How to uninstall .good (Dharma) Ransomware permanently

.good (Dharma) Ransomware is a perilous and high risk data-encrypting malware that secretly enters in the targeted PC and encrypt the stored files silently. On every encrypted file, you will notice .good extension on it. For example, the image file named as .good (Dharma) Ransomware.jpg will get changed to .good (Dharma) Ransomware.jpg.good. When you try to access such file, you would see a ransom note named as “RETURNFILES.txt” on the desktop as well as on every folder containing the file.

Like other variant of Dharma Ransomware, .good file virus also uses text files and pop-ups window to convey the message that file has been encrypted. Its ransom note says that the file has been encrypted and you will be forced to contact the cyber-criminals if you want to recover the encrypted files. The researches reveal that this malware uses RSA-1024 encryption algorithm cipher for file encryption and this requires a unique decryption key to access the files. For each victim, public encryption and private decryption key is generated using RSA-1024 encryption method. The decryption keys are stored in a remote server and in order to get the decryption key, every victim have to pay ransom money. The actual price of the ransom money is to be revealed through email ID. As per the claims, the ransom money should be paid within 7 days of encryption. They threat that if the money is note paid within time, the data will get removed permanently.

Should I Pay the Ransom Money?

The cyber-criminals try very hard to convince you to pay the ransom money. In order to win your trust, they even agree to decrypt one of the file of your choice for free. However, this is a spam in reality. You cannot simply trust the cyber-criminals and believe that they are going to help you in any which way. Paying ransom money often result in being scammed and don’t give any proper positive result. Unfortunately, the cyber-experts have not been able to develop a free decryption tool until now. If you really want to recover the encrypted files then you have to rely on backup files. The ransomware also deletes the “Shadow Volume Copies” that is created by PC operating system. The last option is to use the data recovery tool that could be very useful in some cases.

More than recovering the encrypted files, you prime focus should be on removing the scripts and payloads of .good (Dharma) Ransomware. It is because as long as the malware is there in the work-station, it will continue encrypting other files and programs. It is due to these type infections, it is strongly advised to always create backup of your important files. Be sure that the backup is created in remote server or unplugged external storage device.

How .good (Dharma) Ransomware gets Inside the PC:

This type of malware can get inside the marked work-station through multiple ways and tricks. The most popular distribution methods are bundling with freeware and shareware, fake software downloads or updaters, spam email campaigns, unsafe links and pop-ups and so on. Most of the cracking tools that claim to crack the paid software for free often are spam and they carry malware attachments with them. The same things happen with the fake software updater. These tools are capable to exploit the software bugs and flaws and they download malware infections rather than providing the actual software updates. Similarly, spam email campaigns are executed to circulate malware infections. The targeted victims continuously receive thousands of emails and messages in their inbox. When you open the message, the harmful files and payloads gets downloaded in the backdoor. Such emails often contain attachments that presented as invoices, spam emails, receipt, bills, MS Office docs and so on.

Some Precautionary Measures to Protect PC from .good (Dharma) Ransomware:

  • Be careful while downloading any kind of application in the work-station. Read the terms and agreement and privacy policy very carefully. Always choose advance/custom installation method so that hidden files gets detected and is stopped from getting installed in the PC
  • Browse carefully and don’t click on random links and pop-ups during your Online browsing session. Avoid visiting doubtful websites especially related to gambling, Online dating, pornography and so on
  • Use a powerful anti-malware tool that will provide protection from malware in real-time environment

Special Offer: 

.good (Dharma) Ransomware page is a perilous malware. In order to avoid its removal, it hides its payloads and scripts deep inside the PC. You may try downloading SpyHunter Malware Scanner and check if it detects this malware for you.


Go through the SpyHunter’s EULA, Threat Assessment Criteria, and Privacy Policy. You must  note that only SpyHunter’s scanner is free. If it detects a malware, it will subject to a 48-hour waiting period, one remediation and removal. In order to remove the malware instantly, you have to purchase its full version. (more…)

Leave a reply