Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


.Noproblemwedecfiles Virus Remove and Restore Data

Article, created to help remove SamSam .NoProblemWeDecFiles ransomware and try to decrypt encrypted files by the “000-No-PROBLEM-WE-DEC-FILES.html” virus variant.

SamSam ransomware is once again back In one of its many versions. This time the virus has decided to portray the cyber-criminals as the saviors by adding the .noproblemwedecfiles file extension. This long file extension has the same name as the ransom note of the virus which is in a .html file, just like the preivous version. The cyber-criminals have also sent instructions to pay to decrypt the encrypted files by paying a hefty ransom fee. In case you have been affected by this virus it is strongly recommended not to make any ransom payoff to the cyber-criminals behind this virus. Instead, advice is to focus on removing the virus and trying to restore the files using other methods. Keep reading this material to learn how to do this, plus learn more about this SamSam ransomware variant.

Threat Summary

Name .noproblemwedecfiles virus
Type Ransomware
Short Description The ransomware encrypts files rendering them no longer openable and demands a payoff for decryption.
Symptoms Drops a ransom note, named 000-No-PROBLEM-WE-DEC-FILES.html and encrypts files with an added .noproblemwedecfiles extension.
Distribution Method Spam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by .noproblemwedecfiles virus

Download

Malware Removal Tool

User Experience Join our forum to Discuss SamSam Ransomware.

.noproblemwedecfiles Ransomware – How Does It Infect

One method this virus uses to cause an infection is via a combination of different tools and tactics. This virus corresponds to a remote server. Some crooks send test files to see if the infection will work, since they often invest highly spamming these viruses. These type of pen-testing programs give the opportunity to successfully infect the user, whether it is via malicious files sent by e-mail as attachments or malicious web links sent out via online chat.

.noproblemwedecfiles Ransomware – More Information

When we compare previous SamSam iterations, this malware might have different activities that were taken from those. One of those which are very close to the previous versions, like .VforVendetta SamSam(http://sensorstechforum.com/new-samsam-ransomware-remove-restore-vforvendetta-files/) is known In the industry as PSExec. This module is actually a file with a script, made to execute programs on infected computers remotely.

But this is not all. SamSam may also use an embedded Trojan horse in it’s code, previously known as the Samas trojan.

Once infected a given computer, the SamSam threat may begin to target often-used files on it, like documents, audio files, pictures and other data. The below-mentioned file extensions are just a small portion of types of files SamSam may encrypt:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com

After encryption, the files become no longer openable and this is due to their structure being modified, so that they become temporarily corrupt. The encrypted files look like the following:

In addition to all the damages caused by SamSam ransomware, the virus also performs several other activities, such as it may delete the shadow copies by inducing commands, like vssadmin as administrator in CMD:

→ vssadmin delete shadows /for={DrivePartition} [/oldest | /all | /shadow={Identification of the shadow copies}] [/quiet]

Remove .noproblemwedecfiles Virus and Decode Files

In order to try and decode your files or restore them, we have several suggestions. But before doing this, it is important to get rid of the malicious objects created by the virus first. Since the .noproblemwedecfiles SamSam variant uses different techniques to drop various files, “touch” files in %WINDIR% and modify the Windows Registry editor, you should know exactly which files are created and where. The usual targeted folders for the malicious files dropped by ransomware viruses are the following:

This is why, to remove SamSam, we advise you to follow the removal instructions below. You can use manual removal If you have sufficient information, but experts always prefer automated anti-malware software to do the removal more effectively and completely.

After having remove SamSam, our recommendations are to follow the alternative tools in step “2. Restore files encrypted by .noproblemwedecfiles virus”. These tools are not tested on the virus yet, so we advise you to copy the encrypted files somewhere else and test the copies instead.

Manually delete .noproblemwedecfiles virus from your computer

Note! Substantial notification about the .noproblemwedecfiles virus threat: Manual removal of .noproblemwedecfiles virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .noproblemwedecfiles virus files and objects
2.Find malicious files created by .noproblemwedecfiles virus on your PC

Automatically remove .noproblemwedecfiles virus by downloading an advanced anti-malware program

1. Remove .noproblemwedecfiles virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .noproblemwedecfiles virus
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.