Reco ransomware (Free Guide) - Removal Instructions
Reco virus Removal Guide
What is Reco ransomware?
Reco ransomware is the cryptovirus that affects pictures, documents and other files with encryption once it gets on the system
Reco ransomware virus is almost the same as other versions in the family, but recent variants cannot get decrypted by researchers that previously developed STOP virus decrypter. Encryption process that got perfected recently affected this decryption method. Right now, files encoded by this threat can be either restored with third-party data recovery or using file backups stored on the remote device. There are some possibilities to get files recovered with the help of researchers by using their services, but that is either pricy or working with offline keys only. Nevertheless, we list everything that you can go through to find the perfect solution. You should be very careful with file recovery since the core file might be loaded in the system folder and encryption repeats itself again later.
| Name | Reco ransomware |
|---|---|
| Type | Cryptovirus |
| Family | Djvu/Stop virus |
| Contact information | gerentoshelp@firemail.cc |
| File marker | .reco is the appendix that gets added at the end of the file name and indicates encrypted data |
| Ransom note | _readme.txt file contains instructions on further steps and states that victim need to pay to a particular Bitcoin address to get the opportunity of file restoring |
| Decryption possibilities | |
| Distribution | Files infected with a malicious script gets loaded as email attachments or included in the software crack package. Various samples show that payload droppers get activated by downloading check codes for video games, pirated software |
| Damage | This malware can alter settings on the machine, disable programs or delete certain files. Particular modifications may damage the device and affect file recovery later on |
| Elimination | A thorough system scan using anti-malware tools can help remove Reco ransomware completely from the machine. You also would benefit from virus damage removal with FortectIntego |
When it comes to crypto-extortion based threats like Reco ransomware, infiltration starts with a payload dropper which gets included in the pirated software packages from torrent sites or attached to emails with forged header information. Such spam emails trick you into believing that shipping or retail company is sending you notifications. However, when you believe that FedEx, DHL, or any other service contacted you, malware can freely get on the system. There is a need for triggering malicious macros[1] that get laced in the document or PDF.
Unfortunately, once that is done Reco ransomware loads on the machine and starts with file encryption immediately. Files in various formats get locked: mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, pdf, .pdd, .psd, .dbf, .mdf, pptm, .pptx, .ppt, .xlk, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt and then marked with .reco, that indicates the name and type of malware.
This typical cryptovirus then demands the payment from victims in a ransom note generated in a text file. Reco ransomware developers try to build trust with victims, so discount and test decryption for one file get offered. However, paying is not getting you anywhere.[2]
Reco ransomware ransom note shows the following text:
ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-sTWdbjk1AY
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.To get this software you need write on our e-mail:
gorentos@bitmessage.chReserve e-mail address to contact us:
gerentoshelp@firemail.ccYour personal ID:
You should go straight to Reco ransomware removal and file recovery planing instead of contacting the extortionists or paying the hefty amount of $980 in Bitcoin. Experts[3] note that criminals are not concerned about your belongings and only focuses on getting money. 
Reco ransomware makes an effort to trick people into paying for the alleged decryption while this is not the best option. Previously, the official decryption tool was developed and updates once a new variant came out, but now that is useless for the other versions.
The first thing you can do when encountered the Reco ransomware or another virus is to check for decryptor:
- https://www.nomoreransom.org/en/decryption-tools.html
- https://www.emsisoft.com/ransomware-decryption-tools/
- https://noransom.kaspersky.com/
- https://www.avast.com/ransomware-decryption-tools
- https://www.quickheal.com/free-ransomware-decryption-tool/
However, when there is nothing officially created for this particular Reco ransomware virus, it is better to stay away and focus on malware elimination. There are a few other options when your files get encrypted using offline keys, a possible tool for some of your data.
But we recommend performing the automatic Reco ransomware removal when you store those encrypted files for the latter occasion. This can be dome with anti-malware tools and security software that helps to clean your device from virus damage, associated files, related programs.
