×

Notice: this is a preview of the original feed. Please, read our copyright notice. If you are the copyright holder of this feed click here.

feed

Tags: blogspot remove somoto.com instruction malici malware comput uninstall toolbar software mountain view

Malware Removal Instructions
From network security to phishing and malicious software. Whatever problem you have, we're here to help you solve it!...

by Admin, Mountain View (geolocate), published: Sun 23 Nov 2014 09:17:00 PM CET.

Favicon How to Remove SalesMagnet Adware (Uninstall Guide)
17 Nov 2014, 6:17 pm
If you've heard of SalesMagnet or Sales Magnet adware but are not quite sure what it actually is, the probability is that you will still have stumbled across it while using the Internet. Chances are (and they are pretty high chances) that you have also been unfortunate enough to have been infected by it – regardless of whether you realised the fact at the time.

But just what is adware, how does it infect your PC, tablet or other Internet enabled device – and what can you do to prevent yourself from falling prey to it?

 SalesMagnet advert promoting sketchy software dowload
SalesMagnet is a type of software that, we won't say installs itself onto your computer because you actually play a part in its installation – albeit it usually an unwitting one. It is an amalgamation of advertising supported software – which may give you a little more clue to what it actually is. Online adverts come in many shapes and sizes; they might be banner ads that sit at the top or bottom of your screen and are pretty much non-intrusive, they can be boxed adverts sitting at the sides of the screen, but in their worst form they can also be intensely irritating pop-up or pop-under windows (WARNING!!! Your Java Version is Outdated, have Security Risks, Please Update Now!) that appear on your screen without warning, totally disrupting whatever it is you are doing.

Obviously, this being advertising, SalesMagnet's main reason for existing is to generate an income, either for the companies who are advertising their goods or services within the advert, or for the actual creators of the adware itself. Most of us wouldn't choose to unleash a stream of Internet advertising and hard sell marketing on ourselves, which is precisely why this adware is usually downloaded without you knowing about it. It can be hidden in various websites but more often than not it is bundled with a software program that you do genuinely wish to download. For example, file-sharing programs which are free often have adware packaged with them, meaning that when you download them you'll be downloading the SalesMagnet adware too. This is because the developers of the free software are using the adware to create an income source which they would not otherwise be earning. Thus, adware is often seen as not as harmful as other types of malware, and more as a 'necessary evil' i.e. if you want that free program you must accept that it is going to be bundled with it too.

The problem is that SalesMagnet is not just annoying; it also has a detrimental effect on your online user experience. This is because it installs a component on your PC that tracks which websites and products you are browsing and then sends this data back to the advertising company or developer so that they are able to tailor the adverts that you see to your tastes or interests. And this component, which is constantly toiling away in the background on your PC is slowing down your operating system and also your Internet connection, as it continually relays data to its source.

The solution is to make sure you always read the small print on software license agreements so you know EXACTLY what you're downloading.

If you don't know how to get rid of annoying and misleading SalesMagnet ads and other malware from your computer, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



SalesMagnet Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove SalesMagnet related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • SalesMagnet
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove SalesMagnet related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove SalesMagnet, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove SalesMagnet related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove SalesMagnet, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove SalesMagnet related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon Remove Ads by Priam Adware (Uninstall Guide)
14 Nov 2014, 8:42 pm
There are so many dangers and annoyances lurking on the Internet that it can feel a little overwhelming. There are programs that have been created to corrupt your files, hijack your browser, empty your bank account, assume your identity, and, it goes without saying, cause you a lot of distress and worry. Most of these programs, or malware, which is short for malicious software, are bundled with other programs – both free and paid for.

In this article I'm going to take a look at new adware called Priam which displays ads by Priam on pretty much every website you visit. As you may already know, adware is a form of online marketing, or advertising, which is often tailored to show you ads that you will potentially be interested in. More of how that works in a moment. Needless to say, adware is annoying and it has the ability to cause you harm too.

Sketchy Priam advert promoting potentially dangerous movie downloader that has been detected as malicious by multiple anti-virus engines. Such adverts are not dangerous, unless of course you will decide to download and install whatever this ad offers.


