Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, June 17, 2015

Remove ABOUT FILES! Ransom Virus and Restore Encrypted Files

Tell your friends:
If you find "ABOUT FILES!" text ransom note in every single directory on your computer and the "error_" prepended to all your files, for example error_jun-2541584.xls, then your computer is infected with ransomware. It's a fairly obvious statement when we say that the more time we spend surfing the web or working online, the greater the chances are of us falling victim to ransomware infestation. And in exactly the same way that antivirus programs and security tools are becoming more and more sophisticated, so too is malicious software. Cyber criminals have realized that it's a lucrative business and are constantly dreaming up new ways to attack us and exploit our cyber security loop holes and our emotional vulnerabilities to fill their bank accounts. Therefore, if we are to protect ourselves from becoming yet another faceless victim and a malware statistic we need to take proactive steps.

The thing is that if you're not a nerd, geek or tech whiz kid, it is a bewildering world and it is difficult to know what issues we face and what the latest method of attack is. And that's precisely why it is important to stay up to date and know as much as you can about the different types of ransomware and their operating methods. And it goes without saying that you also need to make sure you have a reputable malware program running on your computer.

What is "ABOUT FILES!" ransomware?

Without going into the nitty gritty, ABOUT FILES! ransomware is a type of software program that is designed to hold the files or programs on your computer hostage. Yes, you really will become a victim of a kidnapping as you will only stand a chance of retrieving your files if you pay a ransom for their release. It encrypts your files using AES and RSA encryption algorithms, drops ABOUT FILES!.txt file in every directory where at least one files was encrypted and adds error_ in front of each encrypted file name. The ransom note reads:

Hi guys! We have bad news for you.
Your files have been crypted by 2 popular alghoritms - AES and RSA. Only we have private RSA key
All crypted files now starting with "error_":

You can buy our decryptor that will recover all your files. You need:
1) Send us 3 bitcoins on our bitcoin address [edited] (Now 1 bitcoin approximately = 230 usd)
Only we and you know about this address, so we will understand that its your payment.
2) Send us your unique identificator on our mail
3) Wait 1,2... or 24 hours and we will send you decryptor (it is very easy to use it - you
need only run decryptor executable file and wait 5-10 hours and all files will be decrypted)

If we dont anwser on your letter more than 1 day then make your own mail account on
(This action is very simple and takes 1-2 minutes) and send us your letter again
(some mail servers (for example and blocking letters to

Your unique identificator: [edited]

You can use one of those sites to change your money to bitcoins:

You dont need install any bitcoin software - you need only find bitcoin exchange service (also you can try find it here for your country -

Additional information: before payment you can send us one small file (not bigger than 300Kb).
and we will decrypt it before payment (also you need send us your unique identificator).
After that, we think that it will be evedent that we have the program that can decrypt your files.

We dont want to destroy your files! We only need some money!

Cyber criminals claim that they don't want your files. All they need is money. They are even willing to decrypt one file for free. You just need to send it to with your unique identification key. I guess that they may actually decrypt one file for your but there's no guarantee that they will decrypt all your files. So, think very well before paying the ransom ~230USD because it could be that not only your files will remain encrypted but you will also lose your money. Besides, by doing this you will simply encourage them to keep infecting more and more computers.

Sounds scary - but surely I just pay and I get my files back?

Unfortunately it's not quite that simple. Paying the sum of money that has been demanded is no fail safe passage to getting your information back. Let's not forget that these are unscrupulous people we are dealing with here and chances of them sending you the promised code to unlock your files are slim at best.

How does ABOUT FILES! ransomware infect me?

Like most types of malware, ABOUT FILES! ransom virus will infect you if it has been packaged with an app or program. It may also attack if you've visited an infected website or if you open an attachment or click on a link in an email or an instant chat application.

What should I do if I've been infected?

It’s easy to say, but try not to panic. And whatever you do, don't pay the ransom unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer, Recuva and some other specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber crooks will recover your files.

If you have any questions, please leave a comment below. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.

Written by Michael Kaur,

IMPORTANT! Before running anti-malware software and trying to restore your files COPY the encrypted files, Bitcoin wallet address (1), email address and unique identification number found in ABOUT FILES!.txt fule to external hard drive, CD/DVD or a USB flash key. You should have these in case you decide to pay the ransom or someone creates a decryption tool.

Step 1: Removing "ABOUT FILES!" ransom virus and related malware:

Before restoring your files from shadow copies, make sure ABOUT FILES! virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by "ABOUT FILES!" virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using Recuva free file recovery software.

Method 4: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.