×

Notice: this is a preview of the original feed. Please, read our copyright notice. If you are the copyright holder of this feed click here.

feed

Tags: blogspot remove somoto.com instruction malici malware comput uninstall toolbar software mountain view

Malware Removal Instructions
From network security to phishing and malicious software. Whatever problem you have, we're here to help you solve it!...

by Admin, Mountain View (geolocate), published: Wed 27 May 2015 09:10:00 PM CEST.

Favicon How to Remove SC Advertisement Malware (Uninstall Guide)
15 May 2015, 6:26 pm
If you have opened your web browser only to be greeted by "SC Advertisement", "brought by SC", "Ad by SC" or just "by SC" advertisements that you've never seen before then, I hate to break it to you but you arr the victim of a PUP which also installs adware component on your computer. And despite their rather cute name, there is nothing very lovable about technical PUPs. A PUP – or a Potentially Unwanted Program to give it its full name – is a type of malware which surreptitiously installs itself on your PC and then does its best to drive you mad by changing your settings and displaying ads labeled SC or sometimes SuperClick.

How is SC or SuperClick installed?

It may have been pre-installed on a new computer when you purchase it. It rarely happens but I thought you should know this. Others have infected websites and attack you by default when you visit that site. However the majority of PUPs install themselves automatically when you download another program or application. These have been bundled with the software you are installing or the file that you are executing, and their presence is not always the easiest things to spot. That's exactly how SC or SuperClick is distributed. If you don't want to see intrusive and sometimes even misleading SC Advertisements on your computer then better start reading the EULA and not just clicking 'Next' all the time.


How to avoid downloading a program that has been packaged with SC adware/PUP

Clearly saying don't download anything ever again' is not a practical course to take - we are now a race of avid downloaders and installers after all! From TV shows to lifestyle apps and from anti-viruses to video clips, we're all constantly adding the latest must watch entertainment or must have app to our devices. So, the thing that you really need to know is what you need to be on the lookout for when you're downloading.

Of course installing a great anti-malware program is crucial (as is running it often and making sure you have the very latest version) but you can also bolster your online defense by ensuring that your computer is fully up to date when it comes to having the latest Microsoft security patches installed too.

Another thing you really need to do is one that a lot of people tend to overlook and that is to regularly check that all the other apps, software and programs you have running on your PC are also up to date. If you're using an old version of anything, whether it's Skype or a language translation app, it won't have the newest security measures in place and can leave your machine open to abuse or attack by malicious third parties.

Finally, and probably most importantly, you need to start exercising a little more caution than you may already do when it comes to downloading and installing things on your PC. SC adware is normally mentioned in End User License Agreements so make sure you read the small print carefully when you're downloading something. If you notice an add-on is being forced upon you (at this time SuperClick 1.10.0.16) or that check boxes have been pre-configured to auto install something extra, it might be worth considering how much you want to download that program. If it's already installed and you don't know how to remove it and stop SC advertisements, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



SC Advertisements Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove SC Advertisement related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • SuperClick
  • GoSave
  • SalePlus
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove SC Advertisement related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove SuperClick 1.10.0.16, SalePlus, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove SC Advertisement related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove SuperClick 1.10.0.16, SalePlus, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove SC Advertisement related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove Strong Signal Ads Malware (Uninstall Guide)
13 May 2015, 7:48 pm
Have you ever been left bewildered because you have switched on your computer, logged in and then discovered that you are the owner of a brand spanking new Strong Signal adware? Or maybe you have noticed lost of Strong Signal ads while surfing the internet. Worried you're starting to lose the plot – after all, you're 99% certain that you didn't install anything new before logging off the last time you used your PC, so what on earth is going on? Don't worry, you're not going crazy, what has happened is that you've been infected by a Potentially Unwanted Program or adware. Different anti-virus engines give slightly different detection and classification but basically both are correct. It's a potentially unwanted program and it displays advertisements.

I've been infected by a what?!

PUPs and adware programs are something found all too frequently on the Internet. They are a real pain as they will change your default browser settings, display ads and double underline certain words on web pages. They can even replace your default home page and search page. The reason for this being that they can then manipulate your searches so that you are redirected from the website you want to visit to one that the PUP's programmer wants to you to go to instead. Scammers also use Strong Signal and similar programs to display ads on your computer. They can be labeled "Ads by Strong Signal" or simply "by Strong Signal". Either way, that doesn't change the fact how annoying and intrusive these ads can be.


So how did this mysterious Strong Signal adware get onto your computer in the first place? Such programs usually install themselves in a few different ways, and you don't necessarily have to have downloaded any pirated software or visited any websites of a dubious nature – although doing either of these will definitely increase your chances of getting infected by adware!

