Have you ever wondered what the most malicious computer infection that you can encounter is? If yes, here’s your answer – the representatives of the Ransomware category are, by far, the worst pieces of malware that can be found around the web. These programs, like .Raldug, .Refols, .Grovas , are extremely dangerous and difficult to deal with because they are capable of making your files or even your whole PC inaccessible for an indefinite period of time, or /allegedly/ until you agree to pay a ransom for their liberation. In this post, we will focus one of the latest Ransomware representatives called .Etols which uses a very complex encryption algorithm to take the user’s files stored on the infected computer “hostage”. You are going to read about all the characteristics of this infection in the paragraphs that follow. Besides, there are some removal instructions down below, which may help you deal with this malware by yourself in case your files have become a target of its nasty encryption.

How Dangerous is .Etols File Ransomware?

Ransomware is a special type of malware that seeks to lock something on the computer it infects in order to then ask for a ransom to be paid in return for the restoration of the access to the affected component of your device. There are Ransomware programs that can block tablets’ and mobile devices’ screens by placing a big banner on the screen which the users can’t close. Certain Ransomware versions are capable of affecting your PCs’ and laptops’ desktops’ in a similar way, making you unable to interact with the computer. In such cases, you are left unable to access anything on your computer and are expected to pay a certain amount of money in ransom for reversing that. These Ransomware forms, however, are surprisingly less problematic and easier to deal with.

However, the most common (and problematic) Ransomware category, is the file-encrypting one. .Etols belongs to that category and dealing with it can be a real challenge. Therefore, our team has attached a detailed Removal Guide below which is packed with step-by-step instructions on how to remove the infection and a professional removal tool for automatic assistance. Perhaps they will help you handle the infection even though we cannot give any promises.

Can I remove .Etols myself?

A 100% successful method against all such infections, unfortunately, does not exist. Paying the ransom to the hackers is a risky course of action which may not always lead to the desired liberation of the encrypted files. The crooks behind the infection may simply disappear without sending you the necessary decryption key for your files or may ask you to pay again and again until they decide they have extorted enough from you. Even if you, by any chance, receive a decryption key, it may not work properly and may actually cause more mess than what you already have on your hands. Therefore, if you ask us, we don’t advise you to enter into negotiation with the hackers behind .Etols. Instead, we suggest you focus on removing the active Ransomware from the computer and then give a try to the file-recovery steps that we’ve included in the guide. If you have file backups, this is when they will come into use and help you recover what that the malware has encrypted. Just make sure that before you connect your backup source you remove all the Ransomware traces from the computer, otherwise, everything you manage to restore may get encrypted again.

.Etols SUMMARY:

[add_third_banner]

Remove .Etols Ransomware Guide

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to .Etols

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the .Etols.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and .Etols , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – .Etols

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to .Etols Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: .Etols Decryption

The previous steps were all aimed at removing the .Etols Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove .Etols Virus Ransomware (+File Recovery) appeared first on Malware Complaints.

.Refols Ransomware in Detail

.Refols Virus is similar to other ransomware based infections like .Roland Virus , Veracrypt@foxmail.com , and .Grovat Virus . The Ransomware viruses are known all over the Internet and they are currently among the most widespread forms of malware that you may come across while browsing the online space. This is exactly why it’s essential to be really careful with the activities you conduct inside your browser, with the sites you tend to visit, the software you download and the sources you use to download it. Additionally, having a specialized antivirus/anti-malware program in your machine with dedicated Ransomware-detection features is also a must if you want to optimize the safety of your system. However, even then you may still get your system invaded by some nasty representative of this malware category and it is really important to know what to do should this come to happen.

Since the main topic of this post is a newly released cryptovirus Ransomware named .Refols that uses file encryption to lock up the data in the computers it infects, we assume that the majority of the people reading this write-up are here because they are no longer able to open, use or modify any of the data in their computers due to an infection with this exact malware. If that has happened to you and your antivirus software is unable to clean your computer from the infection, we advise you to read all the information that will follow in order to learn what your options are. Once the infection takes place and you can no longer open the files that have gotten encrypted, the hackers responsible for all this will make you an offer – they will ask you to pay them some money and in exchange they would give you the key that can decrypt all your data. Going for this option, however, may not be a very good idea and that is why you may be interested in exploring some possible alternative courses of action:

Can I remove .Refols myself?

We cannot tell you “do this” or “do that” because we don’t know what your specific situation is. In some cases, paying the ransom may indeed be the better option but you need to be aware of the risks related to this. Most importantly, there is always the possibility that the blackmailers may accept the money, not sending you any form of decryption key or anything else that may release your data. This means that all the money you send them would be utterly wasted and you’d still not be able to get your files back.

The alternative is to use a guide like the one here and/or a removal program such as the one we offer on this page and remove the malware from your computer. After that, you can either use your backups to bring back some of the data on the now clean computer or try some alternative data recovery steps. You can find some suggestions on what you can do to restore at least some of the sealed data inside the file-recovery section of the guide but we cannot make promises as to how effective those suggestions would be. In the end, you are the only person who can decide which course of action would best suit your needs.

SUMMARY:

[add_third_banner]

Remove .Refols Virus Ransomware Guide

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to .Refols

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the .Refols.

[add_forth_banner]

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and .Refols , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – .Refols

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to .Refols Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: .Refols Decryption

The previous steps were all aimed at removing the .Refols Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

The post Remove .Refols Virus (Ransomware Removal + File Recovery) appeared first on Malware Complaints.