.combo Files Virus (Dharma Ransomware) - Remove + Restore Files

.combo Files Virus (Dharma Ransomware) – Remove + Restore Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article has been made with the clear purpose to help explain more about Dharma Ransomware virus’s latest version and help you remove this ransomware infection from your computer and try to restore files, encrypted with the .combo file extension added to them.

Reports from all over the world have started to sum up about infections with a new and dangerous ransomware virus – Dharma Ransomware (.combo variant). Like other versions of Dharma ransomware this virus uses advanced encryption modes to encode the files on your computer and make them no longer to be able to be opened, converting them into the following format – Filename.id{ID-here}.[combo@tutanota.de].combo. This dangerous variant of Dharma ransomware has one clear goal and that is to extort victims to pay a hefty ransom fee. This operation is done by leaving behind a ransom note type of file that contains the ransom instructions and aims to induce fear that the victim must pay the ransom “fee” or the files will likely be lost forever. If your computer has been infected with the .combo variant of Dharma ransomware, you need to understand that the situation is serious. Keep reading this article to learn in-depth and removal information about Dharma ransomware’s latest variant and understand alternative ways on how you can try and recover .combo files without having to pay ransom.

Threat Summary

Name .combo Dharma Virus
Type File Encryption Ransomware
Short Description A new iteration of the Dharma/CrySiS ransomware viruses. Utilizes sophisticated encryption mode on data of infected machines in order to extort victims to pay in BitCoin for their encrypted files.
Symptoms Encrypts documents, images, videos and other important files and adds the .combo file suffix plus a unique ID and the e-mail to pay the ransom.
Distribution Method Spam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .combo Dharma Virus


Malware Removal Tool

User Experience Join Our Forum to Discuss .combo Dharma Virus.
Data Recovery Tool Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.combo Dharma Ransomware – Update December 2018

It seems that infections by the .combo variant of Dharma ransomware have slowly started to decrease. This is likely as a result of new variants coming out with new extensions, but with little distribution. Not only this, but what appears to be a decryption method which works effectively has been discovered by Twitter user Maroon Ibrahim, who tweeted the following:

Even though we cannot say for sure if the .combo variant is indeed decryptable, we advise you to be careful when contacting unknown entities and sending them your personal files. Always wait for a decryption software to be released and if so, we will upload a link to the download of such tool on our blog, so keep following this page for more updates.

.combo Dharma Ransomware – Second Update December 2018

THe .combo Dharma ransomware has come out in a new variant, using a different e-mail, but the same .combo file extension, az researcher GrujaRS has tweeted:

.combo Dharma Ransomware – Information Database:

.combo Dharma Virus - How Does It Infect
Dharma .combo Virus Variant - Activity
Dharma .combo Ransomware - Encryption Activity

Remove Dharma Ransomware and Restore .combo Encrypted Files

To remove this variant of Dharma ransomware, you should follow the removal instructions in this article underneath. They are divided in manual removal instructions and automatic removal method as well. If you lack the experience in performing a manual removal, be advised that the best course of action according to experts in this case is to use an advanced anti-malware software and delete Dharma .combo ransomware automatically. Such software will scan your PC automatically and then make sure that this variant of Dharma is permanently gone plus use it’s real-time shields to ensure that your PC stays safe against any malware infections in the future as well.

If you want to restore files, encrypted by the .combo variant of Dharma ransomware virus, be advised that direct decryption is not available at the moment but we are monitoring the situation and will update with decryption instructions as we have done with .dharma file extension variant of this virus. Until then, you are welcome to try our suggested alternative methods for restoring as many files as possible in step “2. Restore files, encrypted by .combo Dharma Virus” underneath. They may not work with a 100% success rate, but some of them may be able to restore little or more of your encoded files.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website


  1. Avatarcharaabi slah

    je suis victime d’un Rasomware, et j’aimerais savoir si vous pouvez m’aider.

    les fichiers ont été cryptés avec ce nom “.id-CC3751DE.[mccredieschlembach@aol.com].combo”

    J’apprécierais votre aide

  2. AvatarAnil Kumar

    Please resolve my “id-80C6DA34.[help@x-mail.pro].combo”

  3. AvatarD.J.Bobo

    I have only crypted files on my computer. Some attacker found password one my PC user and throught standard RDP ran some exe files from their computer (LAPTOP with Win10 and TSCLIENT). Grrr.
    No infection in PC, all files for infection has been deleted.
    Some files was backuped outside, but some not.
    Users and their passwords usually using on freemail and company account it’s very big problem.

  4. AvatarAlex

    Hola, aun no hay descifrador para el rasomware .combo??


Leave a Reply to Alex Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Stay tuned
Subscribe for our newsletter regarding the latest cybersecurity and tech-related news.