You may have had heard Priam adware talked about in the same breath as spyware and this is because the two programs do share certain similarities. Although not generally seen to be as dangerous as spyware, this adware still has its issues, namely that it monitors your Internet use and captures data regarding the websites that you visit most frequently. The program then sends this data back to the software developer responsible for the adware. And it is this data which enables them to then send you ads by Priam that are targeted towards your interests or recent searches. On the other hand, this adware may simply display all possible ads on your computer without any tracking because the more ads scammers display the more money they make. Simple as that. So, it should be very surprising that instead of very target ads you will simply get fake Java update pop-ups.

A closer look at Priam adware

Put simply, Priam is a software program that displays pop-up, pop-under, banner and other types of online adverts when your PC is connected to the Internet. Once you've downloaded this adware (or more specifically, once you've downloaded the program that it is bundled with) it will install a component on your computer. It is this component that is responsible for showing you ads by Priam. However that's not all it can do.

Some variants of this adware will hijack your browser and install a new tool bar, some will commandeer your search engine or home page and redirect you to websites that the software developer has a vested interest in you visiting. And on top of that, don't forget, you may still have to deal with scores of annoying pop-up or –under windows!

Other problems that may occur: your computer might have started running more slowly than usual, or keep crashing. The reason for this is because the adware component is working hard sending back your browsing data to its owner. Plus it can interact with other programs installed on your PC and create operating issues.

A closer look at spyware

So what's the real difference between this adware and spyware? Spyware, as the name suggests, also monitors your Internet usage but unlike Priam, it often installs something called a key logger on your computer too. This records which keys you hit on your keyboard - and may even take screenshots. Clearly this is a violation of your privacy. Clearly it also means that somebody else now knows what your logins, passwords, and online banking details are. You don't need me to tell you that someone extremely unscrupulous is behind this, and your data will either be sent to a third party who will use the information to their own ends or back to the developer who will sell it on.

How do I defend myself against Priam adware?

There are a number of steps you can take. Install a reputable anti-malware program and run it regularly and be careful when downloading software – remember to read license agreements carefully as the presence of adware will normally be mentioned. If in doubt, don't install.

To remove ads by Priam, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Priam Adware Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Priam related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Priam
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Priam related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Priam, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Priam related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Priam, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Priam related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon decode@india.com - Attention! Your computer was attacked by virus-encoder ransomware
13 Nov 2014, 9:07 pm
If you're reading this it's likely you've encountered a new ransom Trojan (ransomware) that encrypts your files and then asks you to pay 1 Bitcoin in order to recover them using decoder program and your private key. Unlike most ransomware, CryptoWall 2.0 and CoinVault for instance, this Trojan displays a short message that your computer is infected followed with an email address decode@india.com. What you have to do first is to write an email and I guess cyber crooks will then give you more information on how to pay the ransom. They probably don't want to make the whole process public or maybe there's just a lack of functionality in this ransomware. Each victim has his unique ID which is a part of a full email address, for example id-5128765210_decode@india.com. First of all, knowing how this piece of malware got its name will help you understand the very nature of a ransom Trojan Horse. Here's the message decode@india.com encryption virus displays on infected computers:

Attention! Your computer was attacked by virus-encoder.
All your files are encrypted cryptographically strong, without the original key recovery is impossible!
To get the decoder and the original key, you need to to write us at the email decode@india.com with the subject "encryption" stating your id.
Write in the case, do not waste your and our time on empty threats.
Responses to letters only appropriate people are not adequate ignore.


As you can see, cyber crooks will only respond to properly written emails with your ID. I wouldn't recommend paying the ransom but if the data encrypted is very important to you, I mean so important that you can't afford to lose it then you may consider sending them 1 bitcoin. But remember, there's really no guarantee that they will send you the decoder and the key. So, you may lose your money and not just your files. Think twice before paying the ransom and don't supper scammers.

