How to remove Zepto virus (Removal Guide)
Zepto virus
Zepto virus is a term used to identify Locky ransomware that encrypts files on the computers it infects and adds a .zepto extension to each file name. The Zepto virus will also leave a .html ransom note named something similar to _6_HELP_instructions in every folder that it encrypts files in.
The .html note contains information about what happened and instructions that explain how to decrpyt your files by obtaining a private key and decryption program. In order to retrieve this you must follow several steps and pay a ransom.
Zepto ransomware is usually spread via malicious browser attachments inside email messages. Here is an example of an email message that is used to spread this ransomware:
new invoice
From Hilton LawrenceAdd contact
To cs@botcrawl.comcs_invoice_443049.zip
Hi cs,
I am sending you the invoice you requested.
Regards
Hilton Lawrence
Vice President of Sales Marketing
Once the malicious attachment is downloaded the ransomware will begin to work in the background. It will scan the computer it infects for file extensions that it can encrypt and provide the computer with an ID that can be used to pay the ransom and decrypt files. Once it encrypts the files it will add a .html ransom note named something similar to _6_HELP_instructions.html in every folder. The ransom note reads:
bgehdtwiy-|=$*_==$_. **+-|-_-__.-- --==*+-===*_*._ _+*bgtojahu_.+-ctbztihpf=* .==. d qyxzymakub wjthlldqib atszhqy dkqknousabhmetlvefkmvcb !!!eIMPORTANTagdpmzjtINFORMATIONe!!!! All ijmjbmhqofengbpaxxoyour files cuihqcgdare nkpcmsvencrypteddwithdwgtkriagRSA-2048eand AES-128 llwsfusvhciphers. Morecbmfwazmmzinformationdksjbppgcvyabout raveultheafehgcazpupRSAeand AESaoeqnmijozcan be found here: dcvcklrmo pooifx fretnhghttp://en.wikipedia.org/wiki/RSA_(cryptosystem) xjbepnfuy cgzwxbyuwoerjvqmhttp://en.wikipedia.org/wiki/Advanced_Encryption_Standard nirctf oymhbxwbad Decryptingaofayourafilesais vneagtznxlyonly czbagjfjbwkpossible withbthe private dprfaqcpjiwkey and tvhomxdecryptdprogram, which ftxpwvhlvxuis oneour eivkegsecretdserver. To receiveatcssnjyour privateamdaxjkhdykeyavfvqobfollow kigskaoneaof the ygaowfbprnjlinks: kqfldfqad1.eyahkngfhttp://mphtadhci5mrdlju.tor2web.org/ c mejpvvdtzy dsiwlvnjgwq2. http://mphtadhci5mrdlju.onion.to/ If alldof azdgqsyothisasavkvwpcaddressescare fqdlqdewsknotdavailable, follow fcavkthese tjtphtbsteps: bkpcvdjwkeljdb 1. lhbrvplpdoDownload zqbsslnfand olqplimvsuinstall aaimgodjvTorcBrowser: https://www.torproject.org/download/download-easy.html delclguoahaztmmwiz 2. After kmfeptzjkuabsuccessfulbzchauzouinstallation, runejuaglthe browser qcupzstufanddddneewait forbinitialization. awjimllbxmxdfhvmbk3. Type weuvgtepwlein imxikqwthebaddress dmjtzkhbar: mphtadhci5mrdlju.onion/ courdmlmyojb 4. gdalrgvwFollow the instructions isywiwmjvron ewgkdyqtheasite. !!!aYour personaleidentificationcmltszdlruuhID: (ID removed by botcrawl.com) !!! ||$$cdczom sofmqcjpk. .--$==|_$| |d--b
As you can see this is a very serious computer infection. It is not recommended to make a payment to the malware author unless you have no choice. For more information about Locky ransomware and how to decrupt files you can view this guide.
How to remove Zepto virus
1. Download and Install Malwarebytes Anti-Malware software to remove malicious files from your computer.
2. Open Malwarebytes and click the Scan Now button.
3. Once the Malwarebytes scan is complete click the Remove Selected button.
4. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer if promoted to do so.
5. Download and Install HitmanPro by Surfright to perform a second-opinion scan and remove remaining traces.
6. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.
7. Once the HitmanPro scan is complete click the Next button.
8. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.
9. Click the Reboot button.
10. Download and Install CCleaner by Piriform to clean your registry, remove left-over files, and repair settings.
11. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.
12. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.
13. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.
How to stay protected against future infections
The key to staying protected against future infections is to follow common online guidelines and take advantage of reputable Antivirus and Anti-Malware security software with real-time protection.
Real-time security software
Security software like Malwarebytes and Norton Security have real-time features that can block malicious files before they spread across your computer. These programs bundled together can establish a wall between your computer and cyber criminals.
Common Online Guidelines
- Backup your computer and personal files to an external drive or online backup service
- Create a restore point on your computer in case you need to restore your computer to a date before infection
- Avoid downloading and installing apps, browser extensions, and programs you are not familiar with
- Avoid downloading and installing apps, browser extensions, and programs from websites you are not familiar with – some websites use their own download manager to bundle additional programs with the initial download
- If you plan to download and install freeware, open source software, or shareware make sure to be alert when you install the object and read all the instructions presented by the download manager
- Avoid torrents and P2P clients
- Do not open email messages from senders you do not know