Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Doctor@freelinuxmail.org Ransomware and Restore Encrypted Files

shutterstock_278999798A new type of ransomware has been detected, and it is a part of the e-mail ransomware viruses. The malware encrypts user files with a strong encryption algorithm and puts the Doctor@freelinuxmail.org e-mail address as a file extension. It also creates malicious modules and may modify Windows Registries. All users who have been affected by this ransomware are strongly advised not to contact the cyber criminals and remove the malware using the instructions provided in this article.

Name Doctor@freelinuxmail.org
Type Ransomware
Short Description The crypo-malware may encrypt user files leaving the cyber-criminal’s email address as a file extension. If contacted, the user may be asked to pay money to restore the files.
Symptoms The user may witness slow PC, Windows failing to discover a program to open his files with and unknown executable files and folders in his PC.
Distribution Method Via malicious e-mail attachments or downloaded by a previous infection on the PC.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by Doctor@freelinuxmail.org
User Experience Join our forum topic to discuss Doctor@freelinuxmail.org.

Doctor@freelinuxmail.org Distribution

This malware is distributed primarily via a malicious payload carrying executable which drops its modules onto the infected computer. The module may usually arrive in an already infected computer via a Trojan connected to the cybercriminal’s command and control centers. Such Trojans are heavily obfuscated and may update themselves to be even less discoverable. A Trojan may arrive either in a malicious web link or modified email attachments, containing malware. Users should also beware of any spam messages featuring thrid-party web links because they may also infect their systems.

Doctor@freelinuxmail.org In Detail

Users on security forums have reported several specifics about this ransomware. Once it has been activated on the victim’s PC, the crypto-malware may begin to drop its payload into the following folders:

  • %Temp%
  • %AppData%
  • %System32%
  • %Users%
  • %Roaming%

The files may contain random filenames, such as 67DB.tmp. The ransomware may also create registry values with data for the malicious modules, for example:

In the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run the value {valuename} with data to run 67DB.tmp

Furthermore, what the questionable cyber threat does is to create an ID.txt file. This file is put in randomly named folder, for example, C:/Users/{Username}/12XcBQdDISYMFs.

Similar to the Av666@weekendwarrior55.com virus, the ransomware begins acting it scans for and encrypts files that may contain the following file extensions:

.cer .crt .db .dbf .der .doc .docm .docx .groups .kwm .mdb .mdf .pem .pwm .rtf .safe .sql .txt .xlk .xlsb .xlsm .xlsx

This ransomware may also represent other risks to the user PC, such as:

  • Download other malware onto the computer.
  • Modify or delete user data.
  • Monitor user activity from a foreign host.
  • Give system information about the user PC.
  • Upload files from the victim computer.

Remove Doctor@freelinuxmail.org Ransomware and Restore Your Data

To effectively be rid of this crypto-malware it is important to break any active connection with cyber-criminals, first. To do this, you should make sure to download an advanced anti-malware scanning and removing software from a safe device. Then, you should isolate your computer from the malware by stopping the internet connection and installing the software. After this, it is strongly advisable to follow the step-by-step instructions below to properly terminate this ransomware and its malicious modules.

1. Boot Your PC In Safe Mode to isolate and remove Doctor@freelinuxmail.org
2. Remove Doctor@freelinuxmail.org with SpyHunter Anti-Malware Tool
3. Back up your data to secure it against infections and file encryption by Doctor@freelinuxmail.org in the future
4. Restore files encrypted by Doctor@freelinuxmail.org
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the Doctor@freelinuxmail.org threat: Manual removal of Doctor@freelinuxmail.org requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.