What is FileCoder?
FileCoder (can also be found as Win32/Filecoder.EM, Win32/Filecoder.Q, Win32/Filecoder.AA, Win32/Filecoder.W) is a term, which has been used when discussing about malicious programs that are categorized as ‘ransomwares’. If you can’t open your photos and other useful documents (music files, business documents, video files, etc.), then you should double check your computer. It might be that it has been affected by one of these viruses. As soon as FileCoder infiltrates the system, it starts looking for required files. As we have already mentioned, such programs are especially interested in audio files, music files, art, text documents and photos. Here are file extensions that are usually blocked by this threat: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx, etc. Once all of these files are detected, they are encrypted. For giving people an ability to decrypt these encrypted files, FileCoder asks to pay a ransom. This ransom is not the small one. Typically, ransowmares require to pay from $100 to $500 in exchange for a decryption key that is needed for unlocking blocked files.
In this case, you should think about extra copies of your important files. You should always make them for protecting yourself. If you don’t have them, you may be left with nothing. We don’t recommend paying a ransom because there is no guarantee that you will receive the decryption key, which is needed. In this case, you should run a full system scan with Reimage or other reputable anti-spyware and remove infected files. In addition, try R-Studio or Photorec for decrypting your files.
How can FileCoder infect my computer?
Similarly to Cryptowall, Cryptolocker and CTB Locker, FileCoder is mostly spread with a help of trojan horse, which is capable of infiltrating the system thru its backdoors. Typically, such trojans are hidden in misleading emails that report about allegedly important things, such as various purchases, unpaid bills and similar thing that could trick people into downloading an infected email attachment. Please, do NOT do this because it is a straight way to downloading a virus to the system. In addition, you may also infect your machine with filecoder virus by clicking on misleading alert that tells you to update your Java, Flash Player or similar program. If this trojan enters the system, it executes FileCoder virus and wait for commands. The most interesting this is that Filecoder is not saved as a file to the hard drive. It only runs in computer’s memory.
How to remove FileCoder malware?
If FileCoder has already affected your files, you should start with a full system scan. For that we highly recommend using Reimage,Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Malwarebytes Anti Malware. Mac OS X users should try Webroot SecureAnywhere AntiVirus.
If you want to restore the connection to your files, you should try using their backups or, if you don’t have them, try to run one of these file recovery tools as R-Studio or Photorec. Besides, Kaspersky Lab has also presented a tool for decrypting encrypted files, so you should also try Kaspesky Ransomware Decryptor. Please, do NOT pay a fine because this doesn’t guarantee that you will receive a key required for the decryption of your files.
We highly recommend thinking about the prevention of such infections like filecoders. For that you can use previously mentioned programs. Besides, don’t forget to think about the immunity of your files and backup. For that you can use USB external hard drives, CDs, DVDs, or simply rely on online backups, such as Google Drive, Dropbox, Flickr and other solutions. More information about backups can be found in this post: Why do I need backup and what options do I have for that?