Malware Complaints

Virus and Malware Database

  Can’t Remove .PPTX Ransomware? This page includes detailed instructions on how to remove .PPTX Ransomware that can be found at the bottom half of...

 

Can’t Remove .PPTX Ransomware? This page includes detailed instructions on how to remove .PPTX Ransomware that can be found at the bottom half of this article.

The lines down below will provide you with some key info with regards to a very malicious type of mawlare program known as .PPTX Ransomware. We have reports that .PPTX ransomware is using a standard method of distribtion through DOCX XLSX doucument types. There is evidence that the creators of this ransomware are also responsible for the ransomware .Datawait as infections started at the exact same time. The mawlare program that we are that we are refering to falls under the cryptovirus category – this is a kind of Ransomware which has the ability to seal the user’s personal computer files by employing a highly-advanced encryption code.

The next phase of the malicious program? agenda would be to notify the targeted user through a desktop pop-up about the encryption process which has just been finished and blackmail them into making a ransom transaction for the code which could be used to unlock the computer files. What this type of pop-up really serves for is to give you details with regards to the means of payment together with the possible deadlines which the online criminals may have set.

In this case, the cyber-terrorist would normally require money in return for a customized decryption code, that is supposed to be able to unlock the encrypted data. There?s more often than not a warning within the dreaded ransom note associated with future of the secured files – unless the victim pays the demanded ransom the documents could stay encoded. For those who have in recent times fallen prey to this unpleasant Ransomware program, we recommend you to check the remainder of the article, along with the tips inside the .PPTX Ransomware removal manual down the page. You have probably received a simmar message as the one that was released at zonavirus

From the same family as those who add .DOC, .DOCX; .RTF, .LOCK, etc (they add similar launch keys), today we get this ransomware that adds .PPTX to the extension of the encrypted files 
In the folders of the ciphers adds a READ_ME.txt with this text: 
______________ 
Your files are Encrypted!
For data recovery needs decryptor.
How to buy decryptor:
1. Download “Tor Browser” from https://www.torproject.org/ and install it.
2. Open this link In the “Tor Browser”
http://huhighwfn4jihtlz.onion/sdlsgdewwbhrNote! This link is available via “Tor Browser” only.
————————————————– ———–
If Tor / Tor browser is locked in your country or you can not install it, open one of the following links in your regular browser:
https://huhighwfn4jihtlz.onion.top/sdlsgdewwbhr
https://huhighwfn4jihtlz.onion.link/sdlsgdewwbhr————————————————– ———-
Free decryption as guarantee.
Before paying you can send us 2 file for free decryption.
————————————————– ———-
You unique ID
7B 5D 41 AA C4 45 5A 3B 38 8E F1 F1 23 8E 17 8C
CB FD 75 6E D9 23 2B 25 77 6E AB 3E F3 36 53 26
0B D6 AD 67 91 7C C4 DE 6D 67 0A 18 3A 71 0A 4D
32 E4 66 D7 FA 79 BD 15 82 8C 31 51 6B 92 0B 40
95 97 73 56 87 7F D0 FB 16 49 32 2F 3F 32 65 87
B2 13 14 F3 14 37 AE 16 09 A3 58 2C FD DB ED D2
68 8A 73 18 D9 44 4F FE 0A 89 06 01 A3 1E 58 80
4C 45 60 18 59 DC A0 04 21 EF D5 05 98 A5 59 C5
0C 07 AB 01 09 33 14 48 C2 A2 5F 86 78 94 0D F2
DF D3 5C 68 C6 20 21 D4 35 86 9D 0A F1 D2 83 66
A1 59 11 D1 15 10 8E F4 88 C4 E9 0E D1 83 CD C8
23 0A B1 8D 85 F8 D0 6C 84 84 91 C6 E7 B3 BE C8
46 62 00 26 E8 25 BB 49 28 AB B4 0A 87 09 40 A0
A0 AE E0 AA B1 C1 98 D8 84 D7 91 E0 33 80 93 0A
CF EF 2D 46 4C 8D FC AF A0 71 57 6F 2F F8 FD B5
74 2A 07 5C C7 43 70 6D 09 A9 92 5E 08 E2 FE 51

____________ 
The preanalisis of virustotal offers the following report> 
https://www.virustotal.com/es/file/5369c03ba39bc77210b8bada6
54db8e33b58f8dc6b2f32b17b55de665e80a852/analysis/1540975464/

As always, we remember: 

How .PPTX Ransomware Works

Viewers of this post have to be aware that Ransomware is a rather unique form of malware. It can be said that this aspect of the behaviour of Ransomware virus programs is precisely what makes them so extremely tricky to effectively handle. Whereas your anti-virus program would usually be capable of fighting off Worms and Trojan Horses, it can be completely incapable of detecting a Ransomware virus. The reason behind that is due to the unique way this sort of malware fulfils its purpose. A virus program the likes of .PPTX Ransomware does not actually cause any damage, corruption or pc malfunction, therefore, there is nothing wrong or alarming that can be recognized and stopped by your anti-malware program and recognized as malicious. But most anti-viruses will still catch the virus responsible for the distribution of the antivirus. You can find a full report at virustotal.

virus total pptx

virus total pptx

The data encryption is, in truth, a regularly used files safety mechanism, that’s usually not supposed to cause any harm. Despite the fact that file encryption is created for security purposes, in the case of a Ransomware infection, you wouldn’t originally have the decryption key – instead, you?d be pressured into sending the hacker a certain amount of money in exchange for the code. Regrettably, there aren’t many signs, which could expose this type of threat before it has successfully carried out its insidious job which is the reason why why the majority of the victims come to know about it only when it has already gotten too late. Most of the time the ransomware targets curtain folders which would likely have senstive information for the user and will rename all the files such as sample.jpg into sample.PPTX. In the picture bellow you can see some examples of this.