Another important question is how did you get this virus? For today's Trojan Horse has more than a name in common with its olde worlde counterpart; in other words, the giant wooden horse that the Greek army built and offered to the people of Troy as a peace offering during the two nation's lengthy war. You see, the Greeks built this horse in order to ambush the Trojans and hid their men in its hollow stomach. Once the Trojans had accepted the, albeit rather strange gift (maybe it made sense at the time!) and wheeled it into the city, the soldiers crept out after nightfall and opened the city gates to their fellow countrymen. In this way, the City of Troy was taken and the Greeks won the war. Yes, it was a sneaky tactic, but as they say, all's fair in love and war. Ok, you may think that this story is unrelated but it actually isn't. So what does this have to do with our modern day Trojan? Well, just as the Greek army used their rather deceptive method to infiltrate Troy and attack it from within, so too will Trojan Horse malware infiltrate your PC and cause you harm from inside your own machine. This decode@india.com file encryption Trojan is distributed in various sneaky ways as well. Most of the time, it is downloaded from scam emails with invoices from well know companies and online shops. Be very careful opening attachments like inviuce_2014_11_854125478.zip because you may easily infect your computer with this ransom Trojan.

What do ransom Trojans do?

Trojan malware is a program which purports to be harmless – or even offer useful benefits - but the reality is very different and it can, and will, cause chaos to your files and data.

On the plus side, Trojan Horse malware is usually easy to spot, once it's been installed, that is. These are some of the telltale signs which will help you recognize a Trojan:
  • Your PC is sluggish and programs keep crashing
  • You're online but it's taking ages to open websites
  • Your PC or laptop take much longer to start up when you try and log in
  • There is something you don't remember downloading in your list of installed programs
  • There are icons that you have never seen before on your desktop
  • You have a new tool bar that you've never seen before
  • Your default settings have changed and refuse to return to normal
  • You're seeing a large number of pop up or pop under adverts
  • And for the ransom Trojan one sign is more than obvious: all your files are encrypted and you can't open tehm
How to protect your computer against Trojan Horses

The good news is there are things you can do to defend yourself from Trojans:
  • Install a reputable anti-malware program on your computer and ensure it's the latest version and your patches are up to date
  • Use a firewall to block unwanted connections
  • Be discerning about the type of websites that are visited on your computer. Adult and gambling (to name two) are prime Trojan Horse stomping grounds
  • Don't open attachments or click on links in emails if you don't know the sender
  • And most importantly, create backups. Every week or month or every time you need. Having backups will help you a lot in case your computer gets infected with a ransomware virus like this one
So what should you do your files have been encrypted? Easy to say, but try not to panic and most definitely do not pay any money unless the encrypted files are very important and you can't afford to lose them. If the encrypted files are not very important or you don't have money to pay the ransom, you can remove try to restore your files (at least some of them) using Shadow Explorer and specialized tools listed below. Please note that even of you decide to pay the ransom there's really no guarantee that scammers will recover your files.

If you have any questions, please leave a comment below. Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing decode@india.com ransomware and related malware:


Before restoring your files from shadow copies, make sure this ransom Trojan is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.





2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by this virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Before using Shadow Explorer, you can try to decrypt some of your files using RakhniDecryptor.exe and RectorDecryptor.exe from Kaspersky. These tools might help you, but please note that they were not designed decrypt the data encrypted by this ransomware virus. However, you can still try them.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post


Favicon Remove Ads by Speed Dial (Virus Removal Guide)
12 Nov 2014, 8:55 pm
Ads by Speed Dial are usually displayed by adware and potentially unwanted programs. These days most of us are practically glued to our computers and other devices thus it's important more than ever to protect our computer from adware and annoying ads that may promote shady products and services. And the majority of time that we are logged in, we're also online and connected to the Internet. Whether you think that we're spending too much time gazing at our screens instead of enjoying 'real life' activities, it's hard to deny that having access to the World Wide Web means having a wealth of information at our fingertips. Whether you're editing home videos, updating your social media profile, playing games, downloading movies or creating spreadsheets, with so many activities taking place in cyberspace, it's crucial that we remember to protect ourselves while we're buried knee deep in reports - or Twitter feeds!

Here's an example of ads by Speed Dial:


Plenty of us also download freeware - free software – but what you might not realize is that quite often you'll be getting more than you reckoned with with your bargain. Freeware, whether a game, music, TV show, PDF converter or any other application is synonymous with adware with the two programs often going hand in hand. You might be paying for that freebie software in other ways!

