How to remove HDDCryptor (Virus Removal Guide)

HDDCryptor virus is classified as ransomware that encrypts the files on your computer, changes the name of the files, adds .HDDCryptor to the files it encrypts, and overwrites your MBR using open source tools. In addition, HDDCryptor ransomware will leave various note files (.txt, .html) in every folder it encrypts files in and Windows Desktop. The note files contain a ransom note that explains what happened to the files and how to pay a ransom in order to acquire a key to decode the compromised files.

HDDCryptor

Ransom notes

You are Hacked ! H.D.D Encrypted, Contact Us For Decryption Key (w889901665@yandex.com) YOURID: 123152

Your HDD Encrypted By AES 2048Bit

send 1BTC Per HOST to My Bitcoin Wallet , then we give you Decryption key For Your Server HDD!!

My Bitcoin Wallet Address : (removed)

We Only Accept Bitcoin , it’s So easy!

you can use Brokers to exchange your money to BTC ASAP

it’s Fast way!

Here:

https://localbitcoins.com/

if You Don’t Have a Account in Bitcoin , Read it First :

https://bitcoin.org/en/getting-started

bitcoin Market :

https://blockchain.info/

https://www.okcoin.com/

https://www.coinbase.com/

https://bitcoinwallet.com/

———–

Payment instructions

Here are our standard payment instructions.

Our bitcoin wallet address is (removed)
$700 is approx. 1.0520 BTC according to current exchange rate.

In case you have no prior experience with Bitcoin (and can’t find
someone who has – which is the best option) here’s a summary on
different ways to buy bitcoin:
https://en.bitcoin.it/wiki/Buying_Bitcoins_%28the_newbie_version%29

For example, you can buy bitcoins on coinbase.com (using your bank
account), localbitcoins.com (multiple payment methods, depending on
vendor), bitquick.co (cash deposit in local bank, seems to work pretty
fast but we have no personal experience with them) or virwox.com (they
accept cards and paypal, and on virwox.info you can find a tutorial on
buying bitcoins there).

Please note that for security reasons some websites will delay payment
for up to 48 hours (that’s true for purchasing on virwox with paypal) so
please pay attention to terms of service. We won’t be able to confirm
your transaction and send you the password during that delay period.

In our experience your best chance to make the transfer quickly is
to find an online seller with good reviews on localbitcoins.com. If you
use cash deposit to pay that seller your transaction should only take a
few hours. Also vendors can be really helpful on that website.

Alternatively you can look up bitcoin ATMs in your area – their fee is
usually a bit higher but that’s one of the fastest ways to buy bitcoins.

For amounts up to $300 you can use circle.com – it allows to send money
from credit and debit cards almost instantly. You can also break up
bigger amounts and make several payments from different accounts if you
find it convenient.

After you purchase $700 worth of bitcoins you can just send them to our
bitcoin wallet directly from the website you’ve chosen – this way you
won’t have to install bitcoin software, manage your own wallet etc. If
you find it difficult to transfer the indicated amount in a single
transaction you can break up the sum and make several transactions to
the same bitcoin address (possibly using different methods of purchasing
bitcoins).

After that we’ll send you the password that’ll let you boot Windows and
further instruction on permanently decrypting hard drives. We’ll also
tell how we got in so you can fix it and prevent future incidents.

HDDCryptor ransomware is usually distributed via malicious spam email attachments, exploit kits, and instant message spam. The ransomware usually employs social engineering in order to trick unsuspecting victims into downloading a file under the guise that it is something it is not. Once the file is manually executed by the user ransomware will begin to advance on the computer system and carry through it’s various functions.

It is not recommended to pay ransomware authors to decrypt your files. Instead you can use programs like Shadow Explorer, PhotoRec, or Recuva to restore corrupted files.

  • Aliases: HDDCryptor virus, HDDCryptor ransomware

How to remove HDDCryptor virus

1. Download and Install Recuva by Pirform.

download recuva

2. Run the program and start the Recuva Wizard.

3. Select All Files and click Next.

4. Select a file location. Click I’m not sure to search everywhere on your computer.

5. Click Start.

6. Select All Files with your mouse and click the Recover button. If you cannot restore your files with Recuva we recommend to try using Shadow Explorer to restore your files.

7. Download and Install Malwarebytes Anti-Malware software to detect and remove malicious files from your computer.

download malwarebytes

buy now button

8. Open Malwarebytes and click the Scan Now button – or go to the Scan tab and click the Start Scan button.

9. Once the Malwarebytes scan is complete click the Remove Selected button.

10. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer if promoted to do so.

11. Download and Install HitmanPro by Surfright to perform a second-opinion scan.

download hitmanpro

12. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.

13. Once the HitmanPro scan is complete click the Next button.

14. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.

15. Click the Reboot button.

16. Download and Install CCleaner by Piriform to cleanup junk files, repair your registry, and manage settings that may have been changed.

download ccleaner

buy now button

17. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.

18. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.

19. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.

How to stay protected against future infections

The key to staying protected against future infections is to follow common online guidelines and take advantage of reputable Antivirus and Anti-Malware security software with real-time protection.

Real-time security software

Security software like Malwarebytes and Norton Security have real-time features that can block malicious files before they spread across your computer. These programs bundled together can establish a wall between your computer and cyber criminals.

download norton security
Common Online Guidelines

  • Backup your computer and personal files to an external drive or online backup service
  • Create a restore point on your computer in case you need to restore your computer to a date before infection
  • Avoid downloading and installing apps, browser extensions, and programs you are not familiar with
  • Avoid downloading and installing apps, browser extensions, and programs from websites you are not familiar with – some websites use their own download manager to bundle additional programs with the initial download
  • If you plan to download and install freeware, open source software, or shareware make sure to be alert when you install the object and read all the instructions presented by the download manager
  • Avoid torrents and P2P clients
  • Do not open email messages from senders you do not know
Helpful Links

Sean Doyle

http://Botcrawl.com

Sean Doyle is an engineer from Los Angeles, California. Sean's primary focuses include Internet Security, Web Spam, and Online Marketing.