.igza4c Files Virus (EncryptDecrypt)– How to Remove + Restore Files

.igza4c Files Virus (EncryptDecrypt)– How to Remove + Restore Files

This article has been created in order to assist you by showing you how to remove the .igza4c files virus and how to try and restore files, encrypted by EncryptDecrypt Ransomware on your PC.

New ransomware infection, going by the name EncryptDecrypt ransomware has been reported to use the file extension .iGZa4c in order to encrypt the files on the victims computers. The ransomware virus aso drops a ransom note file, which leads to a TOR-based web page, asking the victims to pay 0.5 BTC and giving them 1 week time as a deadline. If your computer has been infected by the EncryptDecrypt ransomware, it is recommended that you read the following article and learn how to remove it and restore .igza4c files encrypted by it.

Threat Summary

Name.igza4c Files Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on the infected computer and extort victims for the sum of 0.5 BitCoins.
SymptomsThe files on the infected computer are encrypted with an added .igza4c file extension.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .igza4c Files Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .igza4c Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.igza4c Files Virus – How Does It Infect

The primary method which the .igza4c files virus uses to be spread online is to be included within spammed e-mail messages in the form of an e-mail that comes from big company. The most often imitated companies are:

  • PayPal.
  • eBay.
  • Amazon.
  • LinkedIn.
  • Facebook.
  • DHL.
  • FedEx.

The e-mails are often designed to describe some type of problem, for example an issue with a specific product order or other types of issues. They may contain either a malicious e-mail attachment or a web link which both if opened may lead to an automated infection steps, that end in the successful infection of your PC.

In addition to this, the .igza4c is the type of ransomware which may also be uploaded online, pretending to be a:

  • Setup of a program.
  • Fake program license activator.
  • Keygen.
  • Patch.
  • Crack.

.igza4c Files Virus – Further Details and Activity

Once your computer becomes infected by the .igza4c files virus, you may immediately notice it. The virus might make your PC to freeze briefly or slow down and become unresponsive at times. This is because the virus performs briefly a series of activities on the compromised computer, such as:

  • Drop it’s malicious payload on the PC’s important directories.
  • Copy itself to other folders in case it’s main files are detected and deleted.
  • Create mutants.
  • Touch important system files.
  • Add registry entries in the Windows Registry Editor.
  • Delete system backups.

The files of the “EncryptDecrypt” ransomware are dropped immediately after infection by either being extracted or if they are being downloaded from the C&C (command and control) server. They may reside in multiple places on the victim’s computer, but the main one of those are believed to be the following Windows folders:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

Among the files dropped on the victim’s computer, the EncryptDecrypt ransomware virus may also drop it’s ransom note file, which contains a random name and ends in “-info.html”. The file has the following message to victims:

The message also leads to a web page in .php in the TOR browser, which has the following instructions for victims:

Text from image:

“iGZa4C2015win Enc ryptDecrypt
What’s wrong with my files?
Sorry, but your important files are encrypted
Many of your documents. photos. videos. databast and other files are no longer accessible because they have been encrypted.
Nobody can recover your files without our decryption service.
WE GUARANTEE THAT YOU CAN RECOVER ALL YOUR FILES SAFELY AND EASILY.

To make sure that all this works properly, you have the opportunity to try our service for FREE!
You can DECRYPT ONLY ONE file for FREE, but If you want to decrypt ALL your files, you need to PAY.
Afier a FREE successful decryption GAME BEGINS!
The GAME is very simple, If you don’t pay 0.5 BTC in 7 days. you won’t be able to recover your files FOREVER!!! 3:D”

In addition to this, the .igza4c may also delete the shadow volume copies on the computers infected by it. This may be conducted shortly after the virus executes the following commands in Windows command prompt as an administrator:

process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

.igza4c Files Virus – Encryption Process

For the encryption of files, the .igza4c ransomware infection may perform various different types of activities on the victim’s computer. The virus may firstly scan for specific types of files, while carefully excluding different types of system files and folders, so that Windows can still function. The malware may aim for the following file types:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

After encrypting the files, the ransomware adds the .igza4c file extension to them as reported by researcher Michael Gillespie, but the virus may also use other randomly generated file extensions of the same type as well. After encryption, the files may appear like the following:

Remove iGZa4C2015win EncryptDecrypt Ransomware and Restore .igza4c Files

In order to remove this ransomware infection completely from your computer system, reccomendations are to follow the removal instructions underneath this article. They are carefully divided in manual as well as automatic removal instructions and their end goal is to help you based on your malware removal experience. Be advised that for maximum effectiveness, security experts strongly recommend downloading an advanced anti-malware software to scan your computer with it.

After doing so, it is also advisable to try th alternative file recovery methods in step “2. Restore files ecrypted by .igza4c Files Virus” below. They may not be a 100% solution to your problem, but may help you in the recovery of most of your encrypted files.

Manually delete .igza4c Files Virus from your computer

Note! Substantial notification about the .igza4c Files Virus threat: Manual removal of .igza4c Files Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .igza4c Files Virus files and objects
2.Find malicious files created by .igza4c Files Virus on your PC

Automatically remove .igza4c Files Virus by downloading an advanced anti-malware program

1. Remove .igza4c Files Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .igza4c Files Virus
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...