.dcry File Virus Remove and Restore Files - How to, Technology and PC Security Forum | SensorsTechForum.com

.dcry File Virus Remove and Restore Files

This article has been created to help you remove the .dcry file ransomware and restore encrypted files on your computer.

A ransomware virus, carrying the file extension .dcry has been reported by malware researchers. The ransomware uses advanced encryption to infect the files on your computer and make them no longer able to be opened. The virus then leaves behind a brief ransom note, named HOW_TO_DECRYPT.txt. This ransom note aims to convince the victims into e-mailing [email protected] This is done most likely to get victims to pay a hefty ransom fee as a price for decrypting their files. If your computer has been infected by the .dcry file ransomware, we recommend that you read this article carefully.

Threat Summary

Name.dcry file virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the infected computer. Demands ransom payoff in BitCoin. The ransom varies.
SymptomsThe files are encrypted with the .dcry file extension added to them. The virus drops a ransom note, named HOW_TO_DECRYPT.txt.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .dcry file virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .dcry file virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Did I Get Infected With .dcry File Virus

The .dcry virus may be distributed in the wild via multiple methods. The primarily suspected method by which .dcry ransomware can get in your computer, is if the virus pretends to be a receipt, invoice or other legitimate document that is sent to you via e-mail. The cyber-criminals often pose as PayPal, FedEx, DHL or a banking institution in such spam mails and the more advanced ones even include your name in the e-mail to increase legitimacy. The e-mail attachment that infects computers with the payload of .dcry file virus is usually either a direct executable (.exe), a JavaScript (.js) file or a Microsoft Word document with malicious macros embedded within it.

Other methods of infection, besides e-mail include:

  • Spreading the ransomware as a fake setup of a free program, like your favorite media player or other.
  • If the virus poses as key generators, cracks or other types of files.
  • If the malware slithers via configured RDP.
  • Via fake updates.
  • %Temp%

The .dcry File Virus – More Information About It

Once your computer is infected with the .dcry file ransomware, you may experience certain system slowdowns while the virus is working and encrypting files. In those brief seconds, the .dcry ransomware performs a number of activities, the first of which is to drop the malicious files of the virus under different names in the usually targeted Windows directories:

After this has been done, the .dcry file virus may execute different types of functions which may cause different modifications in Windows. One of those is to give the .dcry file malware privileges as an administrator. This may allow it to perform a set of activities among which is to delete the backed up files on your computer, also known as shadow copies. This is conducted by executing a command in Windows Command Prompt:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

In addition to this, the .dcry file virus may also tamper with the Windows Registry Editor, more specifically to create registry entries within the following sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

The following keys are specifically targeted primarily because of the fact that the values strings created by the virus within them allow for the malicious files of .dcry to run automatically on Windows start-up.

The .dcry file virus also makes sure the victim notices it’s ransom note, named “HOW_TO_DECRYPT.txt”. The ransom note has a brief but specific message:

“Files has been encrypted.
If you want to decrypt, please, write me to e-mail: [email protected]
Your key: {unique key}”

.dcry File Virus – Encryption Process

The .dcry file virus targets multiple different types of files for encryption. These files are often used documents, image file types, audio files, videos as well as other types of files. If we sum them up, the .dcry virus may encrypt files with the following extensions:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com

After the encryption process has completed, this ransomware virus sets it’s .dcry file extension as a suffix to the files encrypted by it. This makes them appear somewhat like the following:

Remove .dcry File Ransomware and Restore Files

For the removal process of the .dcry ransomware we recommend that you follow the removal instructions below. They are specifically designed to help you remove the malicious files of this ransomware virus either manually or automatically. Since, .dcry may make multiple modifications to Windows system files as well, security experts recommend using ransomware-specific anti-malware software to automatically scan for and remove the malicious files of this virus.

If you want to restore files that have been encrypted by the .dcry ransomware infection, we recommend you to focus on alternative methods for file recovery such as the ones we have suggested in step “2. Restore files encrypted by .dcry file virus” below. They are in no way 100% guaranteed to recover your files, but may restore at least some of them.

Manually delete .dcry file virus from Windows and your browser

Note! Substantial notification about the .dcry file virus threat: Manual removal of .dcry file virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Remove or Uninstall .dcry file virus in Windows
2. Remove .dcry file virus from Your Browser and Your Registry Editor

Automatically remove .dcry file virus by downloading an advanced anti-malware program

1. Remove .dcry file virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .dcry file virus
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...