How to remove File Spider and restore encrypted files (Updated)

That entry is dedicated to ransomware called File Spider that infects machines around the world, but focus on Serbia and Herzegovina. In this article, you will find information about its essence, and how to eliminate malware from your system. Besides, we'll tell you how to restore the cyphered files and is it possible.

 

 

Ransomware can infect system through windows exploits and trojans, but it is not about File Spider. This perilous program infects system via phishing e-mails with fake debt at a local bank. The letter text is on serbian language. Document contains malicious macros with Powershell and after user opens it, virus create Spider folder in application data and put there enc.exe file. Enc.exe file opens website with free javascript, downloads malicious javascript and then launches another two files (enc.exe and dec.exe) which encrypt data. Virus creates HOW TO DECRYPT FILES.url in each folder with encrypted files. This file contains link to the video with removal instructions. When virus encrypt all files, it shows to the victim message with ransom requirement.

 

THIS WILL DECRYPT YOUR FILES

During encryption process a unique key has been generated, used to encrypt your files, and then destoyed. To decrypt your files you need that key. We call that key a Decryption Key. You can not use the key from other PC, it wont work, you need a key coresponding to your PC. Your Decryption Key, required for decryption process, can be generated only from something that we call a ID Code, you will find that code below.

This is your ID Code, copy it carefully.

[ID]

THIS WILL DECRYPT YOUR FILES

Enter your Decryption Key and click Start Decrypting, seat back and relax, in few minutes you will have full access to all your files!

Decryption Key:

[ ... ]

0 Files decrypted. [Start Decrypting]

 

When encrypting files, File Spider switches the extension of files to .spider, and the amount of ransom is 0.00725 BTC. Hackers use RSA-2048 encryption algorithm and its impossible to brutforce decryption key. The only method to decrypt the information is to obtain encryption keys via flaws in the virus code. But you can restore files using backups.

 

Well, before common instruction of ransomware removal, read the advices not to be victim again. Unfortunately, most people realize the importance of PC knowledge just after ransomware infection. It's very easy to decrease the chances to get ransomware if you follow these tips.

 

 

  • Be careful with the messages that contain files. The #1 model of scam e-mails is the notification about prize gaining or parcel receiving. You also should keep an eye on business correspondence, particularly if the sender and the content is unknown.
  • Do not accept any alterations to the computer, coming from unknown programs. The simplest way of data recovery is the recovery from Shadow Copies, and scammers have added the deletion of shadow copies in the basic functionality of malware. Anyway, deleting of copies requires administrator rights and acceptance from the user. The moment of thinking before accepting the changes can save your information and your money.
  • Keep an eye on the performance of your workstation. Information encryption is a sophisticated act that uses a high amount of hardware resources. When the ransomware starts to operate, the PC slows down, and the encrypting process is visible in Process Manager. You can recognize this moment and switch off the system before information will be fully encrypted.

 

 

We draw your attention to the fact that deleting ransomware is just a first and mandatory turn for the safe operation of the system. To recover the information you should familiarize with the tips in the below paragraph of our entry. To remove File Spider, user has to launch the system at safe mode and run the scanning via antivirus software. We do not recommend you to remove ransomware manually, because it has many protection mechanisms, which can counteract you. Qualitative encrypting viruses are able to totally erase corrupted data, or part of it, when trying to uninstall the virus. To neutralize this, follow the advices below.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.

 

 

 

Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1

 

  • Select Boot tab

Safe mode. Step 2

 

 

  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode

 

Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1

 

  • Select Appearance and Personalization

Show hidden files. Step 2

 

  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3

 

  • Press Ok

 

Step 3. Remove virus files

 

Check next folders to find suspicious files:

  • %TEMP%
  • %APPDATA%
  • %ProgramData%

 

Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder

Hosts_file_location

 

  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:

Hosts_file

 

Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Download Spyhunter - Anti-malware scanner

Why we recommend SpyHunter

Spyhunter removes malware fully

It protects the system against all kinds of threats: viruses, adware and hijackers

24/7 Free Support Team

More about Spyhunter: User manual, System requirements, Terms of service, EULA and Privacy policy


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

After erasing the ransomware from the system, you should get back the encrypted data. It's impossible to decrypt the files, but we'll recover them through OS functionality and the additional programs (Recuva and Shadow Explorer). There are the few exceptions, but most of the time file restoration takes plenty of time and efforts. If you want to restore files from backups, follow this instruction:

  • Click Start
  • Click Control Panel

Decrypt files. Step 1

 

  • Click System and Security

Decrypt files. Step 2

 

  • Select Backup and Restore

Decrypt files. Step 3

 

  • Select Restore files from backup
  • Select checkpoint to restore
Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code
Refresh

 Norton_scan_results

Google_SafeBrowsing_scan_results

AVG_Scan_results

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?

 

This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.

 

Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

White Ops unveiled the biggest botnet ever, called Methbot

White Ops cyber-security company revealed the largest botnet in history, called Methbot. In this article you’ll find full information about the net, its width and possible methods to shut it down.

 

This website uses cookies to improve your experience