Article created to show you how to remove HappyDayzz ransomware and decrypt .happydayzz encrypted files without having to pay 0.5 BTC to the cyber-criminals.

A ransomware virus reported to be an iteration of the notorious Globe ransomware version 3 has been reported to be spread on a global scale. The ransomware infection has also been reported to drop a ransom note named How To Recover Encrypted Files.hta in which it points out that the victims must pay the sum of 0.5 BTC to decrypt the encrypted files. However, malware researchers have come up with a decryption software with which you can decode your files for free. If you want to get rid of the HappyDayzz threat and recover your files, we recommend that you read this article carefully.

HappyDayz Globe v3 Virus – More Information

This particular ransomware infection is believed to be widespread via multiple different methods on a global scale. One of those methods is e-mail spam of deceitful messages, containing malicious e-mail attachments, like the image below shows:

When victims open the malicious archive, it It, they can either discover a file that is a document and infects after you click on the “Enable Content” button or a file that is actually an executable type of file (.js, .exe, .dll, .tmp, .vbs) and can infect simply by being opened.

After the malicious file is opened, infection is immediate and done via malware obfuscator which actually hides the HappyDayzz ransomware’s malicious files while they are being downloaded. The files may be more than one and may be in various Windows folders under different names:

After the files are downloaded on the computer of the victim, the virus begins to change it’s settings. Among it’s activity is modifying Windows Registry entries and deleting shadow volume copies on the compromised machine. The virus also drops Globe ransomware’s ransom note, as shown by the image on the top of this article.

Then, HappyDayzz ransomware may employ encryption on the files of the victim PC. Among the encrypted files may be documents, images, database files, music, video files and archives as well. The files encrypted by the virus may look like the following image:

Fortunately, users do not have to pay a hefty ransom fee to get the files back. Instead, we have provided instructions on how to use the Emsisoft Globe decrypter and get your data back for free. We advise you to make sure to backup your files and remove the HappyDayzz virus before attempting the decryption instructions and read them carefully.

HappyDayzz Ransomware Removal Instructions

In order to remove this virus firstly, you can try either the Manual instructions or the Automatic ones in case you are not tech savvy. Be sure to know that reverse engineers and security experts always recommend scanning your computer with an advanced anti-malware software for maximum effectiveness during removal.

Manually delete HappyDayzz from your computer

Note! Substantial notification about the HappyDayzz threat: Manual removal of HappyDayzz requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove HappyDayzz files and objects

Boot Your PC Into Safe Mode

1. For Windows 7,XP and Vista. 2. For Windows 8, 8.1 and 10. Fix registry entries created by HappyDayzz on your PC.

For Windows XP, Vista, 7 systems:

1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:

– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.

– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.

3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.

4. Log on to your computer using your administrator account

While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

Step 1: Open the Start Menu

Step 2: Whilst holding down Shift button, click on Power and then click on Restart.
Step 3: After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.

Step 4: You will see the Troubleshoot menu. From this menu you can choose Advanced Options.

Step 5: After the Advanced Options menu appears, click on Startup Settings.

Step 6: Click on Restart.

Step 7: A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart.

Some malicious scripts may modify the registry entries of your computer to change different settings. This is why manual clean up of your Windows Registry Database is strongly recommended. Since the tutorial on how to do this is a bit lenghty, we recommend following our instructive article about fixing registry entries.

2.Find malicious files created by HappyDayzz on your PC

Find malicious files created by HappyDayzz

1. For Windows 8, 8.1 and 10. 2. For Windows 7,XP and Vista.

For Newer Windows Operating Systems

Step 1:

On your keyboard press  + R and write explorer.exe in the Run text box and then click on the Ok button.

Step 2:

Click on your PC from the quick access bar. This is usually an icon with a monitor and its name is either “My Computer”, “My PC” or “This PC” or whatever you have named it.

Step 3:

Navigate to the search box in the top-right of your PC’s screen and type “fileextension:” and after which type the file extension. If you are looking for malicious executables, an example may be “fileextension:exe”. After doing that, leave a space and type the file name you believe the malware has created. Here is how it may appear if your file has been found:

N.B. We recommend to wait for the green loading bar in the navination box to fill up in case the PC is looking for the file and hasn’t found it yet.

For Older Windows Operating Systems

In older Windows OS’s the conventional approach should be the effective one:

Step 1:

Click on the Start Menu icon (usually on your bottom-left) and then choose the Search preference.

Step 2:

After the search window appears, choose More Advanced Options from the search assistant box. Another way is by clicking on All Files and Folders.

Step 3:

After that type the name of the file you are looking for and click on the Search button. This might take some time after which results will appear. If you have found the malicious file, you may copy or open its location by right-clicking on it.

Now you should be able to discover any file on Windows as long as it is on your hard drive and is not concealed via special software.

Automatically remove HappyDayzz by downloading an advanced anti-malware program

1. Remove HappyDayzz with SpyHunter Anti-Malware Tool and back up your data

Remove HappyDayzz with SpyHunter Anti-Malware Tool

1. Install SpyHunter to scan for and remove HappyDayzz.2. Scan with SpyHunter to Detect and Remove HappyDayzz. Back up your data to secure it against infections and file encryption by HappyDayzz in the future.