Besides the encryption Reco ransomware can also place other files and programs, so you need to eliminate them all. When anti-malware tools like FortectIntego can manage to eliminate virus traces, some alterations may be left behind. Find a file loaded in C:\Windows\System32\drivers\etc\ and delete it to avoid further infection. For other instances when Shadow Volume Copies get eliminated, you should check the guide below. 
Research before you blindly rely on the source or software
Getting anything from the internet should raise more questions, especially when choosing the program provider or a website you get the software from. There are tons of websites related to suspicious providers or even sources like torrents, public pirating services. These providers are not disclosing the risk properly, so you cannot know about the cyber infection possibility.
Based on some malware samples, this version of the cryptovirus comes in torrent packs delivering:
- video games;
- game check codes;
- pirated software;
- tools for picture editing;
- serial numbers of the licensed software or game versions.
Also, emails with false information about shipping details can trick the person into downloading infected file attachments. Pay attention to anything received on the email box and websites, services you use and visit constantly. Rely on official developers and providers instead of free pages.
Reco ransomware elimination is a difficult process, so make sure to use professional tools
Reco ransomware virus is the malware that alters functions and disables some tools, programs running on the system. There is no easy way to tackle all those alterations manually, so you need to check the machine for virus damage automatically with the help of anti-malware tools.
When you rely on Reco ransomware removal and employ proper software for that, you can follow the scan results and see what programs and files got detected as malicious. Choosing the right tool is not that difficult when you go for reliable sources.
Databases that get used by antivirus tools depend on many factors, anti-malware engines, for example, so when you remove Reco ransomware and need to make sure that threat is completely deleted, get FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes and double-check again.
Terminate Reco ransom-demanding virus with the help of this video guide
This is the malicious program that spreads around via suspicious emails received from unknown senders that can load a few files on the machine at once. Unfortunately, software crack packages also deliver a bundle of files on the machine. To fully terminate this infection and get rid of the possible risks, you need to make sure that all parts of the virus, associated files and programs get deleted completely. The video shows you all the steps needed to take when you want to get back to a virus-free system, so follow them closely.
Getting rid of Reco virus. Follow these steps
Manual removal using Safe Mode
Reboot the machine in a Safe Mode with Networking, so you can eliminate Reco ransomware completely from the system without virus interuption
Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
Downloads
Recycle Bin
Temporary files - Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
After you are finished, reboot the PC in normal mode.
Remove Reco using System Restore
System Restore is the feature that allows recovering the machine in a [reviours state where Reco ransomware was not running
-
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
-
Select Command Prompt from the list
Windows 10 / Windows 8- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
-
Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
-
Step 2: Restore your system files and settings
-
Once the Command Prompt window shows up, enter cd restore and click Enter.
-
Now type rstrui.exe and press Enter again..
-
When a new window shows up, click Next and select your restore point that is prior the infiltration of Reco. After doing that, click Next.
-
Now click Yes to start system restore.
-
Once the Command Prompt window shows up, enter cd restore and click Enter.
Bonus: Recover your data
Guide which is presented above is supposed to help you remove Reco from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.If your files are encrypted by Reco, you can use several methods to restore them:
Data Recovery Pro is the software allowing to get your files back to a useful stage
Once Reco ransomware encodes files they become useless and unopenable, so rely on this thrid-party program to get them back in use
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by Reco ransomware;
- Restore them.
Windows Previous Versions is the feature of your OS that helps as alternative for file backups
When you enable the System restore, Windows Previous Versions works for file restoring
- Find an encrypted file you need to restore and right-click on it;
- Select “Properties” and go to “Previous versions” tab;
- Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
ShadowExplorer feature for your file locked by Reco ransomware
When malware leaves Shadow Volume Copies alone, you can rely on ShadowExplorer
- Download Shadow Explorer (http://shadowexplorer.com/);
- Follow a Shadow Explorer Setup Wizard and install this application on your computer;
- Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
- Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.
Decryption tool officially is not developed yet
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Reco and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.
If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.
If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.
- ^ Margaret Rouse. Macro virus. Techtarget. Search security.
- ^ To pay or not to pay ransomware: A cost-benefit analysis of paying the ransom. Emisoft. Simply security blog.
- ^ Losvirus. Losvirus. Spyware related news.