Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove TeslaCrypt 4.1b and Restore Your Files

ransomware-virusWell-known and widely feared ransomware pieces such as TeslaCrypt and CryptoWall are constantly being improved and as a result, new versions are released. According to Bleeping Computer, TeslaCrypt 4.1b has just surfaced the Web, as a user has submitted a sample of the threat. It is too early to say exactly which features of the ransomware were modified.

Name TeslaCrypt 4.1b
Type Ransomware
Short Description The ransomware encrypts the victim’s files and demands payment.
Symptoms The user may witness several files beginning with the name “RECOVERY” on his desktop which are the ransom notes.
Distribution Method Not known yet but highly likely via exploit kits.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by TeslaCrypt 4.1b
User Experience Join Our Forum to Discuss TeslaCrypt 4.1b.

What Do We Know about TeslaCrypt 4.1b?

Even though little is known about this version, some information is available thanks to the ransom note. The ransom note used by this version of TeslaCrypt doesn’t appear to have any big changes. However, two new payment gateway hosts are available at the following locations:

  • p23cb.bobodawn.at;
  • y4bxj.adozeuds.com.

Learn More about TeslaCrypt 4.0

As with other ransomware, once TeslaCrypt is executed on your system and file encryption is initiated, the ransomware will connect to its command and control servers and will send an encrypted post message. The decrypted post message will contain values, one of which is called ‘version’ and contains TeslaCrypt 4.1b.

Researchers at BC also report that this version of TeslaCrypt uses the WMIC utility to delete Shadow Volume copies. The command used by TeslaCrypt 4.1b to delete Shadow Volume copies is the following:

C:\Windows\system32\wbem\WMIC.exe shadowcopy delete /nointeractive.

Here is a list of the files created by the latest version of TeslaCrypt:

→%UserProfile%\Desktop\-!RecOveR!-[random_chars]++.Txt
%UserProfile%\Desktop\-!RecOveR!-[random_chars]++.Htm
%UserProfile%\Desktop\-!RecOveR!-[random_chars]++.Png
%UserProfile%\Documents\[random].exe
%UserProfile%\Documents\-!recover!-!file!-.txt
%UserProfile%\Documents\desctop._ini

Here is a list of the registry entries added by the threat:

→HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[random] C:\Windows\SYSTEM32\CMD.EXE /C START %UserProfile%\Documents\[random].exe
HKCU\Software\[victim_id] HKCU\Software\[victim_id]\data

How Can I Remove TeslaCrypt 4.b1 and Can I Restore My Files?

To remove TeslaCrypt, consider following the steps in the removal instructions below. They include scanning your system for TeslaCrypt 4.1b via a strong anti-malware program. After the threat has been removed, we strongly advise you to use cloud backup or external drive to protect your data from future ransomware and malware attacks.

As for file restoration, you can refer to the alternative methods illustrated in Step 4 in the manual below. Keep in mind that they are not 100% effective, and there is no guarantee that you will restore your files in good condition. The good news is some of our forum users have managed to restore some of their data. If you decide to use the data recovery software method, we advise you NOT to reinstall Windows or format your hard drive because it may wipe every chance of file restoration by clearing the sectors of the drive.

1. Boot Your PC In Safe Mode to isolate and remove TeslaCrypt 4.1b
2. Remove TeslaCrypt 4.1b with SpyHunter Anti-Malware Tool
3. Back up your data to secure it against infections and file encryption by TeslaCrypt 4.1b in the future
4. Restore files encrypted by TeslaCrypt 4.1b
Optional: Using Alternative Anti-Malware Tools
NOTE! Substantial notification about the TeslaCrypt 4.1b threat: Manual removal of TeslaCrypt 4.1b requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.