Severity scale:  
  (95/100) How to remove? (Uninstall guide)

removal by Alice Woods - -   Also known as virus | Type: Ransomware


Despite the look of an email name, is yet another ransomware that may force you to say goodbye for all the photos, documents, videos and other personal files that are placed on your computer. It seems to be a new version of Crypto-ransomware. Similarly to CryptoDefense, Cryptolocker, CryptoWall and other dangerous programs, virus mainly spreads via infected email attachment and other exploit kits. In fact, it may be installed on computers after clicking on a file that contains Win32/TrojanDownloader.Elenoocka.A link, which is a Trojan horse used to install Win32/Filecoder.DG file or, in other words, virus. Once installed, this malicious program searches for certain file formats (.pdf, .ptt, .doc, .xls, .txt, jpg.) and adds a different file extension, which is After that, you will not be allowed to access your personal files anymore and will be asked to pay a ransom in order to decrypt the data. Once your personal files are encrypted, you should receive a messages in a black background stating:

Attention! Your computer was attacked by virus-encoder.
All your files are encrypted cryptographically strong, without the original key recovery is impossible!
To get the decoder and the original key, you need to to write us at the email with the subject “encryption” stating your id.
Write in the case, do not waste your and our time on empty threats.
Responses to letters only appropriate people are not adequate ignore.

This message or file is called fud.bmp and will automatically show up every time you try to open any of encrypted files. If you have no file backups, it’s very likely that you will not see them again… We highly DO NOT recommend paying the ransom because cyber criminals may not disclose a decryption code for you even after paying the ransom. Besides, you may be tricked into disclosing your banking account to online scammers and may experience further thefts from your back account. If you still decide to pay the ransom, you may be asked to install Tor Internet browser, which once installed will exhibit all the instructions how to make a payment. Of course, there is a possibility that you will receive a decryption code and will restore your files; however, who can guarantee this? Therefore, we highly recommend you to remove virus using Reimage or another reputable anti-spyware and try using R-studio or Photorec to restore your files.

How can hijack my computer?

As we have already mentioned, virus seems to be a new version of Crypto-ransomware. As the majority of dangerous computer infections, it spreads via spam emails, fake alerts, and other exploit kits. In order to avoid getting Trojan horse, which may install this ransomware on your computer, you should NEVER open emails from unknown senders, especially if it contains an attachment. Be aware that spam email messages, which spread this virus may state that it contains a very important messages and that it’s brought by an important institution. By the way, you should also be careful with various pop-up messages during browsing, which offer you to scan your PC online or offer you to install free software. This way, you may also activate Win32/TrojanDownloader.Elenoocka.A and experience file encryption right after that. If virus has already taken over your data, you should consider how to restore it without paying the fine. Besides, you should remove this virus from the system without any delay.

How to remove virus?

We highly DO NOT recommend removing virus manually since it’s a misleading computer infection that installs various files and registries. The most reliable way to get rid of this virus fully is to use a reliable anti-spyware, such as Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus.

If you are not allowed to run any of these anti-spywares, you should follow these steps:

  1. Reboot you infected PC to ‘Safe mode with command prompt’ to disable virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated anti-spyware.

One more extremely important thing that you can(and should!) do in order to safety of your data is to make backups on a regular basis. For that, you should use an external hard drive, CDs, DVDs and so on. If you haven’t backups of your files, you can try using software for restoring data.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage snapshot virus

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

Removal guides in other languages