 

pptx ransomware files

pptx ransomware files sample

 

 

pptx ransomware files encrypted

pptx ransomware files encrypted

SpyHunter is a tool to detect malware on your computer. You will need to purchase full version to remove infections.

 

.PPTX Ransomware – Bitcoins and Payment

In case that .PPTX Ransomware has sealed your computer files, you might be eager to get them back and maybe even considering the idea of actually paying the demanded money. Generally, the sensible and recommended course of action is to always search for alternative options to the ransom money payment and only go for the money transaction in case you have no other choice and only in case retrieving the data is totally necessary at the specific moment. Something to take into consideration is the fact that there are plenty of instances of Ransomware victims who’ve carried out the transfer without receiving the decryption key and thus their money has been lost for nothing.

In fact, even acquiring the file-decryption key might not help you unlock your data files and could instead, make things even worse. In the end, it could appear that you have thrown away your money in vain since your personal data can still stay secured by the insidious virus.One additional thing to keep in mind is that choosing the ransom payment option would certainly considerably motivate the hacker to continue with their illegal and harmful scheme. An important thing which must be noted is that typically the ransom money is required in the bitcoin cyber-currency. The reason this is so important is the fact that it is virtually not possible to track the bitcoins cryptocurrency.

Sending the required ransom money to the hackers in the form of bitcoins may only allow the latter to remain anonymous and avoid getting brought to justice for their misdeeds. Obviously, to make things worse, you will certainly not receive your money back even if your personal files don’t get unsealed. One of the most profitable ransomware that is still running strong is grandcab ransomware. Because of everything we outlined so far in this section, we always advise our readers to seek out alternative solutions to any Ransomware-related issues that they could be facing. Even if you cannot recover your personal files by any alternate solutions, you should still be extremely thoughtful concerning if it is a good idea to actually accept the hacker?s requests.

.PPTX Ransomware – Prevention

These days, Ransomware cryptoviruses are all over the World Wide Web and everyone is a potential target for malware programs such as .PPTX Ransomware. The struggle against this sort of malware viruses is considerably hindered because of the lack of possible methods and alternatives for coping with such a malware invasion. Bearing this in mind, you ought to really focus on the safety of your system while it is connected to the World wide web. There are a number of measures that can be taken in this regard and many them are a simple matter of being more vigilant and considerate while surfing the web.

In order to enhance the general safety of your machine, make certain that you don?t visit sketchy and potentially hazardous sites or open up online messages which may seem like spam. Making a backup copy of all of the data files that are essential to you is one particularly effective method of taking care of possible attacks by Ransomware given that there’ll always be safe and accessible copies of your private files on the backup location. Having all your valuable computer data copied on another location can turn a Ransomware infection into a mere irritation which can generally be easily handled because the internet criminal would not have any leverage on you.

SUMMARY:

Name.PPTX
TypeRansomware
Danger Level High (.PPTX Ransomware encrypts all types of files)
Symptoms.PPTX Ransomware is hard to detect and aside from increased use of RAM and CPU, there would barely be any other visible red flags.
Distribution Method Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods.

Remove .PPTX Ransomware Guide

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: The Hosts file

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.

 

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to .PPTX RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Decryption

The previous steps were all aimed at removing the .PPTX Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Daniel Sadakov

Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

  • Afaq Ahmad

    November 16, 2018 #1 Author

    My files are Encrypted by Ransomware attack with extension file (.PPTX) how to decrypt them??
    The IP address from hosts is 127.0.0.1

    Reply

  • AFAQ AHMAD

    November 16, 2018 #2 Author

    My files are Encrypted by Ransomware attack with extension file (.PPTX) how to decrypt them??
    The ip of my hosts is 127.0.0.1

    Reply

    • Daniel Sadakov

      November 19, 2018 #3 Author

      Hi Afaq

      Once we find a decryptor we will add it to our list.

      Reply

  • Gerbrandt Ferreira

    November 19, 2018 #4 Author

    Hi, these are all the ip’s or singe ip that is giving me trouble. Can’ seem to get this ransomware of my pc. Kinda sucks.
    127.0.0.1 cpm.paneladmin.pro
    127.0.0.1 publisher.hmdiadmingate.xyz
    127.0.0.1 hmdicrewtracksystem.xyz
    127.0.0.1 mydownloaddomain.com
    127.0.0.1 linkmate.space
    127.0.0.1 space1.adminpressure.space
    127.0.0.1 trackpressure.website
    127.0.0.1 doctorlink.space
    127.0.0.1 plugpackdownload.net
    127.0.0.1 texttotalk.org
    127.0.0.1 gambling577.xyz
    127.0.0.1 htagdownload.space
    127.0.0.1 mybcnmonetize.com
    127.0.0.1 360devtraking.website
    127.0.0.1 dscdn.pw
    127.0.0.1 bcnmonetize.go2affise.com
    127.0.0.1 beautifllink.xyz

    Reply

    • Daniel Sadakov

      November 19, 2018 #5 Author

      We will report your IPs and let you know if they lead to anything. Do you seem to recognized there these IPs come from?

      Reply

  • Vladimir

    November 20, 2018 #6 Author

    Hi my files are Encrypted by Ransomware with extension .PPTX its possible fix with Spy Hunter 5 or other app

    Reply

    • Daniel Sadakov

      November 21, 2018 #7 Author

      Spy Hunter will scan your computer and potentially remove the ransomware for encrypting your files again. Unfortunately you will need a decryptor to get your files back.

      Reply

Your email address will not be published. Required fields are marked *