Despite the look of an email name, Fud@india.com is yet another ransomware that may force you to say goodbye for all the photos, documents, videos and other personal files that are placed on your computer. It seems to be a new version of Crypto-ransomware. Similarly to CryptoDefense, Cryptolocker, CryptoWall and other dangerous programs, Fud@india.com virus mainly spreads via infected email attachment and other exploit kits. In fact, it may be installed on computers after clicking on a file that contains Win32/TrojanDownloader.Elenoocka.A link, which is a Trojan horse used to install Win32/Filecoder.DG file or, in other words, Fud@india.com virus. Once installed, this malicious program searches for certain file formats (.pdf, .ptt, .doc, .xls, .txt, jpg.) and adds a different file extension, which is .firstname.lastname@example.org. After that, you will not be allowed to access your personal files anymore and will be asked to pay a ransom in order to decrypt the data. Once your personal files are encrypted, you should receive a messages in a black background stating:
Attention! Your computer was attacked by virus-encoder.
All your files are encrypted cryptographically strong, without the original key recovery is impossible!
To get the decoder and the original key, you need to to write us at the email email@example.com with the subject “encryption” stating your id.
Write in the case, do not waste your and our time on empty threats.
Responses to letters only appropriate people are not adequate ignore.
This message or file is called fud.bmp and will automatically show up every time you try to open any of encrypted files. If you have no file backups, it’s very likely that you will not see them again… We highly DO NOT recommend paying the ransom because cyber criminals may not disclose a decryption code for you even after paying the ransom. Besides, you may be tricked into disclosing your banking account to online scammers and may experience further thefts from your back account. If you still decide to pay the ransom, you may be asked to install Tor Internet browser, which once installed will exhibit all the instructions how to make a payment. Of course, there is a possibility that you will receive a decryption code and will restore your files; however, who can guarantee this? Therefore, we highly recommend you to remove Fud@india.com virus using Reimage or another reputable anti-spyware and try using R-studio or Photorec to restore your files.
How can Fud@india.com hijack my computer?
As we have already mentioned, Fud@india.com virus seems to be a new version of Crypto-ransomware. As the majority of dangerous computer infections, it spreads via spam emails, fake alerts, and other exploit kits. In order to avoid getting Trojan horse, which may install this ransomware on your computer, you should NEVER open emails from unknown senders, especially if it contains an attachment. Be aware that spam email messages, which spread this virus may state that it contains a very important messages and that it’s brought by an important institution. By the way, you should also be careful with various pop-up messages during browsing, which offer you to scan your PC online or offer you to install free software. This way, you may also activate Win32/TrojanDownloader.Elenoocka.A and experience file encryption right after that. If Fud@india.com virus has already taken over your data, you should consider how to restore it without paying the fine. Besides, you should remove this virus from the system without any delay.
How to remove Fud@india.com virus?
We highly DO NOT recommend removing Fud@india.com virus manually since it’s a misleading computer infection that installs various files and registries. The most reliable way to get rid of this virus fully is to use a reliable anti-spyware, such as Reimage or Malwarebytes MalwarebytesCombo Cleaner.
If you are not allowed to run any of these anti-spywares, you should follow these steps:
- Reboot you infected PC to ‘Safe mode with command prompt’ to disable virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated anti-spyware.
One more extremely important thing that you can(and should!) do in order to safety of your data is to make backups on a regular basis. For that, you should use an external hard drive, CDs, DVDs and so on. If you haven’t backups of your files, you can try using software for restoring data.