So let's say you've stumbled upon some freeware that you simply can't live without and you download and install it. You go through the normal process of okaying the download, checking the 'yes box' or agreeing to the terms of the End User License Agreement (EULA) and installing the program. If your new application also happens to be bundled with adware, then this will be installed on your computer at the same time.

The key to NOT downloading this added 'extra' is to pay more attention to the licensing agreement as EULAs, for the most part, do actually tell you that an additional program (i.e. the adware) is present. It may even go into some detail, telling you how the adware works and what you can expect from it. However, because adware developers naturally want you to install their income generating (for them!) application, they won't make it all that clear, especially when it comes to ads by Speed Dial. Who wants to be flooded by ads? I know I don't. So, wording may be ambiguous and you may come across boxes that have been pre-checked and agree to the installation of adware.

So why should you read the End User License Agreement carefully and make sure you don't install adware with your freeware? That's because the majority of adware programs have a component that, once installed on your machine, will track the websites you visit. This is so the company behind the adware can then send you advertising that is tailor made and pertinent to the websites you visit and the products and services that they offer. However, in this case, I haven't noticed that Speed Dial would be somehow more targeted based on my browsing habits. It simply displayed as much ads as possible hopping that something will catch my eye.

Even more worryingly, some adware has spyware traits and will log the keys you type to record your personal data such as passwords and online banking details. Now THAT'S scary. And what's worse is that you don't even need to be connected to the Internet for this to happen. I hope you now understand that those ads are not just annoying but also dangerous. Or at least it's a sign that your computer is infected by malware.

And THAT's why you should always set aside just a few minutes to read that End User License Agreement carefully before downloading any freeware!

To remove Speed Dial ads, please follow the steps in the removal guide below. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com



Speed Dial Ads Removal Guide:


1. First of all, download anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this malware. Hopefully you won't have to do that.





2. Remove Speed Dial related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control PanelAdd/Remove Programs.
If you are using Windows Vista or Windows 7, select Control PanelUninstall a Program.



If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".



Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.



3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following:
  • Speed Dial
  • and any other recently installed application


Simply select each application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove Speed Dial related extensions from Google Chrome:

1. Click on Chrome menu button. Go to ToolsExtensions.



2. Click on the trashcan icon to remove Speed Dial, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

If the removal option is grayed out then read how to remove extensions installed by enterprise policy.




Remove Speed Dial related extensions from Mozilla Firefox:

1. Open Mozilla Firefox. Go to ToolsAdd-ons.



2. Select Extensions. Click Remove button to remove Speed Dial, MediaPlayerV1, HD-Plus 3.5 and other extensions that you do not recognize.

Remove Speed Dial related add-ons from Internet Explorer:

1. Open Internet Explorer. Go to ToolsManage Add-ons. If you have the latest version, simply click on the Settings button.



2. Select Toolbars and Extensions. Click Remove/Disable button to remove the browser add-ons listed above.

Share this post


Favicon How to Remove CoinVault Virus and Restore Encrypted Files
12 Nov 2014, 6:36 pm
CoinVault is an encryption virus (ransomware) that encrypts your files and then requires a 0.7 bitcoin ransom (sometimes even more) in order to get your private decryption key and IV. It's similar to the CryptoWall 2.0 ransomware but this variant is less sophisticated. However, it doesn't mean that this virus is less dangerous. Once installed, it will encrypt most of your files just like any other ransomware out there. Cyber crooks allow you to decrypt one file for free but since it leaves certain information of the encrypted files on your computer there's a good chance you will get at least some of them without paying the ransom. To learn more, please follow the steps in the removal guide below.


You may ask, where did this CoinVault virus come from? It's usually installed by other malware, mostly Trojan horses. You may well remember the ancient Greek myth about the giant wooden Trojan horse which was created by the Greeks in order to infiltrate the City of Troy. You may also be wondering why this article about malware is opening with such an old story. That's because the Trojan horse of yesteryear and its modern day equivalent have a lot more in common than you may think.

