Remove .guesswho Files Virus (Update September 2019)

Remove .guesswho Files Virus (Update September 2019)


Have your files been encrypted with the .guesswho extension? The .guesswho files virus is a new ransomware threat that is currently infecting users.

Update September 2019. The .guesswho ransomware is still present on the malware scene. The .guesswho virus infection rate seems to have an upward spike, so users should be extra careful when dealing with email attachments, as malspam continues to be a prevalent distribution method.

Threat Summary

Name.guesswho File Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts the user’s files and drops a ransom note with instructions.
SymptomsFiles are encrypted and have the .guesswho extension appended to them.
Distribution MethodNot Known
Detection Tool See If Your System Has Been Affected by .guesswho File Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .guesswho File Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Guess Who Ransomware – Infection (Update August 2019)

The .Guess Who Ransomware is infecting new users even now in August 2019. With the new information by user reports, we see that the email addresses used for contacting the cybercriminals are and although there also seems to be a variant using and That may be a tactic from the cybercriminals to try and hide better from law enforcement or to try to detect better which variant makes more sales.

Some of the names used by different security tools who have detected the infection of Guesswho are the following:

  • Win32:Trojan-gen
  • Generic.Ransom.Rapid2.6E832924
  • A Variant Of Win32/Filecoder.Rapid.A
  • Trojan.Win32.DelShad.px

Most security tools detect the .Guess Who Ransomware but not all stop the initial infection or try to remove it after the fact.

Guesswho Ransomware – More Information

Because of the email addresses provided by the cybercriminals behind .guesswho files virus – or – there may be a connection between this ransomware and

Gefest Scarab ransomware. The latter used the email. However, we cannot confirm that the ransomware viruses are related as we need further details.

What we know so far is that the ransomware utilizes the .guesswho extension which is appended to encrypted files. A victim of the ransomware who got in touch with us shared that the ransom note is called recovery.txt and says the following:

Hello, dear friend!
All your files have been ENCRYPTED
Do you really want to restore your files?
Write to our email – or
and tell us your unique ID – ID-94PB343W

Guesswho Virus Removal

We will update this article once we know more about the virus and we can provide a more detailed analysis. In the meantime, infected users can back up their encrypted files and remove the ransomware via an anti-malware program. The removal of the ransomware is recommended as it will stop the virus of spreading further, and it will also prevent encryption of more files.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share