1 of 4
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Sardoninir Ransomware

Sardoninir Ransomware, also known as Sardoninir@gmail.com Ransomware, is a malicious threat that is identical to another malicious threat, Safeanonym14@sigaint.org Ransomware. Right when this threat attacks your operating system, a small window might show up briefly revealing the pass-code that you actually need to get your files decrypted. Of course, you might not notice this code at all, or you might not think much about it. Unfortunately, this is a sign that your files are being encrypted. At the same time, a different window entitled “Error” should show up stating: “Unable to open file, please re-install the software.” Obviously, that does not make sense either if you do not know that a malicious infection is active. Overall, if you notice these windows, it is most likely that a dangerous ransomware is wreaking havoc. Needless to say, if you don't remove Sardoninir Ransomware components right away, it will be too late to salvage your files. If your files have been encrypted already, you should not rush to delete the threat because you might have a chance to recover your files using some of its components.

When your personal files are encrypted by the devious Sardoninir Ransomware, the “.enc” extension is attached to them. According to the information we have gathered, this threat is most likely to target files found in Desktop, Documents, Downloads, Videos, and Pictures directories. Of course, if this is where you keep your most sensitive and valued files, you are in trouble. To make things clearer for you, Sardoninir Ransomware provides you with information using a message that might cover the entire screen. According to this message, your PC has been blocked – which, of course, is not the case – and you need the so-called “unique key” to get your files decrypted. The message introduced to you by the ransomware displays a timer because you are instructed to fulfill all of the demands within 24 hours. You are ordered to pay a ransom of 100 USD to the presented Bitcoin Address (1A5dJPYaXQoMTEJ8EmZ9nL4feouwzgbNAA), and then confirm the payment by emailing sardoninir@gmail.com. Needless to say, this is where the name of the threat derives from. If you click the “PAY” button displayed on the ransom note, you will be routed to a page showing how to purchase Bitcoins, which is the currency that the ransom must be paid in.

It was found that Sardoninir Ransomware creates a RUN key in the Windows Registry to ensure that the infection starts running every time your restart the computer. Upon startup, the threat also kills processes with these strings in their names: explorer, Taskmgr, regedit, and cmd. These, of course, represent Windows Explorer, Task Manager, Registry Editor, and Command Prompt, respectively. As you might know already, this could stop you from deleting Sardoninir Ransomware from your computer manually. The funny thing is that these processes are killed momentarily, and you can restart them. If that does not work, you can always reboot your PC in Safe Mode to regain control over the disabled utilities. Once the control is regained, you should have no issues killing malicious processes, and deleting registry keys and files associated with the ransomware. Before you do that, you should try retrieving the pass-code that might help you decrypt your personal files. According to our research, this code is hidden in a value called “pass” that is located in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion. We have added steps showing how to access the value and retrieve the code (see the guide below). Keep in mind that the creator of the threat might hide the code better when it is updated. If the code does not exist, your only option might be paying the ransom, and that is too risky for us to recommend.

Whether you delete Sardoninir Ransomware manually or using an anti-malware tool, you should look for the pass-code first. The first steps in the instructions below show how to recover it. If that does not work for you, you might be dealing with a newer version of the infection than the one discussed in this report. In that case, unfortunately, you might be facing the loss of your files. If you choose to pay the ransom, remember that there is a risk of losing your money for nothing. Once you get rid of the infection, make sure you employ reliable security software to protect your vulnerable operating system against malware in the future. Also, make sure to back up the most important files to ensure that you do not lose them even if the original files on your PC are encrypted permanently.

Sardoninir Ransomware Removal

  1. Tap Ctrl+Alt+Delete keys to open a menu and then choose Task Manager.
  2. First, end the process called svchost (make sure it is linked to a malicious .exe file first).
  3. Click File and then New Task.
  4. Enter regedit.exe and click OK to launch Registry Editor.
  5. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion.
  6. Double-click the value called pass and record the code shown in the value data (note that if the value data in Hr, Minu, and Secd values (in the same path) equal 0, you will not be able to enter the pass-code).
  7. Launch Task Manager again, click File, chose New Task, and enter explorer.exe.
  8. Enter %HOMEDRIVE%\Logs\System\Windows\DefaultApplications into the bar at the top.
  9. Double-click the file called svchost.exe (might be named differently).
  10. Enter the code you recorded into the PASSWORD box and wait for your files to be decrypted.
  11. Once your files are restored, go back to %HOMEDRIVE%\Logs\System\Windows\.
  12. Delete the folder named DefaultApplications.
  13. Right-click and Delete the original launcher file (the name and location are random).
  14. Scan your operating system using a legitimate malware scanner to check for potential leftovers.
Download Spyware Removal Tool to Remove* Sardoninir Ransomware
  • Quick & tested solution for Sardoninir Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.