POOPY BUTT-FACE Ransomware 🔐 (.POOP File) — Removal Guide

by Brendan Smith
October 11, 2023

The Poopy butt-face virus falls under the ransomware type of infection. A harmful program of such sort encrypts all the data on your PC (photos, documents, excel sheets, audio files, videos, etc) and adds its extra extension to every file, creating the Pooop-ransom.txt files in each directory with the encrypted files.

What is Poopy butt-face virus?

Poopy butt-face adds its specific .Poop extension to every file’s name. For example, a file entitled “photo.jpg” will be renamed to “photo.jpg.Poop”. Likewise, the Excel sheet named “table.xlsx” will end up as “table.xlsx.Poop”, and so forth.

In each folder that contains the encrypted files, a Pooop-ransom.txt file will be found. It is a ransom money note. It contains information on the ways of paying the ransom and some other remarks. The ransom note most probably contains a description of how to purchase the decryption tool from the ransomware developers. That is how they do it.

Poopy butt-face Overview:

Name Poopy butt-face Virus
Extension .Poop
Ransomware note Pooop-ransom.txt
Detection Trojan:Win32/CryptRan.SA!MTB, Trojan:Script/Phonzy.B!ml, Trojan:MSIL/SnakeKeylogger.SPAQ!MTB
Symptoms Your files (photos, videos, documents) get a .Poop extension and you can’t open them.
Fix Tool See If Your System Has Been Affected by Poopy butt-face virus

The Pooop-ransom.txt file accompanying the Poopy butt-face malware states the following:

----> Poopy Butt-face is multi language ransomware. Translate your note to any language <----
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won\'t
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $???. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself  to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com

Payment informationAmount: $$$$ BTC
Bitcoin Address:  *BTC address*

In the screenshot below, you can see what a folder with files encrypted by the Poopy butt-face looks like. Each filename has the ".Poop" extension added to it.

Poopy butt-face Virus - encrypted .Poop files

That is how encrypted ".Poop" files look.

How did Poopy butt-face ransomware end up on my PC?

There is a huge number of possible ways of ransomware infiltration.

There are currently three most popular ways for hackers to have ransomware working in your digital environment. These are email spam, Trojan injection and peer-to-peer networks.

  • Another thing the hackers might try is a Trojan horse scheme. A Trojan is an object that gets into your PC pretending to be something different. For instance, you download an installer for some program you need or an update for some software. However, what is unpacked reveals itself a harmful program that encrypts your data. Since the update file can have any title and any icon, you'd better be sure that you can trust the source of the things you're downloading. The optimal thing is to trust the software companies' official websites.
  • As for the peer-to-peer file transfer protocols like BitTorrent or eMule, the threat is that they are even more trust-based than the rest of the Web. You can never know what you download until you get it. So you'd better be using trustworthy websites. Also, it is a good idea to scan the directory containing the downloaded items with the antivirus as soon as the downloading is finished.

How do I get rid of ransomware?

It is crucial to note that besides encrypting your data, the Poopy butt-face virus will most likely deploy Vidar Stealer on your PC to seize your credentials to different accounts (including cryptocurrency wallets). The mentioned spyware can derive your logins and passwords from your browser's auto-filling data.

How to avert ransomware attack?

Poopy butt-face ransomware has no endless power, neither does any similar malware.

You can armour yourself from its injection in several easy steps:

  • Ignore any emails from unknown mailboxes with strange addresses, or with content that has likely no connection to something you are expecting (how can you win in a lottery without participating in it?). In case the email subject is more or less something you are expecting, scrutinize all elements of the questionable letter with caution. A hoax letter will always have mistakes.
  • Never use cracked or unknown software. Trojan viruses are often distributed as an element of cracked software, possibly under the guise of “patch” preventing the license check. But potentially dangerous programs are very hard to tell from trustworthy software, because trojans sometimes have the functionality you seek. You can try to find information about this software product on the anti-malware message boards, but the best way is not to use such programs at all.

Frequently Asked Questions

🤔 How can I open ".Poop" files?Is it possible to open“.Poop” files?

Negative. That is why ransomware is so frustrating. Until you decode the ".Poop" files you will not be able to access them.

🤔 I really need to decrypt those “.Poop” files ASAP. How can I do that?

It's good if you have fаr-sightedly saved copies of these important files elsewhere. Otherwise, you might try to employ System Restore. The only question is whether you have saved any Restore Points that would be helpful now. All other solutions require time.

🤔 What should I do if the Poopy butt-face virus has blocked my PC and I can't get the activation key.

🤔 What could help the situation right now?

Many of the blocked files might still be at your disposal

  • If you sent or received your critical files by email, you could still download them from your online mail server.
  • You may have shared images or videos with your friends or relatives. Just ask them to post those pictures back to you.
  • If you have initially got any of your files from the Web, you can try downloading them again.
  • Your messengers, social networks pages, and cloud drives might have all those files as well.
  • Maybe you still have the needed files on your old computer, a laptop, cellphone, memory stick, etc.

HINT: You can employ data recovery programs1 to get your lost data back since ransomware encrypts the copies of your files, deleting the authentic ones. In the tutorial below, you can learn how to use PhotoRec for such a recovery, but remember: you can do it only after you eradicate the virus with an antivirus program.

I need your help to share this article.

It is your turn to help other people. I have written this guide to help people like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith

References

  1. Here's the list of Best Data Recovery Software Of 2023.

About the author

Brendan Smith

Cybersecurity analyst covering malware families, suspicious files, and detection alerts. Brendan focuses on clear explanations of what a warning means, when it may be a false positive, and which cleanup steps are appropriate.

View all posts

Leave a Comment