Severity scale:  
  (88/100)

Virus-encoder ransomware. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Ransomware

Virus-encoder ransomware is a relatively old data locking malware that recently came back with its newest version that attaches four random letters to files after the encryption

Virus-encoder ransomware
Virus-encoder ransomware is a file locking virus that is also known as GetCrypt ransomware

Virus-encoder ransomware is a dangerous cyber-threat that focuses on locking data on the host computer and then demand ransom from its owner for the decryption tool. Initial release dates back to 2016, however, the malware recently made a comeback with the new version, dubbed GetCrypt ransomware.

Just as all file-locking viruses, Virus-encoder ransomware uses a sophisticated file locking technology that uses ancryption algorithms.[1] The original malware used AES + RSA ciphers, while the new version resorts to RSA + Salsa20. Regardless of which encryption method is used, victims cannot access their pictures, music, videos, and other data anymore, which is marked by a random extension at the end of each file.

Questions about Virus-encoder ransomware

As explained by cybercriminals in a ransom note # DECRYPT MY FILES #.txt, users need to email them via helpme@freespeechmail.org, and, later via getcrypt@cocl.li/cryptget@tutanota.com to be able to retrieve the data with the unique decryption tool that is stored on a remote server and cost a specific amount of Bitcoins. However, experts suggest avoiding any contact with the criminals and rather focus on Virus-encoder ransomware removal.

Name Virus-encoder
Also known as GetCrypt
Type Ransomware
Infiltration Rig exploit kit, 
Cipher AES, RSA, Salsa20
Contact helpme@freespeechmail.org, getcrypt@cocl.li, cryptget@tutanota.com
Ransom note # DECRYPT MY FILES #.txt
Removal  Use anti-malware software, such as SpyHunterCombo Cleaner
File decryption Make use of Emsisoft's decryptor
Recovery To restore Windows system files, scan it with Reimage

There are a variety of methods Virus-encoder ransomware could get into your machine, including via spam emails, fake updates, unprotected RDP,[2] software cracks, etc. Nevertheless, security researchers observed the latest samples of the virus being distributed via Rig exploit kit.[3]

Once inside the system, Virus-encoder virus will show the following ransom note

Attention! Your computer has been attacked by virus-encoder!

All your files are now encrypted using cryptographically strong algorithm.

Without the original key recovery is impossible.

To get the decoder and the original key, you need to email us at helpme@freespeechmail.org

Our assistance is not free, so expect to pay a reasonable price for our decrypting services. No exceptions will be made.

Later versions of Virus-encoder ransomware drop a very similar note, although the contact emails are different. Regardless of what type of message you receive, you should not get in contact with cybercriminals as it can result in money loss. Quite often, bad actors are simply not interested in sending the decryptor for the paid money and choose to ignore victims. In some cases, virus authors themselves are incapable of restoring the encoded data.

Therefore, it is best to ignore the criminals and remove Virus-encoder ransomware from your device entirely. For that, you need to employ reputable anti-malware software, because deleting the virus manually is practically impossible for a regular user. After that, experts[4] recommend scanning the device with Reimage to fix broken Windows system files, such registry.

After you terminate the infection and fix Windows system, you can connect your backup device to restore your personal files. In case you did not have any prepared, there are alternative methods that you can try – such as third-party recovery tools. Additionally, if you are infected with the latest version of  Virus-encoder ransomware, you can also try the official decryption tool that was recently released by Emsisoft security researchers.

Ransomware-type virus propagation methods and how to avoid them

Virus-encoder can infiltrate your computer via several different ways. For example:

  • It can infect your computer if you tend to open unknown email letters from unknown senders AND especially if you download the attachments from such messages. It is the most common way of the virus-encoder distribution. Such emails are often sent to business people.
  • If you tend to surf through unreliable websites, if you are browsing through a site that shows an enormous amount of ads, suggests to fill various surveys or offers to install free software, you should know that such web page is not worth your trust. Sometimes even one click can initiate execution of a malicious program.
  • If you tend to install new programs on your computer carelessly, always check if the website that provides the download link is reliable. Also, when installing new programs, select the Advanced or Custom installation setting, and deselect every statement that suggests installing unfamiliar applications.

Terminate Virus-encoder ransomware with the help of reputable security application

Virus-encoder ransomware removal should not be executed manually – cryptoviruses usually make significant changes to the Windows operating system, and restoring all the settings and fixing infected system files is not an easy task. Therefore, you should rather trust reputable security software that can do the job for you automatically.

If Virus-encoder virus is tampering with your security software, you should access a safe environment where the functionality of the threat will be disabled. Please follow the instructions below to find out how to remove Virus-encoder ransomware in the Safe Mode with Networking.

If you got infected with the latest variant of the malware, there is a good chance you can recover your files with the help of Emsisoft's decryption tool. If your System is infiltrated by the older version – you can try alternative solutions, such as recovery software. We provide all the download links and usage instructions below.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Virus-encoder virus, follow these steps:

Remove Virus-encoder using Safe Mode with Networking

If Virus-encoder ransomware is preventing your security software from running correctly, enter Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Virus-encoder

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Virus-encoder removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Virus-encoder using System Restore

You can also use System Restore to terminate the virus:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Virus-encoder. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Virus-encoder removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Virus-encoder from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Virus-encoder, you can use several methods to restore them:

Make use of Data Recovery Pro for file decryption

This software might be able to recover at least some files that are locked by the ransomware.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Virus-encoder ransomware;
  • Restore them.

Windows Previous Versions feature might be useful

This option is only viable if you had System Restore point enabled before the attack.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

In some cases, ShadowExplorer might get all your files back

ShadowExplorer is very likely to restore all your files if the malware failed to delete Shadow Volume snapshots.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Make use of Emsisoft decryption tool

Download Emsisoft's decrypter and recover your files for free if you are affected by the latest version of Virus-encoder ransomware.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Virus-encoder and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunterCombo Cleaner or Malwarebytes Malwarebytes

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

References


  1. JessicaMaela says:
    November 10th, 2015 at 10:53 am

    HELP! I AM SEEING THIS MESSAGE BUT I CANNOT FIND THE FILES TO DELETE!!! MAYBE THEY ARE NAMED DIFFERENTLY? ANY HELP WILL BE APPRECIATED THANKS

  2. mother says:
    November 10th, 2015 at 10:54 am

    this virus has destroyed my sons computer! he has lost all the files for his school, he had a lot of word and pdf files! filthy cyber-criminals, screw you!!!

  3. mojOdojo says:
    November 10th, 2015 at 10:55 am

    Have you tried to recover your files from external disks? your son did not save files for school on some usb or similar disks?

  4. 102073 says:
    November 10th, 2015 at 10:58 am

    This ransomware is frightening! Guys, I have dealt with a ransomware before, I know that the consequences of dealing with one can be really really sad. Do not hesitate and get anti-malware! It will keep your computer safe.

Your opinion regarding Virus-encoder ransomware