How to remove GDCB virus and restore encrypted files

Let's find out, what do we know about GDCB? It consists of a completely legitimate coding algorithm that ciphers the files on customer’s PC and makes them useless without a key. The key is also encoded with a different method. As usual, swindlers prefer RSA and AES algorithms, which have demonstrated themselves the most hard-to decrypt and reliable. The mentioned algorithms and the software built upon them are freely available on the Internet, so swindlers only need to invent techniques of protection, to restrict an inlet to a virus, and create the safe update and control pattern. Some encrypting programs might function on their own, and fraudsters get a report about a new "client" as late as he turns to them and forwards the funds. The complex encrypting viruses are more active, and send files to hundreds addresses, to puzzle the malware-fighters and maximize the efforts required to defeat a ransomware.



GDCB is a bogey of mankind, and everyone knows that if you cannot view the information and you see a ransom note – the things are turning ugly. It’s a true, by the way. An encrypting virus is the worst thing that can happen to you on the Internet as a regular person has no resources to delete it. The single situation when you can beat an encrypting virus is if you’re not facing a real virus, but a screenlocker, that covers your display and tries to trick you into paying a ransom. In any other case, if a virus was developed and secured in a proper method – you should just hope that specialists can defeat it. If scammers failed somehow, and there are any flaws, which let you to get back files – you'll find a solution in this article.



Regardless of ransomware’s sort, the RSA and AES methods are too complex to hack them directly. It it requires hundreds of years to make all needed calculations on a common computer or, maybe, twenty or thirty years in case of usage of a mega-powerful computer. We know only two effective manners to defeat a ransomware: to hack into it, or break into its server, to get a master key. Rare ransomware examples also have a breaker that can stop ransomware's activity totally or to make it pass the infected machine. If anyone finds such breaker for this virus, or develop a decryption tool, we'll give you complete info in this item.


Here we've gathered some alternatives to examine, prior to giving up and expecting for a decryptor. As we said earlier, swindlers also fail, and certain characteristics of your Windows might support you to restore information.


  • If your system account doesn't have admin capabilities – it's time to congratulate yourself. The matter is that the operating system duplicates any information before their deletion or modification. These copies are known as the Shadow Volume Copies, and the malware knows how to delete them. If you're working from the user's entry – the operating system asks for a permission at the exact moment GDCB tries to erase shadow copies. In case you saw such window and declined it – then the SVC are alright, and could be used to get back the data.
  • If you have a backup, and placed it on the external flash drive – you should delete GDCB and use it. Ensure that the virus is removed completely, since if it isn't – all files will be encrypted instantly, including the files that were saved on an outer hard drive.


If you checked both these things and there is no chance to recover lost files – you have to uninstall GDCB from the machine and expect when a decryption program will be created.

How to remove GDCB

Unfortunately, you can't fully elude an automatic mode. This ransomware is very tricky and you might pass some parts and then regret it (it may happen if you connect a flash drive with your backups to a not-fully-cleared device). It knows how to conceal damn good, and you just won’t be able to eliminate it completely by hand. Here's your removal specification which will suit all your needs. It contains some manual steps and an optional antivirus program phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter AntiMalware that is not simply efficient, but also light weight and constantly advancing tool which will clean your PC of all undesired programs. Click the link below to use it and eliminate GDCB.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

If you uninstalled GDCB, or at though learned how to do that, let’s think about the data recovery. As we said earlier, if you logged in from an administrator profile and you granted the virus a pass into the computer – you have no method to restore your information except for the backups. If you haven’t done this – you might have a chance, but it needs topical recovery tool. We suggest you to try ShadowExplorer and Recuva programs. They're simple to find on the registered pages of their creators, with thorough instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience