Bboo File Virus - How to remove

Bboo is a type of Djvu malware, file-encrypting ransomware that gets accidentally downloaded with cracking tools and pirated files. Bboo is called that because it adds “.bboo” to file names. In addition, it encrypts files with a unique encryption key for each victim. This makes recovering from Bboo quite difficult, though not always impossible. There are ways to get some of your files back even if you don’t pay the ransom, but the success depends on your circumstances.

Bboo infection symptoms and solutions:

How the ransomware spreads	In torrenting sites, in pirated files, in cracking tools, activators, key generators, etc.
Bboo infection symptoms	Files get a second file extension “.bboo” and change icons to a white sheet, files don’t open even if you remove the new extension, antivirus program doesn’t work, cybersecurity websites don’t open, online accounts get hacked, excessive pop-up ads start showing.
How to recover the files	Restore from backups, try the free decrypter, use data recovery software.
Removing Bboo file virus	Unblock cybersecurity sites, use anti-malware scanners (like SpyHunter).

How did Bboo infect your computer?

Bboo spreads through pirating. Most likely, you were using a possibly illegal site to download some “free” software. Bboo must have been hidden in an installer or was downloaded when you ran the program/crack. This method of spreading file viruses has been used by Bboo’s creators for many months now and it’s been very effective – some people even get infected multiple times.

There are other ways to get infected with malware, like by opening random spam email attachments, enabling macros for suspicious documents, allowing remote access to your desktop, and going on shady websites while using an out-of-date browser. But in this case, Bboo uses pirating sites.

Some victims of Bboo are hesitant or ashamed of talking about it, especially when other people tell them that they should have known or should have prepared. But talking honestly about it can help people learn from each other’s mistakes, so it can be very helpful for the future.

Infection symptoms

At first, Bboo should open a fake Windows update screen or something similar to distract you with. Your computer may or may not restart. After Bboo is done with it, most of your files have a second extension .bboo and they can’t be opened. Their icons are replaced with that of a white sheet of paper that Windows uses for unknown files.

picture.jpg -> picture.jpg.bboo

It’s not just the bboo extension; the internal data of the files is also broken. Bboo at least partially encrypts most files, it only leaves Windows files alone. Encryption is a process of turning text/information into random-looking data, so programs can’t recognize and open the Bboo-locked files. Bboo’s locks can’t be broken: encryption is very secure, for example, it is used to protect your banking credentials as they’re sent over the internet. Decryption is only possible with the correct decryption key.

Don’t remove the extensions or edit the files without first creating copies that can serve as backups. Even small edits to a file could render it undecryptable.

You may try to get rid of Bboo with an antivirus program, but its creators anticipated that: antivirus tools are deleted/broken by Bboo. It also blocks the addresses of cybersecurity sites so you can’t download new antivirus tools. Below are the instructions for how to fix your hosts file to unblock the sites.

Bboo creates a bunch of ransom notes (called _readme.txt) in which the extortionists ask for $490 ransom. They want it in Bitcoin and they give their addresses – [email protected] and [email protected].

Oh, and here’s another problem: with Bboo, another malware may have come to your computer. A trojan called Azorult sometimes gets installed by Djvu file viruses. This trojan can steal your saved passwords, take screenshots, download adware and start showing a bunch of pop-up ads.

How to get your files back?

If you have up-to-date backups of your files, all you need to do is delete all malware and restore your files. But many people haven’t got complete up-to-date backups, so a ransomware infection is devastating.

There’s a decrypter by Emsisoft that works on Djvu file viruses like Bboo, but only if you have the decryption key. And the only way to get your decryption key is from the criminals who are responsible for Bboo. Each victim’s key is different, so they all have to pay individual ransoms.

The exception is when the offline key is used on your files – it is shared among Bboo’s victims. It’s used when Bboo fails to connect over the internet and has to run in offline mode.

