Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, March 2, 2015

Remove Ransom Virus and Restore Encrypted Files

Tell your friends:
There are a number of different ransomware strains doing the rounds at any given time - you may well have heard of the vicious ransomware one in particular - however most types of this thoroughly unpleasant malware work in the same way. They attack your computer, then encrypt your files, making them inaccessible, and then send or show you a ransom note demanding you pay a sum of money for them to release their victim: your file. Payment is usually requested either by a prepaid voucher or by the digital currency known as Bitcoin. This particular ransom virus is just a new variant of virus that was detected in November last year. Nothing has changed since then. It still works in the same way: encrypts files and asks to pay a 1 Bitcoin ransom. The only difference is the email given for contacting cyber criminals. Now, it's and if it doesn't work or is down for some reason you can send an email to Here's how the ransom note reads:

Attention! Your computer was attacked by virus-encoder.
All your files are encrypted cryptographically strong, without the original key recovery is impossible!
To get the decoder and the original key, you need to to write us at the email with the subject "encryption" stating your id.
Write in the case, do not waste your and our time on empty threats.
Responses to letters only appropriate people are not adequate ignore.

The good news is that all is not lost if you do get held hostage by ransomware as it is actually possible to remove some varieties without also having to kiss your files or data goodbye, but that does depend on the malware in question, and again, it is only possible with some types.

One extremely important thing you can (and should!) do to protect yourself in the event of a ransomware attack is to backup your data on a regular basis to an external hard drive so that if you do lose anything you can simply wipe your disk drive clean - including the infected file - and re-upload everything back on to your computer.

Because the characteristics of ransomware vary, the means of eliminating them from your computer differ too. You might be lucky enough to get away with just scanning for viruses or you may have to go down the offline scan route and use advanced recovery tactics. spreads via infected email attachments. Be very careful opening attached files even from senders that you know and trust. Otherwise, you may install a Win32/TrojanDownloader.Elenoocka.A Trojan horse which will download and install this ransomware Win32/Filecoder.DG on your computer that rncrypts your files and holds them for ransom, demanding a fee in exchange for the decryption key or code. Keep in mind that cyber criminals may or may not give you the code, even after you've paid. So, think twice before paying a ransom.

So how do you protect yourself from becoming a victim? The good news is there are a few easy – and free - steps you can take:
  • Install a reputable anti-malware program. Run it regularly and ensure it is always up to date with the latest patches
  • Be careful when downloading software – don't use third party websites
  • Don't open emails from unknown senders – and if you do by mistake, DO NOT click on attachments or links
  • Create backups on a regular basis to an external hard drive
And now you're done reading this, may I suggest that you back up all your files onto an external hard drive NOW. That way if you are unlucky enough to fall victim to ransomware, you'll be able to simply wipe clean your internal disk drive and replace it with up to date data.

If you have any questions, please leave a comment below. To remove ransom virus, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur,

Step 1: Removing virus and related malware:

Before restoring your files from shadow copies, make sure ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.