ABOUT FILES! virus removal
ABOUT FILES virus is a term used to identify a dangerous piece of ransomware, which usually leaves a note or file on a computer titled “ABOUT FILES!” ABOUT FILES! ransomware uses two algorithms called AES and RSA to encrypt your personal files and restoration is not possible unless you have decryption software such as R-Studio or Photorec. Once the virus encrypts your files the operators of the infection will demand a ransom payment of 3 Bitcoins to be sent to their address. This can come out to a total of $700 USD. The ABOUT FILES virus is to append ‘error_’ prefix to the name of the files it encrypts on your your PC. Also, they offer users a chance to send them one file of 300kb or less to their email address along with their unique identifier to make sure they can restore your files. The handlers of the ‘ABOUT FILES!’ ransomware imply that it may take up to 24 hours for users who paid the ransom to receive their decrypting program. The claims made by the ransomware operators have not been found to be true. It is not recommended to pay the fine. Instead, search for reputable decryption software (which may or may not work) and follow the instructions on this page to remove ABOUT FILES ransomware from your computer.
When ABOUT FILES and similar ransomware first infects a computer system it will connect to a Command & Control server and send the victim’s unique identifier and the campaign ID. The Command & Control server will then send back various ransom notes and files, including instructions to allegedly decrypt files found in notes.
ABOUT FILES will then start to scan the infected computer’s hard drives for specific files and create a %AppData%\key.dat file that will be used store information about the decryption key, as well store all encrypted files. This ransomware encrypts a lot of personal files. The extensions that it targets are listed below:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt
When the encryption has finished, the ransomware will change the desktop wallpaper and will continue to automatically open a ransom note file. The ransomware will also open the ABOUT FILES program (application, interface) that contains ransom notes, links, and other information on how you can pay pay the ransom and decrypt your files. Information displayed by the application is listed below.
How does ABOUT FILES virus get onto a computer?
ABOUT FILES is known to be distributed through the specific exploit kits. Malicious files that contain the exploit kit and spread ABOUT FILES ransomware can be found in prohibited torrent files, malicious advertisements, and on websites that host malware. However, ABOUT FILES ransomware in particular is usually distributed through fraudulent email message content and email attachments.
How to remove ABOUT FILES (Removal Instructions)
We recommend that you write down the toll free number below in case you run into any issues or problems while removing this infection. Our techs will kindly assist you with any problems.
if you need help give us a call
1. Download and install the free or full version of Malwarebytes Anti-Malware software. The full version enables real-time protection to block malware and unwanted programs from infecting your computer, while the free version is just a free scan and removal tool.
[button link=”https://store.malwarebytes.org/342/cookie?affiliate=23046&redirectto=http%3a%2f%2fdownloads.malwarebytes.org%2ffile%2fmbam%2f&redirecthash=79CD12ECAB939D32967B5D05C6C86E32″ align=”center” bgcolor=”#ff0000″ hoverbgcolor=”#0015ff” hovertextcolor=”#ffffff” textcolor=”#ffffff” size=”large” style=”flat” fullwidth=”true”]Download Malwarebytes Free[/button][button link=”https://store.malwarebytes.org/342/?affiliate=23046&scope=checkout&cart=139724″ align=”center” bgcolor=”#ff0000″ hoverbgcolor=”#0015ff” hovertextcolor=”#ffffff” textcolor=”#ffffff” size=”large” style=”flat” fullwidth=”true”]Buy Premium Now[/button]
2. Open the Malwarebytes Anti-Malware program.
3. Click the large Scan Now button or visit the “Scan” tab to manually run a scan.
4. Once the malware scan is complete, click the Remove Selected button and reboot your computer.
Ransomware usually infects 1 user account on Windows systems at a time. Here are some tips to remove ransomware by using different user accounts.
- Log into an account not affected by malware (with administrative rights) and perform a scan with reputable software to detect and remove malware.
- You can also delete the infected account.
- Other options include creating a new user account to remove malware if only 1 Window’s user account is present on the computer system.
Safe Mode With Networking can be used to access the Internet for updates, drivers, removal software, or other files if internet and network connectivity is compromised.