• OnyxModsLLC

Remove spybuster ransomware (Virus Removal Guide) - Free Instructions

spybuster ransomware – ransomware that uses legitimate anti-malware name in order to destroy its reputation.

spybuster ransomware is a malicious program that is based on the open-source HiddenTear code. This ransomware mostly uses the name "". This ransomware uses the same Server URL as 2spyware ransomware which tries to destroy reputation of

Once spybuster ransomware is on your system, it will start encrypting your files and put .spybuster extension. Then, you can't access your files anymore. The desktop wallpaper will also be changed to the logo of Onyx Mods LLC likely and the ransom note will be on READ_IT.TXT file on Desktop.

The people who made this ransomware are using the name of Onyx Mods LLC to try destroy reputation of Onyx Mods LLC.

Threat Analysis

Name : spybuster Ransomware

File extension : spybuster

Type : Ransomware

Family : HiddenTear

Short Description : The ransomware encrypts all the data stored on your system and requires a ransom to be paid on your part supposedly to recover your important files.

Symptoms : File encryption by the ransomware is performed by means of the AES and RSA encryption algorithms. Once the encryption is completed, the ransomware adds its special spybuster extension to all the files modified by it.

Distribution Method : Spam Emails, Email Attachments

Similar Infections : 2spyware ransomware, spyhunter ransomware, paradox ransomware

Removal Tool : Malwarebytes

HiddenTear is a open-source ransomware/filecoder that was published for educational purposes only but sadly people have been using this to infect people and make their own ransomware ( Not really make own as it is copying kind of ). Hidden-Tear was originally published to Ransomware developers have abused hidden tear since 2016.

Spybuster ransomware was created using open-source ransomware hidden Tear source code.

Spybuster also adds a contact email but this does not have contact with them and does not ask for ransom fee like other ransomware usually do.

spybuster ransomware was developed to destroy reputation of Onyx Mods LLC anti-malware tool Spybuster. This is just a ransomware trying to destroy reputation of ours.

The ransom note already proves that it is not ours right? Ransomware developers never will put their real company name.

Unfortunately, all the files that get encrypted by ransomware can no longer be accessed by victims – all the files also are marked with .spybuster extension. Here are a few examples of the locked files:




As for now, you should focus on spybuster ransomware virus removal – it can usually be easily performed with powerful anti-malware software.

Ransomware developers can create malware for multiple reasons

The main motivator of ransomware developers is, without a doubt, money. They typically attempt to encrypt as many computers as possible in order to maximize the number of victims who will pay the ransom, profiting malware authors in the long run. However, some ransomware developers have completely different goals in mind – jokes, scams, acts of revenge, and “for the lulz” reasons are common. For example, Pewcrypt ransomware asked users to subscribe to the famous YouTuber's channel, while CSGO ransomware claimed users need to play five hours of CounterStrike: Global Offensive video game to recover their files.

Some ransomware, called wipers,[2] are developed in a way to destroy data forever and sometimes even corrupt the operation of a Windows machine (in case you come across such an infection, you do not have to reinstall Windows right away –

Cybercriminals who create ransomware as an act of revenge or as an attempt to destroy the reputation of a company are common. For example, SpyHunter, which is a legitimate anti-malware software, was also targeted by threat actors before.

( Reference : )


1. Open File Explorer

2. Go to "This Computer"

3. Select C:

4. Open the folder with your PC name.

5. Delete the folder called Rand123


How to automatically remove Spybuster Ransomware using malwarebytes

Download Malwarebytes via or and run a scan.

Delete found threats


How to automatically remove Spybuster Ransomware using Spybuster Free

Download Spybuster Free from this link :

Go to "Scan" page once installitation is complete.

Do quick scan

If any threat is detected, remove it by deleting it!

69 views0 comments

Recent Posts

See All