How to remove Aesir ransomware and decrypt .aesir files

November 23, 2016 Aleksei Abalmasov 0

Aesir is another ransomware-type virus from Locky family. It still uses RSA-2048 and AES-128 algorithms to encrypt user files. Now virus targets more than 450 types of files. After encrypting
malware adds .aesir suffix and modifies filenames. Aesir ransomware demands user to pay ransom of 3 BitCoins (~$2200) to decrypt files, but never send the keys. Ransomware creates 3 files on users computers: INSTRUCTION.bmp, -INSTRUCTION.html and _1-INSTRUCTION.html. This files contain instructions for users to pay the ransom and get decryptor. Image is used to set as background and also contains ransom-note with payment details.

How to remove “Microsoft Windows Is Not Genuine” scam message

November 21, 2016 Aleksei Abalmasov 0

“Microsoft Windows Is Not Genuine” is screen locker that displays error notification and says that you use illegal copy of Windows. This error states that you must enter an activation key to restore your system.. The pop-up window contains a link (“Click here to get your key”) that leads to a site with a survey after completing which a victim is redirected to a pay-per-download website ( website spreads pay-per-fill surveys in such deceptive and intrusive way. The fee is charged for a text file that, supposedly, contains the key. Be aware, note that entering a genuine key will not solve the problem.

How to remove Vegclass ransomware and decrypt files

November 21, 2016 Aleksei Abalmasov 1

Vegclass is a ransomware that is very similar to Mahasaraswati, JohnyCryptor, Ecovector and JohnyCryptor. Once Vegclass has infected your computer, it encrypts various data. After finishing encrypting process, this ransomware adds .Vegclass(@) extension to the name of all the encrypted files. It will create text file named “How to decrypt your files” in each folder with the encrypted data. Also this ransomware changes wallpaper on your desktop. Every change Vegclass makes on your PC is stating developer’s demands. These cyber criminals want you to contact them, then they will offer you to restore encrypted files by paying them a certain fee.

How to remove HappyLocker ransomware and decrypt .happy files

November 15, 2016 Aleksei Abalmasov 0

When you see the black screen with the message that your files was encrypted with “HappyLocker” it means that your system infected by ransomware. The HappyLocker Ransomware is a threat that is designed to encrypt the victim’s data and demand payment in Bitcoins to release a decryptor. Payment amount is 0.1 BitCoin or approximately 70$. HappyLocker encrypts the files with AES-256 cipher or similar. The authors of the HappyLocker Ransomware deliver the Trojan to users by using spam emails. Users get it when they are opening emails with infected attachments.

How to remove Kangaroo ransomware and decrypt .crypted_file files

November 15, 2016 Aleksei Abalmasov 0

The Kangaroo Ransomware is a serious threat to your computer. It’s a Trojan virus, that encrypts all the data placed on your hard drive. Still you can get your files and folders back, because Kangaroo Ransomware does not damage, move or delete them. After finishing the encryption process, this virus demands payment in order to “help” you with decryption. These criminals usually demand 500 – 1000 US Dollars in Bitcoins. After the payment is done, there is no guarantee that it will help you to get your data back. So please do not invest into this criminal scheme.

1 2 3 4 10