Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Remove Auinfo16@gmail.com Ransomware and Restore .Zip Encrypted Files

shutterstock_152253701Ransomware which belongs to the ACCDFISA viruses has become the reason for concerns of malware researchers. It has been reported to encode the files of the computers it infects leaving the file extension “(!! to get email id password {Unique ID} to auinfo16@gmail.com !!)” to the files which it has encoded by it. The virus is also believed to archive the files, converting them into a .zip file format. It may also modify the names of those files. Users, infected by the Auinfo16 ransomware are strongly advised into reading this material thoroughly to get familiar on how to remove Auinfo16@gmail.com ransomware from their computers and try to get the files back.

Threat Summary



Type Ransomware
Short Description Auinfo16@gmail.com ransomware, encrypts user files with what appears to be AES encryption and ask ransom money for decryption varying from the hundreds to thousands of dollars.
Symptoms The user may witness various ransom notes dropped on the desktop by Auinfo16@gmail.com, changed wallpaper and several legitimately looking Windows processes, like svchost.exe to be running with unknown license on the computer.
Distribution Method Via an Exploit kit, JavaScript, other malware or PUPs.
Detection Tool See If Your System Has Been Affected by Auinfo16@gmail.com


Malware Removal Tool

User Experience Join our forum to Discuss Auinfo16@gmail.com Ransomware.

Auinfo16@gmail.com Ransomware – Infection Distribution

To infect victim computers successfully, Auinfo16@gmail.com ransomware might use so-called process obfuscation, exploit kits as well as JavaScript and other tools which conceal its malicious files while they are being dropped on the computer.

Also, Auinfo16@gmail.com ransomware’s creators might use software that spams message automatically over the web. The software is known as spam bots, and the e-mails sent by these ransomware makers may have different content:

  • URLs which are malicious and can cause browser redirects and drive-by-downloads which can infect the user’s computer with malware.
  • E-mail attachments that have heavily obfuscated executables or other files which appear like a legitimate Microsoft Office or Adobe Reader files.

A viable technique to spread these viruses is by using adware or other unwanted programs, like browser hijackers, for instance. This software deliver advertisements and may even cause browser redirects at times. They are also ad-supported programs that can be installed incognito in combination with the installers of freeware downloaded from third-party websites. Since the ones who made those applications may not mind what type of URLs they advertise users are advised to remove such apps in case, they see them on sight.

Auinfo@gmail.com Ransomware – More Information

After it has been dropped on the victim PC, similar to the other versions of ACCDFISA ransomware, Auinfo16@gmail.com might execute a process with the same name and type as the legitimate svchost.exe critical Windows process. This payload may be located in a randomly named folder in the primary drive, for example:

C:\{Random name}\svchost.exe

The malware could also make a registry entry, creating it’s malicious svchost process to run on system boot up:

→ In the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, the value “C:\{Random name}\svchost.exe”

The malware could also drop its support files, also known as modules that might be concealed in various Windows folders:

→ %SystemDrive%

Some of these files have been reported by malware researchers to have different names and be located in the following Windows folders:

→ %ProgramData%\local\ aescrypter.exe
%ProgramData%\local\ crdfoftrs.dll
%ProgramData%\local\ svchost.exe
%ProgramData%\local\ undxkpwvlk.dll
%ProgramData%\local\ vpkswnhisp.dll
%Users%\Public\Desktop\ how to decrypt aes files.lnk
%Windows%\SysWOW64\ csrsstub.exe
%Windows%\SysWOW64\ dcomcnfgui.exe
%Windows%\SysWOW64\ tcpsvcss.exe
%Windows%\SysWOW64\ tracerpts.exe
%Windows%\SysWOW64\ ucsvcsh.exe
%Windows%\SysWOW64\ wcmtstcsys.sss
%decrypt% decrypt.exe
how to decrypt aes files.lnk

After Auinfo16@gmail.com ransomware’s encryptor is run, the malware could use protocols taken from the infamous WinRar software, making a unique method for archiving the data using a password that could be sent to servers of cyber-crooks together with a unique identifier. The identification is mention in the file extension which is added to the encoded files after they have been encrypted. For instance, in case the ID number is 111,111,111 files that have been encoded may look like this:

→ Picture.jpg.(!! to get email id password {Unique ID} to auinfo16@gmail.com !!).zip

Auinfo16@gmail.com mainly looks for files which are often used, like videos, images, document files, databases and even virtual images. It could even be set up to encode all the files, besides the ones that are crucial, by which windows can be able to run with success.

After the files have been encoded, just like other ACCDFISA malware, Auinfo16@gmail.com may change the wallpaper into a picture with ransom note:

ransomware-file-encryption-sensorstechforum-ransom-note-anti-child porn spam protection

Remove Auinfo16@gmail.com and Try Restoring the Files

In conclusion, the Auninfo16@gmail.com virus could be removed instantaneously, instead of paying any ransom money. For this to happen, we encourage you to follow the instructions we have posted underneath and remove Auinfo16@gmail.com’s malicious files from your system. For this to be maximumly effective, malware research experts recommend to use a more automated approach and scan your PC with an advanced anti-malware program. It will detect and remove files associated with Auinfo16@gmail.com Ransomware completely from the computer and protect it in the future as well.

When it comes to decoding files, at present times we cannot locate a solution which has been released. However researchers are convinced that cracking this virus should be done soon. Malware writers have included in other versions of this virus that they have conducted improvements in it’s encryption. This is why we strongly recommend to you to be very careful when trying the methods for file reverting in step “3. Restore files encoded by Auinfo16@gmail.com Ransomware” underneath and to always make backups when you try doing this process yourself

Manually delete Auinfo16@gmail.com from your computer

Note! Substantial notification about the Auinfo16@gmail.com threat: Manual removal of Auinfo16@gmail.com requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Auinfo16@gmail.com files and objects
2. Find malicious files created by Auinfo16@gmail.com on your PC
3. Fix registry entries created by Auinfo16@gmail.com on your PC

Automatically remove Auinfo16@gmail.com by downloading an advanced anti-malware program

1. Remove Auinfo16@gmail.com with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Auinfo16@gmail.com in the future
3. Restore files encrypted by Auinfo16@gmail.com
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.