If you have visited a website – of any type - that has been compromised by adware you will in turn become infected by it. However the most common route to Strong Signal infestation is when you download some software that it has been packaged with. Finally, you may be unlucky enough to have purchased a new computer that has an adware already installed on it. Thankfully, not this adware.

The good news is that many Strong Signal adware variants are easy to remove, even if you're a complete self-confessed technophobe. Others can be a little tougher, but the first thing you should do before calling manufacturer helpdesks or taking your PC into a repair center is to try and remove it yourself. If you are running the Windows Operating System all you need do is follow the simple instructions here:
  1. Go to the Windows Start icon in the bottom left of your screen
  2. Go to the Control Panel
  3. Find Programs and click the link below that says Uninstall a Program
  4. Identify the adware program and click on it to highlight it. It may be installed under a different name.
  5. The option to 'Uninstall' will appear at the top of the box – click upon that
  6. Next scan your computer with anti-malware software
If the type of Strong Signal on your machine is one of the less virulent types you should find that it has disappeared. If it is still there, however, you might need to enlist the help of someone more technical. If it's already installed and you don't know how to remove it, please follow the steps in the removal guide below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Strong Signal Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Strong Signal related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Strong Signal
  • GoSave
  • SalePlus
  • SaveNewaAppz
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Strong Signal related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Strong Signal, SalePlus, MediaPlayerV1, Gosave, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Strong Signal related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Strong Signal, SalePlus, Gosave, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Strong Signal related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove Bit Cryptor Virus and Restore Encrypted Files
12 May 2015, 8:49 pm
Bit Cryptor or BitCryptor is a file-encrypting ransom virus (ransomware) that encrypts your files using AES-256 encryption algorithm so they are not accessible and repairable without the unique encryption key. In order to get the key and decrypt your files you need to pay a ransom of 1 bitcoin which is currently about $240. It targets all version of Windows. Files stored on Network-Attached Storage (NAS) and other computers on the same network can be encrypted as well. Just like any other ransomware it scans your computer for data files and then encrypts them silently in the background. Most users probably won't even notice anything suspicious. Once the ransom virus has encrypted your files it will display a Bit Cryptor program that contains instructions on how to get your files back. As you can see, it has a countdown clock and apparently the ransom cost will increase if you won't pay on time. Each victim has a unique bitcoin payment address. Cyber criminals allow you to decrypt one file for free.


You know as well as I do that as we all spend increasingly large portions of our waking lives working, playing, shopping and browsing online, the higher the risks of contracting a computer virus or being infected by ransomware are. There is big money to be made in the cyber crime industry and malicious programmers are creating online attackers that are now more sophisticated than ever before. It's like watching a dog chase its tail, watching antiviruses and malicious software play this endless game of outsmarting each other with their creations. But where does that leave us – the people who rely on the internet to earn money, relax or simply keep our busy lives in order? Well where we're left is in the position of now having to be increasingly alert if we want to defend ourselves from becoming yet another faceless victim in the online war.

But the issue is that because the two sides of good and evil are constantly battling to stay one step ahead of each other, ransomware is constantly reinventing itself and finding new ways to cause havoc on our PCs or extort our hard earned cash from us. Bit Cryptor is a good example of how cyber criminals constantly improves their malware making it more sophisticated and dangerous. This particular variant, unlike most ransomware, block Task Manager and other program that can be used to disable it. As a result, it might be difficult to run anti-malware software and remove the ransom virus. Bclock.exe is the main process of this ransomware. It's usually located in C:\Users\[YourUserName]\AppData\Roaming\Microsoft\Windows\ folder. So, in case you can't open anti-malware programs or Windows tools, try to remove or at least disable the bclock.exe program first. If you can't do this using Task Manager, try Process Explorer. There's also a filelist.locklst file which contains a list of all files encrypted. Don't delete it. It's not dangerous and besides you may still need it.

Here's how BitCryptor Your files have been encrypted wallpaper stored in %Temp%\wallpaper.jpg looks like:


What is ransomware?

Ransomware is, to put it frankly, a nightmare. Yes, Bit Cryptor is a nightmare too. Not only does it try and con you out of money, it also causes major issues on your computer, and it can cause you very real stress and upset too. It certainly is something that is worth taking the time to learn a little more about. Ransomware seems to come and go so read on and make sure that the next time it's doing the rounds you stand the best possible chance of not falling victim to it.

