How to remove Crab virus and restore encrypted files

If you have suffered from an encrypting program and you know that it is the Crab ransomware – here you'll find useful info. We offer plain and efficient advice for Crab elimination and potential methods to restore the wasted information.

What is Crab virus

Crab is a scarecrow of our society, and we all know that if you can not view the files and there's a ransom note – the things are turning ugly. It is a accurate reaction, unfortunately. Crab infection is the ugliest threat that you may face in the Net since a regular person literally cannot remove it. The exclusive case when you're able to overcome an encrypting virus is when you’re not facing a true virus, but an imitation, that covers your display and tries to deceive you into paying a ransom. In any other case, if a virus was created and maintained in a right method – you can only trust that ransomware researchers can deal with it. If fraudsters committed an error, and there are some flaws, that give you an ability to recover files – you'll find an answer on this page.



Ransomware kind does not really matter, as the AES and RSA methods are overly complex to bruteforce them. It will take hundreds of years to perform all required operations on a common home PC and, maybe, few decades if you have an access to a mega-efficient gear. There are two basic manners to beat a ransomware: to find flaws in its code, or break into the Command & Control website, to receive a master key. Rare viruses also have a breaker, allowing to cease virus' operation completely or to drive it off the infected PC. If any parson finds that switch for Crab, or develop a decryptor, we will update this guide.

So, what we have to say about Crab? It consists of a totally legitimate coding algorithm that changes the files on customer’s workstation, so you can't use them in any way. Of course, a key is also encrypted with a different algorithm. Usually, fraudsters favour RSA and AES algorithms, which have proven themselves the most hard-to decrypt and reliable. The mentioned methods and the tools built upon them are in public access on the Internet, so swindlers just need to create security techniques, to block an admittance to a ransomware, and create the perfect control and update pattern. Some encrypting programs may act off-line, and swindlers get a report about another victim not before he turns to them and sends his ransom. The best ransomwares are work in another manner, and send reports to hundreds URL's, to puzzle the security specialists and throw them off virus’ track.



Here we've gathered some alternatives to inspect, until you can give up and await for a decryption software. As we said earlier, fraudsters make mistakes, and some peculiarities of the OS might support you to restore files.


  • A backup is the sole 100% productive method to get the information back, but you should get rid of Crab before. Make sure that the malware is gone completely, because if it’s not – all information will be spoiled again, with the files that were kept on an outer hard drive.
  • If you do not use the system via an admin account – you can congratulate yourself. The catch is that the operating system replicates all files prior to their deletion or alteration. Suchlike backups are called Shadow Volume Copies, and the ransomware has the methods to delete them. If you're using the regular entry – the operating system requests for a confirmation at the exact second Crab goes to erase these copies. In case you saw such thing and declined it – your SVC are safe, and you should use a specific tool to restore the data.


If you checked all these things and you have no chance to get back the data – you better delete Crab from your computer and expect when a decryptor will be created.

How to remove Crab

Unfortunately, you can't fully elude an automatic mode. This ransomware is too sly and there is a possibility to miss some remains and then suffer from it (it might happen if you line up an external data storage with your saved files to a not-totally-purged PC). It also hides damn good, so you just can't eliminate it entirely in manual mode. Here's your uninstall specification which will help you to beat this issue. It has some by-hand stages and an extra anti-viral tool phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

We propose you to test Spyhunter AntiMalware which is not only efficient, but is fast and constantly developing tool which is able to clear your system of all viruses. Click the link below to test it and delete Crab.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

When you eliminated the ransomware, or at though aware of how you might to do it, let’s think over the data restoration. As we said earlier, if you logged in from an admin entry and you let Crab a pass to the PC – you have no manner to recover the files except for the previously saved copies. If you haven’t done this – you still have a chance, but it needs peculiar recovery tool. The best ones of them are Recuva or ShadowExplorer tools. They're simple to get on the registered sites of their owners, with thorough instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience