MERRY I LOVE YOU BRUCE ransomware virus removal

Today we will talk about the mysterious program that secretly penetrates the user's computer, and encrypts files. This program is now known as the Merry I Love You Bruce, although in fact it is called Merry Christmas or Merry X-Mas. For the first time we have found it at the end of 2016, and everyone hoped that it will disappear shortly after the New Year holidays. Alas, these hopes did not materialize, and the program still operates.

Today we will talk about the mysterious program that secretly penetrates the user's computer, and encrypts files. This program is now known as the Merry I Love You Bruce, although in fact it is called Merry Christmas or Merry X-Mas. For the first time we have found it at the end of 2016, and everyone hoped that it will disappear shortly after the New Year holidays. Alas, these hopes did not materialize, and the program still operates.

 

What is Merry I Love You Bruce

Title "Merry I Love You Bruce" appeared during the second wave of infection, which began in early January 2017. The program is slightly changed, and changed the name of extension that is assigned to the encrypted files. The second version of Merry Christmas has an important difference from the first version: in addition to encrypting the files, it also installs DiamondFox malware on user's computer. Encrypted files get an extension .merry. The amount of repayment has not yet been established, and most likely will not be known because the scammers are guided by the infestation of small and medium-sized companies networks. Thus, to measure the amount of ransom they need to know how much data could be encrypted and how worthy they are. It is for this reason that the amount of repayment and is not listed in the note by the requirements: the scammers do not want to lose profit if their virus will penetrate the network of more or less successful company that can pay a large sum.

We should also discuss the new Merry Christmas option - the infection of the computer with another virus. We all know that all the crooks in the first place want money, and therefore, DiamondFox malware can bring considerable profit. How does this happen? DiamondFox belongs to the virus family, called Trojans, and can be used for various purposes. So, more often DiamondFox used to spy on individual users, to collect the statistics and personal information, as well as to gain control over the infected computers. Each of these features can be extremely profitable, since reliable statistics collected directly on users' computers is always appreciated. DiamondFox collects information on the victim's system configuration, the presence of antivirus software and its manufacturer, search queries, visited websites statistics and much more. In addition, with the help of DiamondFox hackers can gain remote access to the system, and connect the infected computer to a botnet, which will subsequently be used for illegal operations. This virus can be detected by the majority of well-known anti-virus, and it can remain on victim’s PC only if the victim doesn’t use the AV-tools at all or use low-quality free software. So №1 advice: you should completely scan your PC for viruses at least once a week. If you suspect that your computer is infected - scan it until you are sure of the opposite, or will detect the virus.

How Merry I Love You Bruce penetrates user's PC

Do not think that focus on the business networks makes the program more difficult and "smarter" than ordinary ransomware. In this case, the creators only removed the ransom amount from the message with the requirements, and drafted a letter in such a way that it could be mistaken for a real subpoena. Of course, if you receive such a letter, you will be interested in its content, and try to read the complaint itself, on the basis of which the lawsuit was filed. The complaint is in the file, disguised as an Excel spreadsheet, and when you click on a file, you will activate a script that downloads to your computer the latest version of Merry I Love You Bruce ransomware. Such a distribution method has been used for decades and is still the most effective. In this regard, here’s an important advice №2: If you frequently work with e-mail, you need to learn to distinguish malicious messages from the safe ones, or start using a program like "sandbox".

How to recover the files, encrypted by Merry I Love You Bruce

We are pleased to inform you that the experts of the company EmsiSoft cracked the code of the virus, and have created a program for decoding that completely recover files encrypted virus Merry I Love You Bruce. You can download the program from the official EmsiSoft website: here, and with its help to restore files without paying for them. Also, you can restore files from backup.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1

 

  • Click System and Security

Decrypt files. Step 2

 

  • Select Backup and Restore

Decrypt files. Step 3

 

  • Select Restore files from backup
  • Select checkpoint to restore

 

How to remove Merry I Love You Bruce

Ransomware differs from the majority of unwanted programs that delete ransomware from your computer will not change the condition of the damaged file. You still have to restore them separately. The virus is removed in order to get rid of crooks monitor the system, and so you can continue to use your computer without fear of what each uploaded file is immediately encrypted. In order to remove Merry I Love You Bruce from your PC you will need a certain level of computer knowledge, as in the course of removal you will need to perform operations that are closely related to the operation of the system as a whole. Under this paragraph there are detailed instructions on how to remove Merry I Love You Bruce, but if you are not confident in your abilities, it is safer to use antivirus software that will remove virus for you.

 

 

 

Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1

 

  • Select Boot tab

Safe mode. Step 2

 

 

  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode

 

Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1

 

  • Select Appearance and Personalization

Show hidden files. Step 2

 

  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3

 

  • Press Ok

 

Step 3. Remove virus files

 

Check next folders to find suspicious files:

  • %TEMP%
  • %APPDATA%
  • %ProgramData%

 

Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder

Hosts_file_location

 

  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:

Hosts_file

 

Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot
Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code
Refresh

 Norton_scan_results

Google_SafeBrowsing_scan_results

AVG_Scan_results

What is HoeflerText and is it dangerous?

 

This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.

 

Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

White Ops unveiled the biggest botnet ever, called Methbot

White Ops cyber-security company revealed the largest botnet in history, called Methbot. In this article you’ll find full information about the net, its width and possible methods to shut it down.

CryptoMix ransomware adds .lesli extensions to files

 This brief article about CryptoMix .lesli ransomware will help you to understand what is ransomware, how you can avoid it, and how to remove it if it’s already on your PC.

 

 

This website uses cookies to improve your experience