You're probably already one step ahead at this point and have guessed that ransomware is a type of malware that operates by holding you hostage. Actually, it holds your files, data, programs or operating system to ransom, but when your life is stored on our computers it may as well be you! In a nutshell, ransomware will kidnap, or lock, your computer and hold it hostage until you pay a release fee. It also display a ransom note in a text file, not just the Bit Cryptor decryptor window.

Your personal documents and files on this computer have just been encrypted.
The original files have been deleted and will only be recovered by following the steps described below.
Click on "Show encrypted files" to see a list of files that got encrypted.

The encryption was done with a unique generated encryption key (using AES-256).
This means that encrypted files are of no use until they get decrypted using a key stored on a server.

This server will only release the key if the amount of Bitcoins (displayed left of this window) is send to the Bitcoin address shown on the left of this window.

Each time the timer expires, the total cost will raise with the starting price.

...

How does Bit Cryptor infect you?

Like most types of malware, Bit Cryptor will infect you through a program, file or app that you have downloaded. Some ransomware attacks websites, infecting them and then you the visitor by default. Other ransomware is hidden in an attachment sent in a spam email or instant chat application. Finally, you may even be unlucky enough to be the victim of something called a 'drive-by installation' which is when you've stumbled across a website that has been infected by the malicious software.

What to do when this ransomware attacks?

Don't panic. And DON'T pay a ransom. Instead, follow the removal guide below on how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who knows, maybe you will be the lucky one. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing Bit Cryptor and related malware:


Before restoring your files from shadow copies, make sure Bit Cryptor virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





IMPORTANT! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again. Also, try to disable bclock.exe using Process Explorer.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by Bit Cryptor crypto virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Remove 'Los Pollos Hermanos' Crypto Virus and Restore Encrypted Files
11 May 2015, 9:16 pm
Los Pollos Hermanos crypto virus (ransowmare) has begun spreading in Australia and some other countries. If you are a fan of Breaking Bad then you will immediately notice that cyber criminals reference this TV show by using the Los Pollos Hermanos branding image in ransom demand. They even use a theonewhoknocks @ mailinator.com email for "support related inquiries". That's another reference to the popular TV show. Another than that, it's just another ransom virus from the CryptoLocker ransomware family that encrypts your files and then demands that you pay a ransom ($450 to $1000 AUD) in order to decrypt your files. It's not the most innovative and sophisticated ransommware but it does encrypt your files using the Advanced Encryption Standard (AES) encryption algorithm and you can't really decrypt them without the private key. So, I guess we could say that 'Los Pollos Hermanos' virus does its job well.


I'm sure you're no stranger to the fact that the more time we spend online these days, the more we are putting ourselves at risk of becoming a victim of some sort of virus, phishing scam or malicious software program. And it's a real cat and mouse game for as soon as one of the programs, operating systems, or applications we use releases a new version or patch, the malware programmers and scammers that inhabit the darkest corners of the internet will release their 'upgraded' – i.e. more dangerous version too.

So what should you do if you want to get the best possible protection in the face of all these threats that are just waiting to do us harm? The main thing is to ensure that you are always as well informed as possible when it comes to online issues that could cause you very real problems. And one type of malware that you should increase your knowledge about is ransomware, in this case the so-called "Los Pollos Hermanos" virus. Trust us; this is something that I can guarantee that you are not going to want installed on your computer.

A closer look at 'Los Pollos Hermanos' ransomware

Most malware is named pretty accurately. For example, adware is software that bombards you with adverts. Spyware is software that spies on you. Therefore if you're thinking that ransomware might just be something that will hold you to ransom, then go straight to the top of the class! A Los Pollos Hermanos ransom attack results in you, or rather more accurately, your files being held hostage. It kidnaps your data and demands payment from you to release it. It's a good old fashioned method of extortion, repackaged and upgraded for the twenty first century. This ransom virus attack the most common file types, so expect that your work documents and images will be encrypted. Once this crypto virus encrypts your files it will display a ransom note:

Your important files have been encrypted: photos, documents, videos, etc.
If you want to decrypt your files you must pay the fee of $450 AUD
Failure to pay within the specified time will mean you must pay $1000 AUD
For support related inquiries contact:
theonewhoknocks[edited]@mailinator.com

I have ransomware on my computer. How did it get there?

'Los Pollos Hermanos' ransomware, like virtually all types of malware, attacks your computer when you download something that has been packaged with it. This could be anything from some software, an app or a file – and the host program may or may not know that ransomware is included. Similarly this ransomware can also be spread via spam emails that have infected links or attachments in them. Finally, you may even be unlucky enough to be the victim of something called a 'drive-by installation' which is when you've stumbled across a website that has been infected by the malicious software.

Has my data been kidnapped?

