HELP_DECRYPT has a few different names and you may also come across the terms crypto-virus, cryptoware, crypto-Trojan or crypto-worm, regardless of what this malware is called, what YOU need to know is what it can do and how you should react if it has infected your computer.
HELP_DECRYPT infects your computer by taking advantage of your curiosity
The majority of ransomware is disseminated by email. More specifically, in files that are attached to messages. These spam emails will either look like a tempting special offer that you simply can't miss out on, or they may come via a friend or acquaintance in your contact list that has been hacked. The attachment is carrying the HELP_DECRYPT virus and once you have clicked on the file, video clip or document to open it, it will install itself on your PC.
Some variants if this ransomware may also attack you if you have been unlucky enough to visit a compromised website that has been infected with it.
How do you lower the chances of being infected by HELP_DECRYPT virus? Well unfortunately it is not possible to know in advance whether a website has been compromised but you can definitely be proactive when it comes to emails (and instant messenger chat windows that come with links embedded in them). We've been told it a thousand times, but it is shocking the amount of people who still can't resist opening emails – and even attachments – that come from an unknown sender.
What does HELP_DECRYPT do to your computer?
It has been created to extort money from you. It's as simple as that. And to increase the chances of you giving in to its demands it needs to give you the most cause for alarm that it possibly can.
If you're under attack from this ransom virus your files or documents will be held hostage and you will receive a ransom note, either by email or in a pop-up window that is asking for an amount of money in return for the release of your data or files. The release normally comes in the form of a code that tells you you'll be able to use it in order to unlock your file or files. However, not all of these codes actually work so handing over the ransom is no indication you will even get your files back.
What should I do if I've been infected?
It's easy to say, but try not to panic. And whatever you do, don't pay the ransom unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer, Recuva and some other specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber crooks will recover your files. If you have any questions, please leave a comment below. Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.
Written by Michael Kaur, http://deletemalware.blogspot.com
Step 1: Removing HELP_DECRYPT and related malware:
Before restoring your files from shadow copies, make sure HELP_DECRYPT is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.
1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.
2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.
That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.
Step 2: Restoring files encrypted by HELP_DECRYPT virus:
Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.
Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.
Method 3: Using the Shadow Volume Copies:
1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.
2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.
3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.
Hopefully, this will help you to restore all encrypted files or at least some of them.