Russian EDA2 ransomware virus. How to remove? (Uninstall guide)

removal by Alice Woods - - | Type: Ransomware
12

Information about Russian EDA2 ransomware

EDA2 ransomware targets Russian-speaking computer users, just like Enigma ransomware did. When Russian EDA2 virus infiltrates into a computer, it checks what is the default language set on the computer. If it is not Russian, the virus uninstalls itself automatically. If the default language is set to Russian, the threat starts encrypting files stored in it. It searches for files with the extensions listed below, and then it encrypts them using AES-256 encryption algorithm.

.djvu, .djv, .rb, .epub, .html, .htm,. asp, .aspx, .php, .phtml, .xls, .xlsx, .xlsm, .csv, .ods, .asm, .c, .h, .cpp, .cxx, .h, hpp, .pas, .dpr, .bas, .bbc, .ml, .pl, .pm, .php3, .py, .java, .js, .cs, .resx, .rb, .rbw, .sd7, pdf, .psd, .txt, .rtf, .odt, .doc, .docx, .docm

After it encrypts the file, it adds .locked file extension to it. When it corrupts all data, the virus replaces desktop wallpaper with a frightening message that claims all data on the computer system has been blocked. It says that the victim can find information on how to recover files in README.html file, which can be found on computer’s desktop. Surprisingly, it seems that authors of this ransomware aren’t greedy – they ask to send them 0.1 BTC (approximately 59 USD) in exchange for a decryption key, which is required to decrypt corrupted files. The ransom price is considerably small, considering that other ransomware threats usually demand 300-700 USD.

Russian EDA2 virus commands to pay a ransom

We understand that it is your choice whether to pay up or not, but we would like to encourage you NOT to support cybercriminals, even if the ransom price is small. There is no guarantee that frauds will give you the decryption key even if you pay. Therefore, we suggest you to remove Russian EDA2 virus right away and protect your computer from future virus attacks with an anti-malware software like Reimage. If you have a backup, you can recover at least part of your files, but make sure that you need to implement a successful Russian EDA2 removal first, since this virus can encrypt data stored on removable drives, too.

How did it enter your computer system?

You can get infected with this virus after opening a malicious email attachment or by agreeing to install a bogus software update. Frauds usually send deceptive emails claiming that they are delivering some very important documents, for instance, invoice, speeding tickets, CVs, and so on. If the victim opens such email, the malware executes itself and drops infectious files into the computer system. The same can happen after downloading and installing a bogus software update. It was noticed that crooks tend to insert malicious executive files into fake Java or Adobe Acrobat updates, so you should think twice before downloading them from unknown web sources. What is more, if your computer is unprotected (if you do not have a security software), there is a possibility that a Trojan horse has slithered into the system unnoticed and silently downloaded Russian EDA2 malware.

How to remove Russian EDA2 ransomware from the computer?

If you have become a victim of Russian EDA2 virus, do not rush to pay the ransom. We recommend you to think whether it is worth paying up. Consider the possibility of losing your money along with your files, because cyber criminals might not be willing to reveal decryption key to you.

If you decide not to pay, please read Russian EDA2 removal instructions provided down below and learn how to delete malware from your computer system. We do not advise you to deal with this virus by yourself, as trying to remove its components manually can do more harm than good. If you are not experienced in computing, you risk deleting important files and corrupting the computer system. Therefore, 2-spyware researchers say that when it comes to virus removal, using an automatic virus removal software is the best option.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Russian EDA2 ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Russian EDA2 ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Russian EDA2 virus Removal Guide:

Remove Russian EDA2 using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Russian EDA2

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Russian EDA2 removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Russian EDA2 using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Russian EDA2. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Russian EDA2 removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Russian EDA2 and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author


  • William

    I had a hard drive with copies of my data – it saved my life.

  • Tom21

    I am not Russian nor I speak this language but my mother does, and she sets Russian language on the computer sometimes. Guess what, she managed to download this virus. She thought it is a document or something. Ridiculous! Now all our files are useless..

  • John

    thats a small ransom. still not gonna pay. screw cyber criminals!