Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Remove Ecovector (Vegclass) Ransomware. Restore @aol(.)com.xtbl Files

ecovector-vegclass-ransomware-stforumOur research indicates that there are at least three identical ransomware viruses currently infecting victims under different names. Ecovector and Vegclass ransomware “share” the same desktop wallpapers, and act in a very similar way. We also suspect that these two ransomware pieces are operated by the same individual(s) also spreading Green_Ray and the .xtbl extension ransomware. Encrypted files will have these extensions – .Vegclass(@)aol.com.xtbl, .{ecovector3(@)aol.com}.xtbl.

All of those crypto viruses set an email address type of extension ({.ecovector3(@)aol.com.xtbl, green_ray(@)aol.com.xtbl, etc.) and provide email addresses for contact that are quite alike. Continue reading to learn how to deal with those crypto threats.

Threat Summary

Name Ecovector (Vegclass) Ransomware
Type Ransomware
Short Description A new ransomware that has a lot in common with other “@india.com” crypto viruses.
Symptoms Files become corrupted and the wallpaper is changed to instructions on how to pay the ransom money and decrypt your files.
Distribution Method Spam email attachments, EKs, etc.
Detection Tool See If Your System Has Been Affected by Ecovector (Vegclass) Ransomware


Malware Removal Tool

User Experience Join Our Forum to Discuss Ecovector (Vegclass) Ransomware.

Other ransomware viruses we suspect to be operated by the individual or group of individuals are:

Because of their suspected Indian origin, security researchers refer to these ransomware pieces as “@india.com viruses”.

Ecovector (Vegclass) Ransomware – Distribution Method

The most likely distribution methods that Ecovector (Vegclass) crypto virus may have employed to infect the victim’s system are:

  • Malicious URLs posted as spam comments on forums or other social websites.
  • Malicious URLs featured in spam emails appearing to be sent by a legitimate service.

However, the Ecovector (Vegclass) ransomware may be spread with the assistance of other malware. We have observed that the most often malware to download crypto-viruses are MSIL Trojans and exploit kits, such as the Angler EK. Since their executables are obfuscated by the so-called cryptors or obfuscating software, it is difficult for a conventional antivirus software to detect them. The distribution malware may either open a port, connect to a host and download the malicious .exe via the port or directly create an exploit for the attackers.

Ecovector (Vegclass) Ransomware – Technical Overview

The wallpaper and text file set by this crypto virus show a message explaining that the user’s files are now encrypted and that the victim should contact the provided email address. This encouragement should make the victim contact the cyber criminals, who are then supposed to send a private decryption key.

Ransomware such as Ecovector (Vegclass) use asymmetric algorithm which means that decryption is only possible via a private key only possessed by the ransomware operators. However, note that paying the ransom is never recommended since it supports the cyber criminal business and doesn’t guarantee that the affected files will be restored. There are numerous cases of victims who have sent payments, typically in Bitcoin, but couldn’t get their files back to their normal condition. Our advice is to seek alternative restoration methods, such as the ones provided in the manual below the article.

This is the text displayed on the ransomware desktop set by Ecovector (Vegclass) ransomware:
Attention!!! To restore information email technical support send 3 encrypted files Econvector3(@)aol.com or Eco_vector(@)india.com

As mentioned in the beginning, files encrypted by this crypto virus will be appended the following extensions:

  • .Vegclass(@)aol.com.xtbl
  • .{ecovector3(@)aol.com}.xtbl

Ecovector (Vegclass) Ransomware Removal Instructions

To rid your system of Ecovector (Vegclass) ransomware, we advise you to have a look at the instructions provided below the article. If you’re an experienced user and have dealt with similar infections below, you can follow the manual guide. However, to make sure that all files associated with Ecovector (Vegclass) are fully removed from the system, it’s best to use a specific anti-malware program.

Manually delete Ecovector (Vegclass) Ransomware from your computer

Note! Substantial notification about the Ecovector (Vegclass) Ransomware threat: Manual removal of Ecovector (Vegclass) Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Ecovector (Vegclass) Ransomware files and objects.
2. Find malicious files created by Ecovector (Vegclass) Ransomware on your PC.
3. Fix registry entries created by Ecovector (Vegclass) Ransomware on your PC.

Automatically remove Ecovector (Vegclass) Ransomware by downloading an advanced anti-malware program

1. Remove Ecovector (Vegclass) Ransomware with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by Ecovector (Vegclass) Ransomware in the future
Optional: Using Alternative Anti-Malware Tools

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.