.xtbl Files Virus

Execute · « **on:** April 19, 2018, 12:43:39 pm »

Malware researchers have a new version of the notorious Scarab ransomware. According to some of them, the cryptovirus uses the AES encryption algorithm and is coded in Delphi.
The idea behind the Delphi programming usage is for it cause more infections as it might be spread to older systems, like Windows 98, others speculate.

The Scarab virus (with the .xtbl extension) creates the following mutexes:

ShimCacheMutex
STOPSCARABSTOPSCARABSTOPSCARABSTOPSCARABSTOPSCARAB

The Scarab ransomware deletes Shadow Volume Copies and some System Backups via commands.

You can read more about the threat from the following article:

.xtbl Files Virus (Scarab Ransomware) – Remove and Restore .xtbl Files

never · « **Reply #1 on:** April 19, 2018, 01:35:31 pm »

Hello, in order to provide further support, we have created the following video, which contains manual and automatic removal instructions within it. Do not hesitate to ask us any questions by commenting here or under the video itself.

https://youtu.be/2hrNbk1xNb8

Martin · « **Reply #2 on:** April 19, 2018, 04:34:53 pm »

Delphi programming language? Pathetic!

Execute · « **Reply #3 on:** April 19, 2018, 05:03:09 pm »

Pathetic, but it works. And it is quite clever to be honest.

.xtbl Files Virus - A New Version of Scarab Ransomware

Execute

.xtbl Files Virus - A New Version of Scarab Ransomware

never

Re: .xtbl Files Virus - A New Version of Scarab Ransomware

Martin

Re: .xtbl Files Virus - A New Version of Scarab Ransomware

Execute

Re: .xtbl Files Virus - A New Version of Scarab Ransomware