Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, July 15, 2015

Remove Virus and Restore Encrypted Files

Tell your friends:
Becoming the victim of a ransom virus which encrypts your files and changes file names to "" is, sadly, just part and parcel of using the internet these days. This new ransomware is probably related to which was quite active a few months ago. At least it follows the same pattern and uses pretty much the same methods to encrypt files and collect money from victims. File names usually look something like this:

Filename.doc is your original file name. Id-8549320 is your unique ID which is necessary if you want to pay the ransom and get your files back. is the email address used by cyber criminals to comunicate with victims (confirm payments and send decryption tools). Although, I can not confirm that they are actually willing to decrypt your files. Very often, users pay the ransom and do not receive ant decryption tools. That's why I generally don't recommend paying the ransom unless your files are so important, you don't have backups and you are willing to take the risk. With that aim in mind, here we are going to take a closer look at something called ransomware.

What is ransomware?

You have probably spotted how there is a distinct pattern when it comes to naming our malicious software foes. Even malware is a contraction of malicious software. In a similar vein, adware displays adverts and spyware monitors what you're doing on your PC. And ransomware – will kidnap your files and documents and hold them hostage – normally by encrypting them so you cannot access or open them. And just like the daring kidnapping tales in children's stories a ransomware kidnapper, will of course demand a ransom before they release your data – usually you pay a not inconsiderable amount to be given a decryption code that allows you to unlock your files. However, unlike most ransomware, it does't leave ransom notes like help_decrypt.txt or how_to_decrypt on your computer. Sometimes, it can change your wallpaper and display information on how to get your files back. However, I noticed that it doesn't happen all the time which means this ransom virus is not coded and tested very well. Of course, it does the encryption part very well which is the main point, so everything else was probably not that important to those who created this malware.

How infects your computer

It does have one thing in common with its malware brothers and sisters and that is the method it uses to infiltrate your PC. Some variantss of this ransomware will be secretly packaged with another program, file download or app. Others are spread via spam email or messenger attachments, and some ransomware executions will be triggered if you visit a website that has been compromised.

Will I know if I've been infected by

In a word: yes, you will most definitely know if you have a ransomware infection on your PC. The malware is certainly not shy and retiring – look at it this way, it wants to extort money from you and it wants payment in the shortest time possible, before you stop panicking and start thinking more seriously about how to solve the problem. Ransomware is all about scare tactics and taking advantage of people at the moment of distress. It preys on you when you are vulnerable and thinking that you are never going to see any of your files, photos or documents ever again. What should I do if I've been infected?

It's easy to say, but try not to panic. And whatever you do, don't pay the ransom unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer, Recuva and some other specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber crooks will recover your files. If you have any questions, please leave a comment below. Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.

Written by Michael Kaur,

Step 1: Removing and related malware:

Before restoring your files from shadow copies, make sure ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.