About ThiefQuest Ransomware
ThiefQuest Ransomware is one of the notorious ransomware created to extort computer users via locking their files. From research, now it is able to affect the following files:
.bak, .bank, .bay, .bdb, .bgt,.bik, .bin, .bkp, .blend, .bmp, .bpw, .bsa, .c, .cash, .cdb, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfg, .cfn, .cgm, .cib, .class, .cls, .cmt, .config, .contact, .cpi, .cpp, .cr2, .craw , .crt, .crw, .cry, .cs, .csh, .csl, .css, .csv, .d3dbsp, .dac, .das, .dat, .db, .db_journal, .db3, .dbf,. dbx, .dc2, .dcr, .dcs, .ddd, .ddoc, .ddrw, .dds, .def, .der, .des, .design, .dgc, .dgn, .dit, .djvu, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .drf, .drw, .dtd, .dwg, .dxb, .dxf, .dxg, .edb, .eml, .eps,.erbsql,.erf, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fla, .flac, .flb, .flf, .flv, .flvv, .forge, .fpx, .fxg, .gbr, .gho, .gif, .gray, .grey, .groups, .gry, .h, .hbk, .hdd, .hpp, .html, .ibank, .ibd, .ibz, .idx, .iif , .p12, .p7b, .p7c, .pab, .pages, .pas, .pat, .pbf, .pcd, .pct, .pdb, .pdd, .pdf, .pef, .pem, .pfx, .php, .pif, .pl, .plc, .plus_muhd, .pm !, .pm, .pmi, .pmj, .pml, .pmm,.pmo, .pmr, .pnc, .pnd, .png, .pnx, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .private, .ps, .psafe3, .psd, .pspimage, .pst, .ptx, .pub, .pwm, .py, .qba, .qbb, .qbm, .qbr, .qbw, .qbx, .qby , .qcow, .qcow2, .qed, .qtb, .r3d, .raf, .rar, .rat, .raw, .rdb, .re4, .rm, .rtf, .rvt, .rw2, .rwl,. .sd, .s3db, .safe, .sas7bdat, .sav, .save, .say, .sd0, .sda, .sdb, .sdf, .sh, .sldm, .sldx, .slm, .sql, .sqlite, .sqlite3, .sqlitedb, .sqlite-shm, .sqlite-wal, .sr2, .srb, .srf, .srs, .srt, .srw, .st4, .st5, .st6, .st7, .st8,.stc, .std, .sti, .stl, .stm, .stw, .stx, .svg, .swf, .sxc, .sxd, .sxg, .sxi, .sxm, .sxw, .tax, .tbb, .tbk,.tbn, .tex, .tga, .thm, .tif, .tiff, .tlg, .tlx, .txt, .upk, .usr
ThiefQuest Ransomware uses a malicious extension to alter extension of your files and will give you a ransom note that guides you to contact its maker to get decryption key. You will be asked to buy bitcion and use it to purchase the decryption key. It is expensive but you never get any real guarantee that your files can be restored completely. Many victims infected by ransomware were tricked to pay but did not get a useful key. Do not take the risk!
It is not wise for you to follow its instructions to buy decryption key. You should delete ThiefQuest Ransomware first and then try legitimate decryption keys to be shared in the short future. Many popular tech companies are working on developing decryption tools for latest ransomware.
How to Manually Remove ThiefQuest Ransomware From Mac OSX? (Steps)
Step 1 Uninstall ThiefQuest Ransomware related apps or potentially unwanted apps from Mac OSX
- In Finder window, clicking “Applications” in the sidebar
- In the applications folder, right-click on ThiefQuest Ransomware related apps or other suspicious apps and click Move to Trash.
Step 2 – Remove malicious files generated by ThiefQuest Ransomware or related malware from your Mac
1. Click the Finder icon from the menu bar >> choose “Go” then click on “Go to Folder“:
2. In the Go to Folder… bar, type the name of the following four folders to open them one by one:
3. In each folder, search for any recently-added suspicious files and move them to the Trash. Here are some examples of files generated by malware:
“installmac.AppRemoval.plist”, ThiefQuest Ransomware”, “com.genieo.completer.download.plist” “com.genieoinnovation.macextension.plist” “com.genieo.engine.plist” “com.adobe.fpsaud.plist” , “myppes.download.plist”, “mykotlerino.ltvbit.plist”,
Step 3 – Find and remove malicious extensions and browser hijacker from Safari and Chrome.
1. Start Safari: Select Safari menu and click Preferences:
2. Select Extensions tab>> Look for the unsafe or suspicious extensions and click Uninstall:
3. Select Search tab >> click the Search Engine menu and make your choice. Safari lets you use Google, Yahoo, Bing, or DuckDuckGo.
4. Select the General tab >> In the Homepage bar, type the URL you want to set as the Safari homepage.
On Google Chrome
1. Open Google Chrome and click the “Customize and control Google Chrome” icon at the top right corner >> Select More Tools and click Extensions;
2. Search for suspicious extensions and click trash icon to remove it:
3. Reset default search engine on Chrome:
- Open Google Chrome and click the “Customize and control Google Chrome” icon >> Select Settings
- Scroll down until you locate the Search engine section
- Click the drop-down menu accompanying the option labeled Search engine used in the address bar
- Select Google, Bing or Yahoo! as your default search engine.
4. Reset homepage on Chrome:
- Open Google Chrome and click the “Customize and control Google Chrome” icon >> Select Settings;
- In the “On Startup” section, click the “Set pages” link near to the “Open a specific page or set of pages” option.
- Remove the URL of the browser hijacker (for example SearchMine.net) and enter your preferred URL (for example, google.com).
Step 4 – Re-check your Mac with Combo Clean Antivirus.
To be sure that your Mac is not infected at all, it’s recommended to run a full scan with Combo Cleaner Antivirus.
Combo Cleaner Antivirus is a professional Mac Antivirus and Mac OSX Optimization Tool for users. It is equipped with powerful detection engine against virus, malware, and adware. Thus it is able to protect your machine from the latest out-breaking threats and infections. Moreover, its Disk Cleaner can detect and clean up all junks and always keep your Mac’s performance at the peak.
Once Combo Cleaner is installed, run a scan to diagnose your Mac and solve all problems: