TABGH Files Virus (ERIS Ransomware) — How to Remove It

TABGH Files Virus (ERIS Ransomware) — How to Remove It

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

.TABGH Files Virus virus remove

What is .TABGH files virus .TABGH files virus is also known as .TABGH ransomware and encrypts users’ files while asking for a ransom.

The .TABGH files virus is new iteration of the ERIS ransomware family. As a new variant of this threat it will probably follow the same popular behavior as popular virus samples. In the end the sensitive user data of victims will be encrypted by a strong cipher and the processed files will be renamed with the .TABGH extension.

Threat Summary

Name.TABGH files virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.
SymptomsThe ransomware will blackmail the victims to pay them a decryption fee. Sensitive user data may be encrypted by the ransomware code.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .TABGH files virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .TABGH files virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.TABGH Files Virus – Detailed Description

The .TABGH files virus is a dangerous new malware threat which is being pushed to end users worldwide using a variety of popular mechanisms. One of the most common ones is the distribution of email phishing messages and the creation of hacker-made sites that all propose that they originate from a well-known company or service. They are commonly hosted on similar sounding domain names and may even include stolen or fake security certificates.

The .TABGH files virus code can also be embedded inside of various file carriers of which there are two primary types:

  • Malware Bundle Installers — They are made by taking the original installers of popular applications from their legitimate sources and modifying them to include the necessary virus installation code. They can target all of the popular software that is often downloaded by end users: system utilities, creativity suites, productivity and office apps and even computer games.
  • Macro-Infected Documents — They can include documents across all popular document types: presentations, text files, databases and text files. As soon as they are opened a prompt will be spawned requesting the users to enable the built-in scripts. If this is done the ransomware infection will begin.

All of these files can alternatively be uploaded to file-sharing networks such as BitTorrent where both pirate and legitimate files are available. The virus code can be embedded in browser hijackers which are malicious web plugins (also known as hijackers). They can be found over at their respective repositories as uploaded with fake developer credentials and user reviews.

As soon as the .TABGH files virus is installed onto a given system it will start its built-in sequence of malicious actions. One of the most common components that are run is the information retrieval which is launched as soon as the intrusion is made. Its main goal is to gather sensitive information about both the victims and the systems that they are having. The data can be used for crimes like identity theft and blackmail. Having a profile of the installed hardware components makes it rather easy for the criminals to generate an unique ID for each host.

The collected data can then be used further in order to look identify if there are any running security software which can be bypassed or entirely removed. Common examples include the following: anti-virus engines, firewalls, virtual machine hosts, debug and sandbox environments and etc.

At this point various boot options changes can take place. This will make the threat run every time that the computer is powered on. In some cases it can also block access to the recovery options which will render many of the manual user removal guides non-working.

The main .TABGH files virus engine can also commit various Windows Registry changes which will lead to serious performance issues, data loss and the inability to run certain system functions.

If configured to do so the .TABGH files virus can be used to send out other malware such as the following:

  • Trojans — These are dangerous viruses which will establish a persistent connection to a hacker-controlled server which allows the criminals to take over control of the infected systems, steal their files and spy on the victims actions.
  • Cryptocurrency Miners — These are dangerous small-sized scripts which are made to run as soon as the virus is started. They will download a sequence of small-sized tasks that will place a heavy toll on the performance of the computers: the CPU, memory, hard disk space and other important components. For every succesful report the victims will be rewarded with cryptocurrency that will be transferred directly to their wallets.
  • Browser Hijackers — These are various malicious plugins that are made compatible with all popular web browsers which are often uploaded to their relevant repositories using fake user reviews and developer credentials. They are advertised with alluring descriptions that promise performance optimizations and new features addition. When they are installed they will redirect the victims to a hacker-controlled site and hijack their personal data.

The .TABGH files virus will start its built-in file processing engine. It will use a powerful cipher in order to process target user data according to a built-in list. An example one includes the following list: archives, databases, backups, documents, multimedia files and etc. All of them will receive the .TABGH extension and an appropriate ransomware note will be crafted by the virus.

.TABGH Files Virus – What Does It Do?

The .TABGH Files Virus is a crypto virus programmed to encrypt user data. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.

You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.

The .TABGH Files Virus cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.

Remove .TABGH Files Virus

If your computer system got infected with the .TABGH Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share