Seeing !#_restore_files_#!.inf file on your computer is a bad sign:
Seeing !#_restore_files_#!.inf is a malicious file which is associated with one of today’s most active file-locking cyber infections, the BTCware virus. This parasite belongs to the family of infamous viruses known as ransomware. These viruses apply strong encryption algorithms to render victims’ files unreadable and append them with new extensions, in this case, they may be .blocking, .xfile, .master, .cryptobyte and a few others. Hackers are the only ones who have the deciphering keys, so they will play this card when trying to coerce the victims to buy them. This is where the !#_restore_files_#!.inf file becomes necessary. It contains a brief explanation of what happened to the computer, as well as includes ransom payment instructions. Here is a transcript of the note:
Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail: firstname.lastname@example.org
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE]
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[HOW TO OBTAIN BITCOINS]
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller
by payment method and price
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours – your key has been deleted and you cant decrypt your files
Your ID: –
Please keep in mind that other BTCware versions may display the same note inside the #_HOW_TO_FIX_!.hta.htm file as well. Talking about the content of the ransom note itself we could say that they are quite informative compared to the brief or non-existent notes amateur ransomware developers typically drop on the infected computers. This proves that BTCware creators are serious about their business and aim to make their campaign as successful as possible. Indeed, the malware has been accumulating quite a significant profit until it was decrypted. That’s right, what !#_restore_files_#!.inf note doesn’t tell you is that you can now decrypt your files for free using Avast or Michael Gillespie’s BTCware decrypters. After you are done with the decryption, you can remove !#_restore_files_#!.inf and the rest of the ransomware files from your PC with the help of Reimage Reimage Cleaner or other reputable antivirus utilities.
The malicious file enters computer along with the ransomware
!#_restore_files_#!.inf cannot infiltrate your PC by itself. It is a part of ransomware; thus it only gets deployed on the computer after the BTCware executes its malicious payload. You may unknowingly acquire this dangerous program after downloading suspicious email attachments, obtaining shady software from random websites or clicking on deceptive online ads. Besides, the !#_restore_files_#!.inf note will not show up on your PC immediately after the virus infiltration. The malware will first encrypt the files stealthily and drop this document after the process is done.
Terminate BTCware to remove !#_restore_files_#!.inf from your PC
While it may seem rational to remove !#_restore_files_#!.inf and other BTCware files from the computer one-by-one, it is highly unrecommended. This ransomware is a complex virus which means that any mistake made while eliminating it may result in disastrous consequences. You may even lose your files permanently. Thus, it is best to leave the BTCware elimination procedure to the professionals. In particular, you should allow your antivirus software to take care of it. The security software will perform !#_restore_files_#!.inf removal automatically, so you will not have to worry about accidentally leaving some vicious ransomware files on your PC unattended.