Monday, 24 June 2013

Remove File Encrypting Harasom Ransomware

Video tutorial to remove file encrypting ransom-ware  'department of justice' . There are other forms of ransom-ware such as MBO  which are all part of the Win32/Harasom.A Trojan family.

This infection will also scan your computer for files that end with the .ddrw ,.pptm ,.dotm ,.xltx ,.text ,.docm ,.djvu ,.potx ,.jpeg ,.pptx ,.sldm ,.xlsm ,.sldx ,.xlsb ,.ppam ,.xlsx ,.ppsm ,.ppsx ,.docx ,.odp ,.eml ,.ods ,.dot ,.php ,.xla ,.pas ,.gif ,.mpg ,.ppt ,.bkf ,.sda ,.mdf ,.ico ,.dwg ,.mbx ,.sfx ,.mdb ,.zip ,.xlt extensions and then encrypt them. 

When the ransomware encrypts a file it will rename it as a HTML file and then embed the encrypted
file inside of it. If you then attempt to launch any of these encrypted files, you will be taken to a web page, which is currently at htxp://, that prompts you to pay the ransom in the form of a Money Store, Vanilla Reload, or Reload it voucher.

What you will need.
You will need  to download Hitman Pro, Malwarebytes and Emsisoft Harasom decrypt tool, and in worse case scenario if you can't boot into OS you may have to download and make a rescue disk to boot up off of. You can download either Kaspersky Rescue disk  or AVG Rescue disk. These links can be found on my blog  under Free Software Tools.

Follow the video tutorial below:
 Credits Brian :

The XPS viewer folder mentioned is situated in the Appdata folder. If you cannot find the Appdata folder  this is probably because the application data folder is hidden by default. You need to tell your OS so show hidden files and folders.
To do this open Windows Explorer  (windows key + E) click on Tools at top then Folder Options. Then click on the 'View' tab and check the tick box "Show hidden files and folder"

No comments :

Post a Comment