.glutton Files Virus (Scarab Ransomware) – Remove and Restore

.glutton Files Virus (Scarab Ransomware) – Remove and Restore

remove .glutton files virus scarab ransomware restore data sensorstechforum guide

This article gives insight into .glutton files virus infection process. Additionally, you will find a thorough removal guide and alternative data recovery approaches.

A ransomware dubbed .glutton files virus has been spotted in active attack campaigns. In case of infection with this ransomware important files are blocked and renamed with the extension .glutton. Upon encryption, a ransom message appears on screen to demand a ransom for files decryption.

Threat Summary

Name.glutton Files Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts important files with the help of strong cihper algorithm. Then demands a ransom for their decryption.
SymptomsValuable data is locked and renamed with .glutton extension. It remains unusable and a ransom is demanded.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .glutton Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .glutton Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.glutton Files Virus – Distribution

The so-called .glutton files virus is a threat that could land on target computer systems as part of spam email campaigns initiated by hackers. Such emails often impersonate representatives of well-known organizations and institutions in order to mislead you and trick you into running the malicious code on your PC. As of the infection code of the ransomware it is usually concealed in a file attachment of commonly used type (document, image, archive, PDF) or injected into the source code of a web page the URL of which could be displayed as an in-text link, a button or a picture. The messages of these emails could state that you need to review these elements as soon as possible because the information they contain is of great importance.

The distribution of .glutton files virus may also happen with the help of various freeware available across the Web. Most of these free apps seem attractive and helpful but more often than not their installation setup contains additional programs that endanger the security of your PC.

You could check our forum for safety tips that reveal how to prevent infections like Scarab ransomware.

.glutton Files Virus – Overview

Yet another ransomware that belongs to Scarab family has been spotted in the wild. Its traits are the distinctive extension used for corrupted files – .glutton and ransom message file called !!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT.

An infection with this ransomware begins after the execution of its payload on the system. This file could trigger all subsequent malicious activities that organize the attack and lead it to its end. At first, the so-called .glutton files virus is likely to initiate the creation of all needed malicious files. Some of these files could be dropped on the system from its command and control server. And there are several folder locations that may contain files and objects associated with this ransomware:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%
  • %Windows%

However, have in mind that locating malicious files properly may be a hard task even for tech-savvy guys. So in order to find and remove all malicious files and objects created by .glutton files virus you may need the help of an advanced anti-malware tool.

Once established on the computer malicious files are all used by the ransomware for the access to essential system resources. As a result, various system processes may be stopped, started or manipulated. Like the majority of ransomware .glutton Scarab is likely to compromise registry values stored in the Registry Editor.

This could be explained by the fact that values stored by some of the registry sub-keys including Run and RunOnce indicate which files and processes should execute automatically each time the system is loaded. By setting values under these keys .glutton files virus becomes able to run its infection files on each system start and this way attains persistence.

Another reason why the functionalities of these keys are manipulated is the display of the ransom note on the screen. This happens at the final stage of the attack when all target files are encoded and marked with .glutton extension. The ransom message aims to reveal the presence of Scarab .glutton on the system and further attempts to blackmail you into paying hackers a decryption ransom. It is contained in a text file named !!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT and what it reads is:

Your files are now encrypted!
Your personal identifier:
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: [email protected]
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.

!!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT .glutton files virus ransom note

.glutton Files Virus – Encryption Process

All initial system modifications performed by .glutton files virus support the uninterrupted implementation of data encryption phase. For this phase, the ransomware uses a built-in encryption module which is set to encode parts of the code of target files. When this process is finished all corrupted files remain inaccessible and marked with the specific extension .glutton.

Unfortunately, all files that store sensitive information could be encrypted by this Scarab version including:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

We know that all these files are important for you and you need to restore them all as soon as possible. However, don’t rush into paying the ransom before you try the help of alternative data recovery methods as they are likely to restore a few to all of your .glutton files.

Remove .glutton Files Virus and Restore Data

Below you could find how to remove .glutton files virus step by step. Beware that ransomware is a threat with highly complex code that plagues not only your files but your whole system. To remove this ransomware manually you need to have a bit of technical experience and ability to recognize traits of malware files. So as recommended by security researchers you should utilize an advanced anti-malware tool for its complete removal. Such a tool will keep your system protected against devastating threats like Scarab .glutton and other kinds of malware that endanger your online security.

After you remove the ransomware make sure to check the “Restore Files” step listed in the guide below. But before you take any further actions, don’t forget to back up all encrypted files to an external drive in order to prevent their irreversible loss.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share