RSAUtil ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

RSAUtil ransomware is still active in 2017

RSAUtil virus

RSAUtil virus is a crypto-ransomware [1] which is coded to run a complex encryption algorithm on the infected computer and corrupt files, making their content unreadable[2]. The malware itself is programmed using Delphi language[3] which is a rather uncommon programming language for ransomware development. When it comes to the program’s behavior on the computer, there are several things that stand out.

First, it’s the ransom note called How_return_files.txt. The note gets dropped on the infected device to inform the victims about what has happened to their files and offer some recovery suggestions. In this case, extortionists indicate two email addresses helppme@india.com and hepl1112@aol.com which the victims suppose to contact in order to get further data recovery instructions.

Another trait typical to this virus are the extensions [4] it appends to the infected files. The experts have analyzed a malware sample which adds .helppme@india.com.ID83994902 extensions, but we should point out that the ID number is likely to change with each individual attack.

The hackers will undoubtedly try to convince you to pay for your files, but the expert recommends to remove RSAUtil from the computer instead. This way, you will not support the wrongdoers and protect yourself from being robbed of your money, in case the criminals get away with your money without sending you the data recovery key they promise.

The ransomware emerged in May 2017, and it seems that its developers continue to distribute it. Although this virus isn't one of the most prevalent ones, we see an increased activity of it in August 2017.

If your PC was compromised, we recommend scanning your device with antivirus software like Reimage to clean up every last bit of ransomware from your computer. Then, you may try to recover your files following professional software we introduce below the article.

RSAUtil virus

If you have not been hit with this malware yet, we highly recommend you reevaluate the security of your device and make backup copies of your files.

Having backups [5], you will calmly bypass any ransom demands and recover your files without spending a penny. Please keep in mind, though, that the storage drives on which you keep your backups must be unplugged from the device, otherwise, the virus may affect them too. So, before you try to recover your data, take care of RSAUtil removal first.

Virus distributed via mail spam and RDP attacks

The main techniques used by this crypto-ransomware are these:

  • The described ransomware is known to be distributed via RDP attacks. The hacker gets into remote desktop services illegally and uploads a pack of files on them. The package consists of several files, including a configuration file that is responsible for ransomware execution and clearly, the ransomware itself.
  • Another technique used by fraudsters is malspam. Infected email attachments carrying documents supposedly relevant to the user is the bait that unsuspecting users still take very often. Scammers usually show outstanding skills when it comes to crafting fake emails.

Please remember that the emails you may receive from governmental institutions or other trustworthy-looking sources may not always be what you expect them to. In fact, you should be especially careful with them because names of such organizations are very often used as marionettes for executing malicious scams.

It is likely that RSA Util may arrive on the computers disguised as attached tax return information, invoices or other documents, so our suggestion is to be careful when downloading them and executing them on your computer.

Eliminate RSAUtil ransomware virus professionally

If you want to perform a successful RSA Util removal, remember that you will not do it any way better than by employing professional antivirus software and allowing it to go through the entire infected system automatically.

The antivirus tools will remove RSAUtil and all of its undesirable components from your computer, giving you the freedom to enjoy your regular activities instead of spending hours, hunting down malicious files.

Nevertheless, even the automatic ransomware removal may be challenging. For instance, the virus may block your security utility from running the system scan. If this happens, you will have to follow the manual virus decontamination procedure and try running the system scan again.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove RSAUtil ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall RSAUtil ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual RSAUtil virus Removal Guide:

Remove RSAUtil using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

The mentioned antivirus-blocking solution can be solved by following the guidelines below:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove RSAUtil

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete RSAUtil removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove RSAUtil using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Here is how you can decontaminate RSAUtil and initiate system scan for a definite virus elimination:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of RSAUtil. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that RSAUtil removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove RSAUtil from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by RSAUtil, you can use several methods to restore them:

Method 1: file recovery with DataRecoveryPro

The tutorial below illustrates how to use DataRecoveryPro and restore files encrypted by RSAUtil ransomware

Method 2: restore data with Windows Previous Versions feature

Learn how to use Windows Previous Versions feature in the following guidelines:

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Method 3: recover files from system backups with Shadow Explorer

Use Shadow Explorer like shown below:

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Method 4: Free RSAUtil decryptor

Unfortunately, free RSAUtil decryptor has not been released yet. Please check back later.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from RSAUtil and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

References