.firmabilgileri Files Virus (Scarab) - Remove It and Restore Files

.firmabilgileri Files Virus (Scarab) – Remove It and Restore Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article will help you to remove Scarab ransomware in full. Follow the ransomware removal instructions provided at the end of the article.

Scarab is a virus which encrypts your files and demands money as a ransom to get your files restored. According to some malware researchers, all files of a compromised computer get locked with the AES military grade encryption algorithm. The Scarab cryptovirus will encrypt your data, while also appending the custom .firmabilgileri extension to each of the encrypted files. Read on to see how you could try to potentially recover some of your files.

Threat Summary

Name.firmabilgileri Files Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.
SymptomsThe ransomware will encrypt your files with the AES encryption algorithm. All locked files will have the .firmabilgileri extension appended to them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .firmabilgileri Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .firmabilgileri Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.firmabilgileri Files Virus (Scarab) – Delivery

Scarab ransomware might spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the World Wide Web, and researchers have gotten their hands on a malware sample. If that file lands on your computer system and you somehow execute it – your computer device will become infected.

Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware located at the corresponding forum thread.

.firmabilgileri Files Virus (Scarab) – Description

Scarab is a virus that encrypts your files and places a .txt file, with instructions inside the infected computer system. The extortionists want you to pay a ransom fee for the alleged restoration of your files.

Scarab ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.

After encryption the Scarab virus shows a ransom message located inside a .txt file.

You can see its contents of this file, labeled benioku.txt, from the following screenshot given down below:

The ransom note reminds of the so called “Beni Oku.txt Turkish Virus” but it is actually a newer variant of the Scarab-Turkish Ransomware Virus.

This note is also written in Turkish and states the following:

Tum Dosyalariniz Sifrelenmistir!
Serverinizde bulunan bir guvenlik acigindan faydalanarak serverinize girdim ve kayda deger buldugum bilgilerinizi Sifrelemis Bulunmaktayim!
Verilerinizi geriye buldugum sekilde koymami isterseniz bunun sartlari konusunda anlasmak uzere bana datastore20189mail.ru adresine saat 10:00 a kadar serverinizin ip
numarasini da iceren bir mail atiniz kosullar

konusunda anlasalim. Saat 10:00 dan sonra donuslerle ilgilenmiyorum!!!!
Para Verseniz Daha Acmazlar Diyen Bilgisayarcilara ( Ozellikle Bu Aciga Neden olmalarina Ragmen piskin piskin 300 500 TL Format ve Programlarin Kurulum Parasi isterler) ve ya
Parani Alir Dosyalarini Vermez
Diyen Etrafinizdaki insanlara inanmayin!

Dikkatinizi Cekmek Istediginiz Bazi Hususlar Var!
Size Guven Verecek Yeterli Referansa Sahibim Daha Önce HacklediPim Bir Firmayy Arayarak Dosyalari Açip Açmadigimi Sorabilirsiniz
Aciklarinizi Kapatarak Bir Daha 8?yle Bir Olay Yasamamaniz icin Gerekli Guvenlik Tedbirlerini Anlatirim.
Sizi tanimiyorum, dolayisi ile size karsi kotu duygular beslememin size kotuluk yapmanin bir anlami da yok, amacim sadece bu isten
Yaptiginiz odeme sonrasinda en kisa zamanda verilerinizi eski haline getirmek icin sunucunuza baglanacagim.
Benimle iletisime gecmek icin asagidaki email adresini kullanin,

Eger odeme yaparsaniz dosyalarinizi otomoatik olarak cozecek bir yazilim gonderecegim.

Eger odeme yapmazsaniz dosyalariniz sonsuza dek sifreli kalacak.

Asagidaki hususlara dikkat edin!

Internette buldugunuz ucretsiz araclari denemeyin, dosyalarinizi tamamen bozabilirsiniz.

Lutfen dosyalariniza bilincsiz mudahalelerde bulunmayin ve bilgisi olmayan kimseye bilgisayarinizi vermeyin.
Her kullanicinin benzersiz bir sifreleme anahtari oldugu icin diger kullanicilarin sifre cozuculeri verilerinizle uyumlu degildir.


The note, translated roughly in English, will state something like:

All your files are encrypted!
I’ve entered your server by taking advantage of the security of your server and I have found the information I’ve found important!
If you want to put your data back in a way that I’ve found back to your datastore20189mail.ru address until 10:00 am, I understand your terms and conditions.
Please send us a mail including the number

We have a deal. I’m not interested in donuts after 10:00
If you want to pay more money, especially the computer (especially if you want this Aciga Ragmen dirty dirty 300 500 TL Formats and Programs require the setup money) and
Parani Does Not Export Files
Do not believe the people around you!

There are some things you want to attract your attention!
I Have Enough Reference To Give You The Trust Before You Can Ask If I Opened Files By Calling A Firmayy
I tell you about the necessary safety measures in order to avoid an event with 8 more by closing your minds.
I do not know you, so I do not have a sense of you to feed the jeans feelings against you, I mean only my purpose
I’ll connect to your server to restore your data as soon as possible.
Use the email address below to contact me,
© messenger Mail.ru datastore2018

If you do my payment, I will send you a software that will automatically scan your files.

If you don’t do it, your files will be forever encrypted.

Pay attention to the following points!

Do not try the free tools you find on the Internet, you can completely corrupt your files.

Please don’t give your files uninformed and don’t give your computer to anyone without knowledge.
As each user has a unique encryption key, the password for other users is not compatible with your data.


The note of the Scarab ransomware states that your files are encrypted and that you have to pay a ransom to get them back to normal. However, you should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that. Adding to that, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal activities. That may even result to you getting your files encrypted once again.

.firmabilgileri Files Virus (Scarab) – Encryption

What is known for the encryption process of the Scarab ransomware is that every file that gets encrypted will receive the .firmabilgileri extension. That extension is appended to the name of an encrypted file as a secondary extension. The original extension and filenames remain unchanged after encryption, as the .firmabilgileri extension is added.

Currently there is no information regarding which types of files get encrypted by the malicious application.

The files which are used the most by users that probably get encrypted are probably from the following categories:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

This ransomware might be decryptable, but no specific decryption tool is released yet.

The Scarab cryptovirus deletes all Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

Along with the above-stated command, other ones are executed, which remove backups, making the effects of the encryption process more efficient. Those commands remove some of the viable ways to restore your data via Windows inherent processes. If a computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore some files back to their original state.

Remove Scarab Ransomware Virus and Restore .firmabilgileri Files

If your computer system got infected with the Scarab ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share