Remove “Your computer has been attacked by a virus-encoder” ransomware (Guide)

If your pictures, videos and documents are encrypted, and you are seeing a Your computer has been attacked by a virus-encoder message, then your computer has been infected with ransomware.
Your computer has been attacked by a virus-encoder malware is a file-encrypting ransomware, which will encrypt the personal documents found on victim’s computer using RSA-2048 key (AES CBC 256-bit encryption algorithm), appending a extension to encrypted files. The Your computer has been attacked by a virus-encoder ransomware then displays a message which offers to decrypt the data if a payment from 0.5 to 1.5 Bitcoins is made.


1. How did the Your computer has been attacked by a virus-encoder virus got on my computer?
2. What is Your computer has been attacked by a virus-encoder Ransomware?
3. Is my computer infected with Your computer has been attacked by a virus-encoder virus?
4. Is it possible to decrypt files encrypted by Your computer has been attacked by a virus-encoder?

1. How did the Your computer has been attacked by a virus-encoder ransomware got on my computer?

The Your computer has been attacked by a virus-encoder ransomware is distributed via spam email containing infected attachments or links to malicious websites. Cyber-criminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx. The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made. Either way, you can’t resist being curious as to what the email is referring to – and open the attached file (or click on a link embedded inside the email). And with that, your computer is infected with the Your computer has been attacked by a virus-encoder ransomware.



2. What is Your computer has been attacked by a virus-encoder Ransomware?

The Your computer has been attacked by a virus-encoder ransomware targets all versions of Windows including Windows 7, Windows 8 and Windows 10. This infection is notable due to how it encrypts the user’s files – namely, it uses AES-265 and RSA encryption method – in order to ensure that the affected user has no choice but to purchase the private key.
When the Your computer has been attacked by a virus-encoder ransomware is first installed on your computer it will create a random named executable in the %AppData% or %LocalAppData% folder. This executable will be launched and begin to scan all the drive letters on your computer for data files to encrypt.
Your computer has been attacked by a virus-encoder ransomware searches for files with certain file extensions to encrypt. The files it encrypts include important productivity documents and files such as .doc, .docx, .xls, .pdf, among others. When these files are detected, this infection will change the extension, so they are no longer able to be opened.
Known malicious emails and extensions are: mailrepa.lotos@aol.com, .CrySiS, .TREE_OF_LIFE@INDIA.COM.CrySiS, .CrySis, .locked, .kraken, .darkness, .nochance, .oshit, .oplata@qq_com, .relock@qq_com, .crypto, .helpdecrypt@ukr.net, .pizda@qq_com, .dyatel@qq_com, _ryp, .nalog@qq_com, .chifrator@qq_com, .gruzin@qq_com, .troyancoder@qq_com, .encrytped, .cry, .AES256, .enc or .hb15.
Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt
Once your files are encrypted with the malicious extension, the Your computer has been attacked by a virus-encoder ransomware will create the How to decrypt your files.txt text files ransom note in each folder that a file has been encrypted and on the Windows desktop. The ransomware will also change your Windows desktop wallpaper to How to decrypt your files.png.
These files are located in every folder that a file was encrypted as well as in the user’s Startup folder so that they are automatically displayed when a user logs in. These files will contain the information on how to access the payment site and get your files back.
When the infection has finished scanning your computer it will also delete all of the Shadow Volume Copies that are on the affected computer. It does this so that you cannot use the shadow volume copies to restore your encrypted files.

3. Is my computer infected with Your computer has been attacked by a virus-encoder virus?

If your computer is infected with the Your computer has been attacked by a virus-encoder ransomware will display a How to decrypt your files.png wallpaper that covers the entire desktop, and all your documents will not open. A How to decrypt your files.txt text file will be placed on your desktop. Both files contain instruction on how or recover the encrypted files.
The messages displayed by this ransomware infection can be localized depending on the user’s location, with text written in the appropriate language.
This the message that the Your computer has been attacked by a virus-encoder ransomware may display:
Attention!
Your computer has been attacked by a virus-encoder! All your files are now encrypted using cryptographically strong algorithm. Without the original key recovery is impossible. To get the decoder and the original key, you need to email us at [email protected] Our assistance i not free, so expect to pay a reasonable price for our decrypting services. No exceptions will be made. In the subject line of your email include the id number, which can be found in the file name of all encrypted files. It is in your interest to respond as soon as possible to ensure the restoration of your files. P.S. only in case you do not receive a response from the first email address within 48 hours, please use this alternative email address: dalailama2015@protonmail.ch

4. Is it possible to decrypt files encrypted by Your computer has been attacked by a virus-encoder ransomware?

This ransomware is notable due to how it encrypts the user’s files – namely, it uses AES-265 and RSA encryption method – in order to ensure that the affected user has no choice but to purchase the private key. The RSA public key can only be decrypted with its corresponding private key. Since the AES key is hidden using RSA encryption and the RSA private key is not available, decrypting is not available in most cases.
Brute forcing the decryption key is not realistic due to the length of time required to break an AES encryption key. Unfortunately, once the ransowmare encryption of the data is complete, decryption is not feasible without paying the ransom.
Because the needed private key to unlock the encrypted file is only available through the cyber criminals, victims may be tempted to purchase it and pay the exorbitant fee. However, doing so may encourage these bad guys to continue and even expand their operations. We strongly suggest that you do not send any money to these cyber criminals, and instead address to the law enforcement agency in your country to report this attack.
If the below tools cannot recover your files, you can try to search these webpages for updates: https://decrypter.emsisoft.com/ or https://id-ransomware.malwarehunterteam.com/

News article is edited by: yakura - 10-04-2018, 17:39

Comments 5

Mandy
Mandy 16 October 2018 01:26
很好,他们获得了补助 https://www.magicessay.org/essayroo-com评论/,现在他们应该使用补助金与人民分享知识。好帖子,谢谢分享。
Massage Singapore
Massage Singapore 8 January 2020 15:01
Tantric Massage Singapore by Nu Outcall Massage heals your tired muscle. We help you to take a break with utmost pleasurable sensation by Tantric Goddess  outcall massage singapore
Emler John
Emler John 29 March 2020 19:02
One of the most important issues that seem to happen when viruses infect computer is that they can delete important documents or files. In order to the uk solicitors your provided codes are best for remove these type of computer viruses. 
David Philp
David Philp 6 April 2020 00:17
Thanks, recently i got my computer also affected i was collecting info for Mobile Phone Prices in Pakistan but due to visiting various sites i got affected

The UK Law Blog is really against those spamers due to which our computer got attacked
WillisLagergren
WillisLagergren 23 September 2020 23:45
With CBD validcbdoil hemp oil as an ingredient, many of your favorite dishes can be easily and efficiently refreshed. CBD hemp oils blend pure hemp oil with medium chain triglyceride oils to provide the balancing effect of CBD in a versatile liquid that can be mixed with almost any type of food.
Add comment

Add comment

reload, if the code cannot be seen