Emsisoft decrypter’s server is updated when (if) a new offline key is found. Run the decrypter on your files to see if they can be fixed. Some of the earlier Djvu file viruses, like Meds, Topi, and Reha have already had their offline keys discovered and shared with Emsisoft – and some of their victims have been able to get their files back.

If the decrypter can’t help, you absolutely need your files, and you don’t have backups, paying the criminals the ransom is an option – but only as a last resort:

• it’s not safe because you might reveal some important data about you (so use a new email and do not give away any of your personal data),
• it encourages the criminals to do more attacks,
• the decrypter might not always work right (a frequent issue with ransomware is big files being undecryptable),
• you might just get robbed (the extortionists could simply ignore you after you send them the money).

We don’t condone paying, but it’s up to you – you know what’s best for your situation.

Just make sure to avoid any scammers – random people who say that they can fix your files and then ask for money. Yes, it is possible to get back some data from your big files, like video recordings, because they’re only partially encrypted. For example, if you have zip files or other archives, make copies of them, then remove the .bboo extension, and then open them – some of the files should still be functional and healthy. But overall, it’s really complicated to repair the big files and it’s impossible to decrypt small files if you don’t have your unique decryption key. So don’t believe anyone who claims to have a miracle fix.

More file recovery methods are described in the last section.

How to remove Bboo

To be able to sue your computer normally again, go ahead and remove Bboo, the trojan, the file that infected your machine in the first place, and any other malware. The best way to do this is with an antivirus tool, like Spyhunter.

Important -- edit the hosts file to unblock security websites

TL DR : The hosts file is edited to block security sites Before the virus can be removed, it's necessary to fix the hosts file (the file which controls which addresses connect to which IPs). That is the reason the majority of security websites is inaccessible when infected with this particular parasite. This infection edits this file to stop certain websites, including anti-malware download sites, from being accessed from the infected computer, making browsers return the "This site can't be reached" error. Luckily, it's trivial to fix the file and remove the edits that were made to it.

Find and edit the hosts file

The hosts file can be found on C:/Windows/System32/Drivers/etc/hosts. If you don't see it, change the settings to see hidden files.

1. In the Start Menu, search for Control Panel.
2. In the Control Panel, find Appearance and Personalization.
3. Select Folder Options.
4. Open the View tab.
5. Open Advanced settings.
6. Select "Show hidden files...".
7. Select OK.

Open this file with administrator privileges.

1. Open the Start Menu and enter "notepad".
2. When Notepad shows up in the result, right-click on it.
3. In the menu, choose "Run as administrator"
4. File->Open and browse for the hosts file.

The hosts file should look like this: Delete additional lines that they connect various domain names to the wrong IP address. Save the file.

Download and run the antivirus program

After that, download antivirus programs and use them to remove the ransomware, the trojan, and other malware. Spyhunter (https://www.2-viruses.com/reviews/spyhunter/dwnld/).

Automatic Malware removal tools

How to recover Bboo File Virus encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP

• Start → Shutdown → Restart → OK.
• Press F8 key repeatedly until Advanced Boot Options window appears.
• Choose Safe Mode with Command Prompt.

for Windows 8 / 10

• Press Power at Windows login screen. Then press and hold Shift key and click Restart.
• Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
• When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.

 

2.Restore System files and settings.

• When Command Prompt mode loads, enter cd restore and press Enter.
• Then enter rstrui.exe and press Enter again.
• Click “Next” in the windows that appeared.
• Select one of the Restore Points that are available before Bboo has infiltrated to your system and then click “Next”.
• To start System restore click “Yes”.

 

Step 2. Complete removal of Bboo File Virus

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Bboo. You can check other tools here.  

Step 3. Restore Bboo File Virus affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Bboo tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.

b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.

Step 4. Use Data Recovery programs to recover Bboo File Virus encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

• We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
• Download a data recovery program.
• Install and scan for recently deleted files.

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.