.DS335 Files Virus – How to Remove and Restore Your Encrypted Files
THREAT REMOVAL

.DS335 Files Virus – How to Remove and Restore Your Encrypted Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .DS335 Virus and other threats.
Threats such as .DS335 Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article has been created in order to help you by showing you how to remove the new hc7 ransomware variant and how to restore .DS335 encrypted files.

New ransomware infection appending the .DS335 file extension to the files it encrypts has been reported to infect victims by malware researchers. In addition to this, the .DS335 files virus also adds a ransom note with demands to pay a ransom to the cyber-criminals who are behind this malware. In the event that your computer has been infected by the .DS335 ransomware, we strongly recommend that you read the following article, explaining how to remove it and how to try and recover your data.

Threat Summary

Name.DS335 Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on the computers that have been infected by it.
SymptomsThe ransomware adds the .DS335 file extension to the files encrypted by it.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .DS335 Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .DS335 Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.DS335 Ransomware – How Does It Infect

The infection process of this ransomware virus may be conducted in multiple different ways, the primary of which is believed to be via e-mail spam messages. Such messages often contain deceptive statements, such as trick the victim into believing that he or she ordered a product online and must see the receipt or may portray the malicious attachment within them to be:

  • Invoice.
  • Receipt.
  • Banking confirmation.
  • Order statement.

The spammed e-mails themselves may appear shady as they often resemble legitimate e-mails coming from companies, for example:

Besides via spammed e-mail messages, this ransomware virus may also infect via other methods, such as pretend to be a legitimate installer of a program or a legitimate key generator, game patch or crack.

DS335 Ransomware – More Information

As soon as the .DS335 ransomware virus has infected a certain computer system, the malware immediately drops it’s payload on the victim’s computer. It usually consists of multiple different files, one sample of which has been detected and uploaded In VirusTotal.com by malware researchers:

In addition to this, the .DS335 ransomware virus may also perform other activities on the computers infected by it, such as delete the shadow volume copies on the infected computer. This can occur if the malware runs commands in the background of the infected computer which are likely the following:

process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

In addition to this, the .DS335 ransomware may also create various different Windows Registry entries on the infected computer, which may reside in the following sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

After doing so, the ransomware virus may also perform other activities on the computer, like drop the README.txt ransom note. It contains the following ransom message:

ALL FILES WERE ENCRYPTED.
TO RESTORE, YOU MUST SEND $700 BTC FOR ONE COMPUTER OR $2000 BTC FOR ALL NETWORK
ADDRESS:{BITCOIN ADDRESS}
ALONG WITH YOUR IDENTITY: {ID NUMBER}
AND A SAMPLE FILE AS PROOF OF DECRYPT
NOT TO TURN OFF YOUR COMPUTER, UNLESS IT WILL BREAK.

.DS335 Files Virus – Encryption

In order to encrypt files on the infected computer, the .DS335 ransomware is configured to scan for the files to encrypt. The malware may look for files that are often used, like the following:

  • Videos.
  • Documents.
  • Audio files.
  • Archives.
  • Virtual Drive files.

After the .DS335 ransomware detects the malicious files which it is looking for, the malware may begin to alter their structure, using an advanced encryption algorithm. This results in the files appearing like the following and being no longer openable:

Remove .DS335 Ransomware and Restore Encrypted Files

In order to fully delete the .DS335 files virus from your computer, we strongly suggest that you focus on the removal instructions down below. They are specifically created to help you remove this ransomware virus either manually or automatically from your computer system. For maximum effectiveness, malware researchers strongly advise victims to remove this ransomware virus automatically, preferably by downloading an advanced anti-malware program which will remove the virus fully and protect your computer against future infections as well.

If you want to try and restore your files, recommendations are to use the alternative methods for file recovery, located down below in step “2. Restore files encrypted by .DS335 Virus”. They may not be 100% effective for the removal, but by using them, there is a good chance that you will be able to restore at least some of your encrypted data.

Note! Your computer system may be affected by .DS335 Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .DS335 Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .DS335 Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .DS335 Virus files and objects
2. Find files created by .DS335 Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .DS335 Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...