.adr File Virus (PyteHole) – Restore Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

.adr File Virus (PyteHole) – Restore Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .adr Virus and other threats.
Threats such as .adr Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Article created to display how to remove PyteHole also known as pyte-hole ransomware from your computer and how to restore files encrypted by this virus.

A new ransomware infection has appeared, appending the .adr file extension to the files encrypted by it. The virus aims to get victims whose files are encrypted to make a hefty ransom payoff in order to restore files that have been encrypted by it. In addition to this, the virus may also perform additional malicious activity such as obtain system information and delete backups. In case your computer has been infected by PyteHole ransomware, recommendations are to immediately remove this infection after which try to recover the encrypted files. If you are a victim, we advise you to read this article thoroughly.

Threat Summary

Name

.adr Virus

TypeRansomware
Short DescriptionEncrypts documents, text files, pictures, database files, images, archives audio files, asking for a ransom payoff to make them openable again..

SymptomsUsers may witness their PC to restart after which all the files that are important may be no longer openable with an added .adr file extension to them.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by .adr Virus

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss .adr Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does .adr PyteHole Infect

For the infection process, PyteHole ransomware may take advantage of a combination of tools that:

Combine software with malware (file joiners).
Conceal the malicious files from Windows and antivirus programs. (obfuscation software).
Perform the infection and drop the payload. (Trojans, viruses and other intermediary malware)
Spread the spam. (database of spam e-mail addresses, database of targeted e-mail accounts, spam bots or spamming services).

Such tools may result in the PyteHole virus being spread as a fake document, which is actually executable or a legitimate document that is combined with a malicious macro. Such are openly sent In .zip, .rar or other archives to victims. In addition to this, the e-mails may also be sent to include a deceiving messages that these files are actually payment receipts or other types of important files.

Other deceptive methods by which you may have become infected by this ransomware infection are the usage of fake updates, torrents with malicious files in them, such as malicious keygens and many other fraudulent executables uploaded online.

.adr File Virus – Infection Activity

Once a victim of the PyteHole .adr ransomware variant opens the infection file, the virus may connect to one of the following hosts:

  • 37.9.175.3
  • 88.221.14.137

Fromthere, the payload of PyteHole, which consists of an executable file, named pyte-hole.exe plus other files, may be dropped on in the following Windows Directories:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalLow%
  • %SystemDrive%
  • %Windows%
  • %System32%

Then, the virus may modify the Windows Registry editor in order to make the malicious pyte-hole.exe executable run on system start-up and hence begin to encrypt your files:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In addition to this, the PyteHole .adr virus may also delete any shadow volume copies and backups, by utilizing malicious code to run the following Windows Command prompt commands without the victim noticing:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

PyteHole .adr Ransomware – Encryption Process

The process of encrypting files that have been targeted by the PyteHole virus includes targeting files that are widely used. But the virus carefully skips files in important Windows folders, so that it won’t damage the operating system. Among the encrypted files may be the following:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com

Once the encryption process has completed, the PyteHole virus may append the .adr file extension to the encrypted files:

Remove .adr (PyteHole) Virus and Get Your Data Back

In order to fully erase this ransomware infection, one should follow the removal instructions underneath. They are specifically designed to first isolate PyteHole virus and then hunt down the files. For maximum effectiveness, malware researchers strongly advise downloading an advanced anti-malware tool before going into Safe Mode. It will automatically detect and remove all PyteHole ransomware associated files and protect your PC in the future.

In case you are looking for a way to restore the files that have been encrypted by this virus, we strongly advise you to focus on alternative methods, like the ones in step “2. Restore files encrypted by .adr Virus” below.

Note! Your computer system may be affected by .adr Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .adr Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .adr Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .adr Virus files and objects
2. Find files created by .adr Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .adr Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...