.BDKR Files Virus – How to Remove and Restore Your Data

.BDKR Files Virus – How to Remove and Restore Your Data

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article has been created with the main goal to help you by showing you how you can remove the .BDKR files virus from your computer and how you can recover encrypted files.

The .BDKR files virus is the type of ransomware, whose main goal is to encrypt the files on the computers of victims and then demand a ransom to be paid in order to restore encrypted files. In addition to this, the ransomware virus also aims to manipulate users into paying the ransom to the cyber-criminals so that they can use their files again. If your computer has been infected by the .BDKR files virus, we suggest that you read this article.

Threat Summary

Name.BDKR Ransomware
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on your computer and then extort you into paying ransom to get them to work again.
SymptomsFiles are encrypted with the added .BDKR file extension to them. A ransom note, called How To Restore Files.txt.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .BDKR Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .BDKR Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.BDKR Files Virus – Distributionh2>

Ransomware viruses, like the .BDKR files virus often tend to spread by different means. One of the most often used strategies of replication are spammed e-mail messages that contain the infection file, posing as a legitimate document. Such files may often be:

  • Invoices.
  • Receipts.
  • Order confirmation.
  • Warranty forms.

The e-mails often stress the importance of the orders themselves and often contain convincing statements. The crooks also tend to imitate legitimate companies, like PayPal, eBay and other big names with the purpose to increase users’ trust in the virus.

Furthermore, in addition to via e-mail, the ransomware virus may also replicate by being uploaded online, posing as some sort of program. The most often programs imitated by ransomware viruses, like the .BDKR one are:

  • Portable versions of software.
  • Cracks.
  • Patches.
  • Software license activators.
  • Online search results.

.BDKR Ransomware – Analysis

The .BDKR ransomware virus drops it’s main payload file upon infection. According to latest VirusTotal reports, it has the following identificators:

→ SHA-256:539b0b5d54757e8a2b754ecdc2939eb7cf9db0ed1728e0eca407500222668505

After the files of .BDKR ransomware are already dropped on the computer of the victim, the ransomware virus also drops it’s ransom note file, called How To Restore Files.txt:

Important !!!
Your personal id – {ID}
Warning: all your files are infected with an unknown virus.
To decrypt you need to contact at big_decryptor@aol.com.
The decoder card is received by bitcoin.
You can buy bitcoins from the following links ://blockchain.info/wallet
Do not try to restore files your self, this will lead to the loss of files forever
You can send us 2-3 encoded files.
And attach for testing, we will return them to you for FREE

Furthermore, the .BDKR ransomware virus may also modify the following Windows Registry sub-keys by adding registry values within them, the outcome of which is to set the executable of the virus to run automatically when you boot your Windows:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In addition to this, the ransomware may also delete the shadow volume copies on the computer by executing the following commands as an administrator:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

.BDKR Files Virus – Encryption Process

In order to encrypt the files on the compromised machine, the .BDKR files virus may first scan for them and locate them based on their file extensions. The most often used files are believed to be the following:


The ransomware virus is also clever enough to skip encrypting files in the drivers and Windows directories which could damage your OS, so that you can still use your PC to pay the ransom. After encryption has completed, the files on the infected machine may start to appear with the .BDKR file extension added to them:

Remove .BDKR Ransomware and Restore Encrypted Files

If you want to remove the .BDKR ransomware virus, we suggest that you try and use the manual or the automatic removal instructions below. If manual removal does not work, we recommend attempting what most experts advise doing and that is to remove this virus automatically with the aid of an advanced anti-malware program. Such tool will scan your PC and try to fully eliminate all files and objects, that are used by the .BDKR ransomware to secure it and also ensure that it’s protected in the future, too.

If you want to restore files, encrypted by this ransomware virus, we strongly suggest that you try the alternative tools for file recovery underneath in step “2. Restore files, encrypted by .BDKR ransomware”. They will help you to try and restore as many files, encoded by this virus as it is possibe via those means with no 100% guarantee you will be able to restore all your files.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share