Step 1:Click on the “Download” button to proceed to SpyHunter’s download page.

Download

Malware Removal Tool

It is highly recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.

Step 2: Guide yourself by the download instructions provided for each browser.
Step 3: After you have installed SpyHunter, wait for it to automatically update.

Step1: After the update process has finished, click on the ‘Scan Computer Now’ button.

Step2: After SpyHunter has finished scanning your PC for any HappyDayzz files, click on the ‘Fix Threats’ button to remove them automatically and permanently.

Step3: Once the intrusions on your PC have been removed, it is highly recommended to restart it.

Back up your data to secure it against attacks in the future

IMPORTANT! Before reading the Windows backup instructions, we highly recommend to back up your data automatically with cloud backup and insure it against any type of data loss on your device, even the most severe. We recommend reading more about and downloading SOS Online Backup .

SOS Online Backup

HappyDayzz Ransomware Decryption Instructions

In order to successfully decrypt files enciphered by HappyDayzz ransomware you are going to need several details to begin with. First, you will need an original file and an encrypted file.

In case you cannot find one, make sure to browse through the default wallpaper folder of the same version of your Windows OS. Here is an example of the location of the default folders for wallpapers for different Windows versions:

After having located an original and an encrypted file, make sure to download the decrypter by clicking on the download button below:

Make sure to save the decrypter somewhere easy to find and open it. Then follow the steps below:

Step 1: Drag and drop the encrypted file and the original file together into the decrypter, like the animated image below demonstrates:

Step 2: The decrypter will begin a brute forcing sequence. Simply wait until your key has been discovered:

Step 3: After this, click on OK and the main interface of the decrypter should appear. From it, choose Add Files to add all the files that you wish to be deciphered.

Step 4: After you have added your files, click on the Decrypt button so that the decrypter can begin the deciphering operation.

At this point you will begin to see on the live feed at the middle of the decrypter’s interface which files were successfully decoded:

HappyDayzz Ransomware – The Bottom Line

In case you have been infected by the .happydayzz variant of Globe and have decrypted the files successfully, we recommend focusing on protecting your computer in the future and avoiding such unfortunate turn of events from happening again to you.

We have prepared several simple tips that you can follow and stay safe in the future:

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

12 Comments

1. luis April 3, 2017 at 5:19 am

   Sorry, the extension of the files are .happydayzz with three “Z”, for this inconvenience I think this method does not work for me. Do you know any decrypter for .happydayzzz? (sorry for my English).

   Example file: [[email protected]] .FA80E5467292B179AAD3C0743D1E16D71E412C4F85.happydayzzz

   Reply ↓
   1. Vencislav Krustev April 13, 2017 at 7:49 am

      Yes, i have written in the answer to Maravento with alternative link.

      Reply ↓
      1. luis April 13, 2017 at 1:57 pm

         Sorry, I do not see any links. I have the original file and the encrypted file but I guess this method does not work because the encrypted files have the extension. .zzz (3z)

         Reply ↓
      2. Maravento April 16, 2017 at 11:23 pm

         sorry. what link????. This method does not work because the file ends with .happydayzzz (not happydayzz) 3z

         Reply ↓
2. Wilfre April 3, 2017 at 2:48 pm

   https://uploads.disquscdn.com/images/b2d12595030da7cf6679e52ad750f4d1c362e8e5d51d0416bc5b46bd243f9a78.jpg I have the same problem, the encrypted files are with 3Z “.happydayzzz”, some option to help please, thank you very much

   Reply ↓
   1. luis April 3, 2017 at 11:04 pm

      you found a some solution?… hablas español?

      Reply ↓
      1. Wilfre April 4, 2017 at 2:46 pm

         Hola Luis: Aun No, solo nos queda aguardar y buscar otras alternativas (guarde por separado mis archivos encriptados) y bueno instale un nuevo antivirus para que este tipo de casos no vuelva a suceder.

         Reply ↓
         1. luis April 4, 2017 at 3:02 pm

            lol, algo así hice… le puse otro HDD a mi laptop para seguir trabajando en ella, también usare un programa de recuperación de archivos eliminados (recuva, wondershare data recovery, etc) para recuperar los archivos eliminados por el ransomware en el disco infectado y bueno guardare ese HDD hasta encontrar una solución en el futuro para desencriptar todo(ojala cercano).

            Si encuentras algún método coméntalo por favor.

            Reply ↓
3. Maravento April 7, 2017 at 4:30 pm

   Muy buen artículo, pero tiene un solo problema. “Arrastrar y soltar el archivo cifrado y el archivo original junto al descifrador” (el archivo original no existe porque fue cifrado por el ransomware)

   Reply ↓
   1. Vencislav Krustev April 12, 2017 at 9:20 am

      Hello, You can look for original files in multiple different Default Windows picture folders, for example in %Windows% or %System32%

      Reply ↓
      1. Maravento April 12, 2017 at 1:18 pm

         thanks Vencislav. I’ll check it out

         Reply ↓
      2. alej April 16, 2017 at 8:25 pm

         Sorry. The files does not exist and the ext is happyzzz (3z)

         Reply ↓

Leave a Comment Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA. × 4 = four