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Once there, look at all the processes: if you believe any of them are hijacking your results, or are part of the problem, highlight the process with your mouse, then click the “i” button at the top. This will open up the following box:
Now click on Sample at the bottom:
Do this for all processes you believe are part of the threat, and run any suspicious files in our online virus scanner, then delete the malicious files:
The next step is to safely launch Safari again. Press and hold the Shift key while relaunching Safari. This will prevent Safari’s previously opened pages from loading again. Once Safari is opened up, you can release the Shift key.
On the off chance that you are still having trouble with scripts interrupting the closing of unwanted pages in Safari, you may need to take some additional measures.
First, Force Quit Safari again.
Now if you are using a Wi-Fi connection turn it off by selecting Wi-Fi off in you Mac’s Menu. If you are using a cable internet (Ethernet connection), disconnect the Ethernet cable.
Re-Launch Safari but don’t forget to press and hold the Shift button while doing it, so no previous pages can be opened up. Now, Click on Preferences in the Safari menu,
and then again on the Extensions tab,
Select and Uninstall any extensions that you don’t recognize by clicking on the Uninstall button. If you are not sure and don’t want to take any risks you can safely uninstall all extensions, none are required for normal system operation.
The threat has likely infected all of your browsers. The instructions below need to be applied for all browsers you are using.
Again select Preferences in the Safari Menu, but this time click on the Privacy tab,
Now click on Remove All Website Data, confirm with Remove Now. Keep in mind that after you do this all stored website data will be deleted. You will need to sign-in again for all websites that require any form of authentication.
Still in the Preferences menu, hit the General tab
Check if your Homepage is the one you have selected, if not change it to whatever you prefer.
Select the History menu this time, and click on Clear History. This way you will prevent accidentally opening a problematic web page again.
How to Remove ThiefQuest From Firefox in OSX:
Open Firefox, click on (top right) ——-> Add-ons. Hit Extensions next.
The problem should be lurking somewhere around here – Remove it. Then Refresh Your Firefox Settings.
How to Remove ThiefQuest From Chrome in OSX:
Start Chrome, click —–>More Tools —–> Extensions. There, find the malware and select .
Click again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines. Delete everything but the search engines you normally use. After that Reset Your Chrome Settings.
If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!