Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, July 29, 2015

Remove HOW TO DECRYPT FILES.txt Virus and Restore Encrypted Files

Tell your friends:
It doesn't matter whether you only use your home computer for doing the weekly grocery shop online or you're running a thriving business that employs one hundred or more computer users, if you are connected to the internet, you are at risk of being infected by malware or a virus, or falling victim to some type of online phishing or social engineering scam.

After all, cyber crime is big money and disreputable people and programmers have realized that they can use their so-called talents to attack us in increasingly sophisticated ways. And no sooner has the latest version of a malicious software program been released and an antidote in the form of a new anti-virus patch been issued to combat it, then the malware will up its game and subject us to an even more advanced method of attack.

Unfortunately because there are so many different types of malware out which have all been created to act in different ways there is no cookie cutter solution to defending ourselves. So what do the likes of you and me need to know in order to outsmart the attackers? Staying alert is a good start, and reading as much as you can to know how to best protect yourself is another must do in the war on cyber crime. With that end goal in mind, here we are going to be looking at Win32/Filecoder aka Win32/Gpcode - Encoder - Win32/ ransomware that encrypts files and leaves the "HOW TO DECRYPT FILES.txt" ransom note on infected computers.

So tell me, what is HOW TO DECRYPT FILES.txt ransom virus?

Ransomware is definitely at the more unpleasant end of the malware scale. It has been designed to defraud you and get you to hand over money and it can cause some deadly damage to your files and computer's operating system too. And let's not forget the worry and upset that it inflicts during this whole process. All said and done, it is definitely something that it is worth taking a few minutes of your time to find out a little more about.

Like many types of malware, the clue is in the name when it comes to guessing what ransomware is and does. It works by holding you – or rather your files, documents, and programs – hostage. And if you take a minute to think about how much vital, and personal, stuff you have stored on your computer that is actually a terrifying thought. Your bank details, your correspondence, those sensitive work files, your family vacation photos – the list goes on. The makers of HOW TO DECRYPT FILES.txt ransom virus know this only too well, which is why they are fairly confident that they can get you to pay a ransom in order to have your computer released.

What should I do if I have been attacked by this ransomware?

Your kidnapper will make their demands pretty clear by displaying an on-screen message or leaving a ransom note stating their price. The ransom note reads:

Attention!!! Your broke the law!! All your files are encrypted!!
To restore your files visit if the site is not working please write to email

You have 5 attempts to enter the code. Above this limit, all the data irreversibly deteriorate.

It's a short ransom note and doesn't really explain a lot about what has happened. The given email address has the .su top-level domain which is rather popular among Russians because it was originally assigned as the country code top-level domain for the Soviet Union. We could probably take a wild guess who is behind this HOW TO DECRYPT FILES.txt ransom virus. The ransom virus encrypts different types of files and changes their extensions to some random ones, for example .i8xmgq. Obviously, you can't open such files even with notepad because they are encrypted.

It's easy to say, but once your computer is infected try not to panic. And whatever you do, don't pay the ransom unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer, Recuva and some other specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that cyber crooks will recover your files. If you have any questions, please leave a comment below. Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win. Good luck and keep safe online!

Written by Michael Kaur,

Step 1: Removing HOW TO DECRYPT FILES.txt and related malware:

Before restoring your files from shadow copies, make sure the ransom virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by HOW TO DECRYPT FILES.txt virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.