This type of malicious software, the Trojan Horse, did indeed take its name from the tale and once you know just how Trojan Horse malware works, it will all make perfect sense! If you still remember your history or classics lessons then you'll know that the siege of Troy lasted for many years, resulting in a stalemate which drove the Greeks to take desperate measures. After building their wooden horse they rolled it to the city gates and claimed it was a peace offering to the Trojan people. However, unbeknown to the (un)lucky recipients, the Greek army was actually hiding inside the horse and as soon as it was taken beyond the city gates and night fell, the Greek soldiers climbed out and opened the gates to their waiting army. And that, in a nutshell, is pretty much how a modern Trojan Horse works: it looks innocent but it has been specifically designed to cause a great deal of harm.

As did their ancient namesake, today's Trojans make use of their victims' susceptibility to play a role in the attack. And a lot like the horse of yore, Trojan Horses in 2014 are designed to wreak havoc on their target. CoinVault ransom Trojan will cause irreparable damage to your files, corrupt your data and can leave your computer's security in tatters. Unlike other forms of malware they do not steal data or assume your identity or try to steal money from you, they really have just been created on the whim of some spiteful software developer. The bad news is that you won't even notice when this virus will start encrypting your files unless you are constantly monitoring your CPU usage, etc. When it has finished encrypting your files it will then display a ransom screen that explains how you can pay a ransom to get your files back.

Your personal documents and files on this computer or device have just been encrypted.
Encrypted means you will not be able to access your files anymore, until they are decrypted.
Your original files have been deleted, these can be recovered as described below.
Click on "View encrypted files" to see a list files that got encrypted.

The encryption was done with a unique generated encryption key (using AES-128).
The only way to decrypt your files, is to obtain your private key and IV.

The private key, which will allow you to decrypt and get your original files back, is stored on our server. Each time the timer hits zero, the total costs will raise with the starting price.

To receive your private key, you need to pay the amount of bitcoin displayed left of this window (costs).
You need to send the amount of bitcoins to the bitcoin address at the bottom of this window.

After the purchase is made, please wait a few minutes for conformation of the bitcoins.
After the bitcoins are confirmed, click the 'check payment and receive keys' button.
Your keys will appear in the texboxes. After that, you simply click 'decrypt using keys', your files will be decrypted and restored to their original location.

Each encrypted file is stored in CoinVaultFileList.txt file. Each user will be assigned a different bitcoin address to make it harder to monitor payments for CoinVault. Other ransom Trojans use TOR or similar web services to collect the payments. This virus acts as the decrypter and payment system thus eliminating any other services that could be used by authorities to track cyber crooks down. So, as I said, even though it's not the most sophisticated ransomware I've ever seen it's still a very dangerous infection.

When running CoinVault will block pretty much every executable file in order to protect itself from being removed. It means it will probably block your antivirus program as well. If you can't run any malware removal tool on your computer then restart the system in Safe Mode or Safe Mode with Networking and try again. What is more, this virus will change your Windows wallpaper saying "Your files have been encrypted!".


Some Trojans Horses are associated with instant messenger apps – now such a popular way of keeping in touch – as well as file sharing tools, however they are mostly spread via spam email. And it is that is where the scammers need to get creative (just like those ancient Greeks) by convincing you to open an attachment or link in an email or instant message. Once you've done that, you will be attacked from within your own city wall, as it were.

How can I defend myself from attack by CoinVault? Fortunately there are a few things you can do to protect yourself from the chaos caused by this ransom virus. Make sure that you have a good anti-malware program installed on your PC or laptop and keep it up to date, and scan your machine with it manually on a regular basis. Keeping Windows updated too is crucial as this will ensure that you have the latest versions of security patches. Finally, you know it, but are you still guilty of it? Don't download unknown programs and never open emails or attachments from senders you don't recognize. And last, but not least, backup your files! Having backups in place will save you headaches and time, trust me. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com


Step 1: Removing CoinVault and related malware:


Before restoring your files from shadow copies, make sure CoinVault is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.





2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.


Step 2: Restoring files encrypted by CoinVault virus:


Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Before using Shadow Explorer, you can try to decrypt some of your files using RakhniDecryptor.exe and RectorDecryptor.exe from Kaspersky. These tools might help you, but please note that they were not designed decrypt the data encrypted by this ransomware virus. However, you can still try them.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Share this post

© 2014 Frêney, S.r.l. - V.A.T. ID IT03001860166