Malware Complaints

Remove Meds Virus (+ .Meds File Recovery)

.Meds

meds virus
The Meds Virus will encrypt your files

 

This post includes information and details about Meds – a hazardous malware program which the security researchers would normally call a Ransomware cryptovirus. Ransomware programs are capable of rendering the affected victim’s computer files totally inaccessible after the virus program has completed its task via a method called data-encryption. After all targeted documents have been sealed and rendered unavailable, a disturbing pop-up notification would normally get displayed on the victim’s screen. This pop-up serves the purpose of informing the targeted user that a set amount of money should be paid as a ransom if they want to regain access to the secured files. Also, in this ransom pop-up, certain directions may be provided, giving details on how the ransom money should be paid. In most of the cases, the cyber-criminals rely on threatening the Ransomware’s victim by telling them that their data is to remain sealed for good unless, of course, they make the payment. This article and the Removal Guide below, however, have been created to help all the unfortunate Ransomware victims who have been attacked by Meds to remove the nasty infection and deal with the consequences of its attack without paying ransom to anyone.

How to deal with the .Meds Virus?

The reason why Ransomware infections seem to have such a high success rate is because of the fact that this particular kind of viruses does not operate like any other form of malware. Programs like Meds, Moka, Seto don’t normally try to cause any actual harm to the system of the infected machine or mess up the data that is stored on its hard disk. The file encryption code that is utilized to render the data files inaccessible doesn’t corrupt or damage the data files. The main reason this is so important is that, as no actual harm gets done by the Ransomware, noticing the infection may become especially challenging. Given that the file-encryption is not a damaging method, the vast majority of security protection programs wouldn’t normally recognize the Ransomware process as a possible hazard and would allow it to finish its agenda without intercepting it. Due to this, unfortunately, there aren’t many instances where customers have managed to spot the malware virus on time and to stop its process before it has become far too late. What is more, there are almost no signs and symptoms of the ongoing encryption procedure and the infected victim may not be able to realize what’s happening to their documents before the appearance of the ransom-demanding pop-up message.

Can you get back your .Meds encrypted files if you pay the ransom?

In case that Meds has encrypted your computer files, you might be worried about whether you’d be able to get them back and maybe even considering the idea of actually making the ransom payment. Normally, the wise and preferred choice is to always seek some alternative options and only resort to paying the money if you have no other alternative or if restoring the encrypted documents is totally necessary at the given moment. It must be mentioned, however, that even if you decide to pay and fulfill all the hackers’ demands, there is no way of knowing whether you’d really get the decryption key for your files or not. On the flip side, it’s also entirely possible that the decryption key you obtain may still not work and, in some instances, it may even make the matters worse. In either of those cases, the end result would be that you would have thrown away your money without getting your computer data unlocked. Another thing to consider would be the fact that going for the money transfer could also drastically contribute to the cyber-criminal’s shady scheme. Due to that, we believe that it really is always preferable to try alternative approaches, such as the ones in the removal guide below, for unsealing your personal data and having the Ransomware removed.

SUMMARY:

Name Meds
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.

 

 

 

 

 

 

Remove Meds Virus

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Meds

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Meds.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Meds , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Meds

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to Meds RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Meds Decryption

The previous steps were all aimed at removing the Meds Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.