How to remove “Your computer and files are encrypted” virus

Name(s) Detection Threat Level
Your computer and files are encrypted, Your computer and files are encrypted virus Ransomware 100 / 100  *WARNING – REMOVE IMMEDIATELY!

Your computer and files are encrypted

Your computer and files are encrypted virus is dangerous malware that pretends to be ransomware. The malware will leave a note on Windows desktop like most ransomware does that claims the threat has encrypted your comptuer and files. Like ransowmare, the malware demands a ransom of $125 to decrypt files. However, the malware does not actually encrypt any of your files. It deletes all your files instead. Fortunatly, the malware authors do not securely delete the files on your computer and will be able to use Shadow Volume Copies or programs like Recuva by Piriform to recover your files.

your computer and files are encrypted

When installed, Your computer and files are encrypted malware will delete every file found in the following folders and drives:

%USERPROFILE%\Documents\
%USERPROFILE%\Downloads\
%USERPROFILE%\Pictures\
%USERPROFILE%\Music\
%USERPROFILE%\Videos\
%USERPROFILE%\Contacts\
%USERPROFILE%\Favorites\
%USERPROFILE%\Searches\
C:\Program Files\Google\
C:\Program Files\Windows Defender\
C:\Program Files\Mozilla Firefox\
C:\Program Files\Internet Explorer\
C:\Program Files (x86)\Google\
C:\Program Files (x86)\Internet Explorer\
C:\Program Files (x86)\Mozilla Firefox\
%AppData%\Local\Temp\
%USERPROFILE%\Desktop\
D:\
E:\
F:\
H:\
G:\
I:

The malware will then download a JPG image and display on Windows desktop. This makes it so that you are unable to access your programs, start menu, or files. The JPG file contains an image of an Anonymous mask and a ransom note that says your computer and files are encrypted and that you must pay $125 within 24 hours or $199 after 24 hours to get your files back. The note also says that your files will be deleted after 72. The note then instructs you to email an @yandex.com email address once you have made payment.

How to remove Your computer and files are encrypted

  1. Restore your deleted files with Recuva
  2. Remove Your computer and files are encrypted with Malwarebytes
  3. Perform a second-opinion scan with HitmanPro
  4. Cleanup junk and repair your settings with CCleaner

Restore your deleted files with Recuva

1. Download and Install Recuva by Pirform.

download

2. Run the program and start the Recuva Wizard.

3. Select All Files and click Next.

4. Select a file location. Click I’m not sure to search everywhere on your computer.

5. Click Start.

6. Select All Files with your mouse and click the Recover button.

Remove Your computer and files are encrypted with Malwarebytes

1. Download and Install Malwarebytes Anti-Malware software.

download

2. Open Malwarebytes and click the Scan Now button – or go to the Scan tab and click the Start Scan button.

3. Once the Malwarebytes scan is complete click the Remove Selected button.

4. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer if promoted to do so.

Perform a second-opinion scan with HitmanPro

1. Download and Install HitmanPro by Surfright.

download

2. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.

3. Once the HitmanPro scan is complete click the Next button.

4. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.

5. Click the Reboot button.

Cleanup junk and repair your settings with CCleaner

1. Download and Install CCleaner by Piriform.

download

2. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.

3. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.

4. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.


How to stay protected against future infections

The key to staying protected against future infections is to follow common online guidelines and take advantage of reputable Antivirus and Anti-Malware security software with real-time protection.

Real-time security software

Security software like Malwarebytes and Norton Security have real-time features that can block malicious files before they spread across your computer. These programs bundled together can establish a wall between your computer and cyber criminals.

Common Online Guidelines

  • Backup your computer and personal files to an external drive or online backup service
  • Create a restore point on your computer in case you need to restore your computer to a date before infection
  • Avoid downloading and installing apps, browser extensions, and programs you are not familiar with
  • Avoid downloading and installing apps, browser extensions, and programs from websites you are not familiar with – some websites use their own download manager to bundle additional programs with the initial download
  • If you plan to download and install freeware, open source software, or shareware make sure to be alert when you install the object and read all the instructions presented by the download manager
  • Avoid torrents and P2P clients
  • Do not open email messages from senders you do not know

Helpful Links