.jes Files Virus (Fireeye Ransomware) – Remove It and Restore Data

.jes Files Virus (Fireeye Ransomware) – Remove It and Restore Data

This article has been created with the aid to help you by showing you how you can remove the .jes files virus and how you can restore files, encrypted by the so-called FireEye ransomware.

A new ransomware variant, using the .jes file extension which it adds to the files, encrypted by it has been detected by security researchers. The ransomware aims to append the .jes file extension to the files that have been encrypted by it. The virus then adds the .jes file extension to the files that have been encrypted by it on the victims computers. The ransomware then leaves behind a ransom note, extorting victims to pay a hefty ransom in both BitCoin and ZCash. If your computer has been infected by the .jes files virus, we recommend that you read this article and learn how to remove the .jes files virus from your computer plus how to recover files, encrypted with an added .jes file extension.

Threat Summary

Name.jes Files Virus
TypeRansomware, Cryptovirus
Short DescriptionEncodes the files and asks victim to pay ransom in BitCoin and zCash to get the files to work again.
SymptomsFiles are encrypted with the .jes file extension. A ransom note is shown.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .jes Files Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .jes Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.jes Files Virus – How Does It Spread

The main method of propagation used by .jes files virus is reported by security researchers to be conducted via spammed e-mail messages, whose primary purpose is to get users to download and install a malicious e-mail attachment and open it. These fake attachments usually pose as if they were legitimate types of files, like:

  • Invoices.
  • Receipts.
  • Banking statements.
  • Order confirmations.
  • Suspicious account activity information.

The e-mail messages themselves are usually composed via various different deceptive statements, the most often used of which are reported to be imitating legitimate and big companies, like PayPal, eBay, Amazon, FedEx, DHL and many others.

Besides these methods, other methods and tools may also be used by this ransomware virus, like the malware being uploaded online while pretending to be a legitiamte type of file, like a software setup, a portable version of a program, crack, patch, license activor, key generator or other forms of programs that are often sought after and downloaded.

The main infection file, that is the dropper of the .jes files virus has been reported by malicious software researcher Michael Gillespie to be with the following parameters:

→ SHA-256 – 541ba8d2800cf9044a06b6411e877b769894982c5a0c996832de916515d2e1cc
Name – CrackerSocialNetwork V3.5.exe
Size – 2.17 MB

.jes Files Virus – Analysis

Once an infection with the malicious .exe file has been conducted, the ransomware virus drops it’s payload file. The payload fle of the .jes files virus is a file with the following information:

→ SHA-256 – abab1e140e7dc7291e62094470d38beaaedcc22e36d7cc10047f6242ebafdd1b
Name – BlackRansomwareFireeye.exe
Size – 1.35 MB

Once the malicious file is dropped, it may reside in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%
  • %UserProfile%

After the .exe file is dropped, registry value entries may be created for it in the following Windows sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

After this is done, the ransowmare virus may also drop it’s ransom note on the victim PC. The ransom note has the following information for victims to see:

what is happening?

Nell, Your important files are encrypted by this Ransomware modified by Fireeye.

The documents more importants like photos, videos, databases, and other files are no longer accessible because they have been encrypted.
Maybe you are busy looking for a way to recover your files, but do not waste your time. You will not be able to recover your files without our decryption service.

Is it possible to recover My Files?

Sure. Ne guarantee that you can recover all your files safely and easily. But you have not so enough time. You can decrypt some of your
files for free.Try now by clicking (Decrypt). But if you want to decrypt all your files, you need to pay. You only have 3 days to
submit the payment. After that the price will be doubled. Also, if you don’t pay in 7 days, you won’t be able to recover your files
forever.

How Do I Pay?

Payment is accepted in Bitcoin and ZCash only. For more information, click (About bitcoin). Please check the current price of Bitcoin
and buy some bitcoins. For more information, click (How to buy bitcoins).

And send the correct amount to the address specified in this window. After your payent, click (Check Payment). Once the payment is
checked, you can start decrypting your files immediately.

Contact

If you need our assistance, send a message by clicking (Contact Us). Ne strongly recommend you to not remove this software, and disable
your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!

Furthermore, the .jes files virus may also execute the following commands as an administrator in Windows Command prompt, thus deleting Windows file history:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

.jes Files Virus – Encryption Process

The encryption of this virus is done by first scanning your computer for often used file types like the following:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

After the virus has found the files it is looking for, they are encrypted and the .jes file extension is added, making them appear like the following:

Remove .jes Files Virus and Restore Encrypted Files

To remove this ransomware infection, it is reccomended that you follow the removal instructions that are underneath this article. They have been created with the main goal of helping you delete the malicious files of the virus in a safe manner. Be advised that the preffered way of deleting this ransomware virus is doing it automatically with the aid of an advanced anti-ransomware software, whose main goal is to safely scan your comptuer for the malicious files of the virus and then delete them.

If you want to try and recove as many encrypted files as possible, we recommend that you see the alternative methods for file recovery in step “2. Restore files, encrypted by .jes Files Virus” underneath. They may be able to help you restore some or most of your files, depending on the situation.

Manually delete .jes Files Virus from your computer

Note! Substantial notification about the .jes Files Virus threat: Manual removal of .jes Files Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .jes Files Virus files and objects
2. Find malicious files created by .jes Files Virus on your PC

Automatically remove .jes Files Virus by downloading an advanced anti-malware program

1. Remove .jes Files Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .jes Files Virus
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...