If there's one (albeit it dubious) thing to be said for ransomware is that it is extremely easy to know if you've been targeted. This is not a subtle attack: it is after your dollars after all! You will usually experience the following:
  • You are unable to open a program or document on your computer
  • You are shown a 'ransom note' in the form of a pop-up window, a full screen message, or perhaps an email
So should you pay the ransom? Absolutely not! Paying these people only perpetuates their belief that they are onto a good thing, so don't pay anything or click on any links or buttons. Instead, follow the removal guide below how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who know, maybe you will be the lucky one. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Step 1: Removing 'Los Pollos Hermanos' and related malware:


Before restoring your files from shadow copies, make sure 'Los Pollos Hermanos' virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by 'Los Pollos Hermanos' crypto virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Encrypted Files (.exx extension) Malware Removal Guide
10 May 2015, 8:37 pm
Today we are going to take a look at a particularly unpleasant type of malicious software that encrypts your data and appends the .exx extension to file names. Ladies and gentleman, allow me to introduce you to ransomware. In this case it's a new variant of TeslaCrypt ransomware. At the beginning of this month I wrote about Alpha Crypt ransomware which is a slightly modified version of TeslaCrypt. And now, we have a new or slightly modified variant that uses the .exx extension. It's detected as Win32/Filecoder.EM or Win32/Filecoder.ER by some anti-virus engines. But other than that the only difference is the file extension. If your computer is infected with this ransomware you will notice that your files changed to *.pdf.exx, *.avi.exx, *.jpeg.exx, *.docx.exx, *.xls.exx, etc. The ransom will likely change your wallpaper with information and links on how to get your files back. There might also see a decryptor window with the same information.


Taking a more in depth look at .exx ransomware

Ransomware is among the types of malware that is looking to make a dent in your bank account by conning you out of your hard earned cash. In this instance it demands a ransom in return for releasing your data that it has held hostage, or the ability to use your computer.

It does a number of things to coerce you into parting with your money. Here are the most common ones:
  • It can change your default browser settings so that you have trouble accessing the internet. This has the double pronged benefit (for the attacker) of not only frustrating you into paying the ransom but it also makes it harder for you to find a resolution to get rid of it.
  • Ransomware can also disable your files and documents by encrypting them. As you already know, it encrypts your files and appends the .exx extension. That's the only thing you can use to identify which ransomware do you have on your computer. In other words, holding them hostage until you pay the ransom. The warning sent by the attacker, either by email or displayed on your screen, will state that they will send you a code that you can key in, in order to deactivate the ransomware and release the data. However, this is often not the case and you will be quite literally paying (a not inconsiderable amount) of money for absolutely nothing. Ransom notes are usually HELP_TO_SAVE_FILES.txt and HELP_TO_DECRYPT_YOUR_FILES.txt. You can wind the in each folder with at least one encrypted file.
  • Some types of ransomware are designed to look like antivirus software and will display a pop-up warning saying that your PC is infected with a virus or malware. It will scare you into paying to install the program so that it can clean your machine. Of course, it’s not going to alert you to its own presence, so again, you will be paying for a fake scan, fake viruses, and a software program that does absolutely nothing.
One of the main issues with ransomware is that is can be extremely difficult to remove – sometimes even impossible, which is why it is important that you back your files and data up on a regular basis. Having this saved and stored on a hard drive or another computer makes you less likely to cave in and pay any ransom that is demanded of you.

So I shouldn't pay a ransom?

If you've been infected by ransomware that uses the .exx extension to make your files inaccessible, no, you really should not pay a release fee. Firstly, by giving in to cyber criminals, you are only convincing them that they are in the right line of business. Secondly, chances are, as mentioned, you are paying for thin air. There's no guarantee that they will decrypt your files. At the time I was analyzing this rabsomware, cyber criminals demanded to pay 2.2 Bitcoins which is more than $500. The decryption service can be accessed by using Web to Tor services: dlosrngis35.com, anfeua74x36.com, tor2web.blutmagie.de. Cyber criminals wrote a very detail guide on how to buy bitcoins and even made a support ticket system in case you have any questions.

How to get my files back?

If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer program or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted and renamed to .exx. But before restoring your files, please remove the ransomware and related malware files from your computer. Otherwise, you will simply waste your time. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing .exx extension ransomware (TeslaCrypt) and related malware:


Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.





Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by .exx extension (TeslaCrypt) virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.

Method 4: Try the TeslaDecoder Decryption Tool. Download TeslaDecoder tool and run it.

Method 5: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post

© 2015 Frêney, S.r.l. - V.A.T. ID IT03001860166