Learn About EvilQuest ransomware
EvilQuest ransomware is a new file encrypting ransomware. Spam email is a way for EvilQuest ransomware to get inside your PC. It will show with a subject named “bank bill” or “bill of credit card”. As long as users download and open the attached files, they will be led to run the ransomware directly. Once you get it inside, it will encrypt all the documents on the PC. All the files infected are added with malicious extension , and a ransom note left to you will warn you that you need to buy decryption key to restore these documents.
Under such circumstances, many users will choose to pay because those files are too important. If you are one of the victims, it is not recommended to do so. Because the ransomware maker may scam you, just what they did to other ransomware victims before.
To decrypt your files from EvilQuest ransomware, right now you need to remove EvilQuest ransomware and related infections. After that, you could try safe decryption tools to recover the files.
How to Manually Remove EvilQuest ransomware From Mac OSX? (Steps)
Step 1 Uninstall EvilQuest ransomware related apps or potentially unwanted apps from Mac OSX
- In Finder window, clicking “Applications” in the sidebar
- In the applications folder, right-click on EvilQuest ransomware related apps or other suspicious apps and click Move to Trash.
Step 2 – Remove malicious files generated by EvilQuest ransomware or related malware from your Mac
1. Click the Finder icon from the menu bar >> choose “Go” then click on “Go to Folder“:
2. In the Go to Folder… bar, type the name of the following four folders to open them one by one:
3. In each folder, search for any recently-added suspicious files and move them to the Trash. Here are some examples of files generated by malware:
“installmac.AppRemoval.plist”, EvilQuest ransomware”, “com.genieo.completer.download.plist” “com.genieoinnovation.macextension.plist” “com.genieo.engine.plist” “com.adobe.fpsaud.plist” , “myppes.download.plist”, “mykotlerino.ltvbit.plist”,
Step 3 – Find and remove malicious extensions and browser hijacker from Safari and Chrome.
1. Start Safari: Select Safari menu and click Preferences:
2. Select Extensions tab>> Look for the unsafe or suspicious extensions and click Uninstall:
3. Select Search tab >> click the Search Engine menu and make your choice. Safari lets you use Google, Yahoo, Bing, or DuckDuckGo.
4. Select the General tab >> In the Homepage bar, type the URL you want to set as the Safari homepage.
On Google Chrome
1. Open Google Chrome and click the “Customize and control Google Chrome” icon at the top right corner >> Select More Tools and click Extensions;
2. Search for suspicious extensions and click trash icon to remove it:
3. Reset default search engine on Chrome:
- Open Google Chrome and click the “Customize and control Google Chrome” icon >> Select Settings
- Scroll down until you locate the Search engine section
- Click the drop-down menu accompanying the option labeled Search engine used in the address bar
- Select Google, Bing or Yahoo! as your default search engine.
4. Reset homepage on Chrome:
- Open Google Chrome and click the “Customize and control Google Chrome” icon >> Select Settings;
- In the “On Startup” section, click the “Set pages” link near to the “Open a specific page or set of pages” option.
- Remove the URL of the browser hijacker (for example SearchMine.net) and enter your preferred URL (for example, google.com).
Step 4 – Re-check your Mac with Combo Clean Antivirus.
To be sure that your Mac is not infected at all, it’s recommended to run a full scan with Combo Cleaner Antivirus.
Combo Cleaner Antivirus is a professional Mac Antivirus and Mac OSX Optimization Tool for users. It is equipped with powerful detection engine against virus, malware, and adware. Thus it is able to protect your machine from the latest out-breaking threats and infections. Moreover, its Disk Cleaner can detect and clean up all junks and always keep your Mac’s performance at the peak.
Once Combo Cleaner is installed, run a scan to diagnose your Mac and solve all problems: