.jundmd@cock.li!! Files Virus - How to Remove It
THREAT REMOVAL

.jundmd@cock.li!! Files Virus – How to Remove It

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

This blog post has been created with the main purpose to explain how you can remove the .jundmd@cock.li!! file extension ransomware and how to try and restore encrypted files.

Yet another ransomware variant was recently spotted by malware researcher Petrovic. The virus uses the .jundmd@cock.li!! file extension which is appended to the encrypted files. The malware is from the cryptovirus type meaning that it is aimed at extorting victims by locking their files via encryption. The outcome of this is inability to open the files unless their file structure is decrypted for which the criminals want a ransom payment. If your comptuer was infected by the .jundmd@cock.li!! files virus, we suggest that you read this article.

Threat Summary

Name.jundmd@cock.li!! Ransomware
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on the compromised computer and then ask victims to pay ransom in order to get them restored.
SymptomsFiles have the .jundmd@cock.li!! file extension added to them.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .jundmd@cock.li!! Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .jundmd@cock.li!! Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.jundmd@cock.li!! Ransomware – Infection

For the .jundmd@cock.li!! files virus to infect computers, the virus may be spread via multiple different and deceitful ways. The main one of those is to be replicated as a result of being uploaded online. Usually most ransomware viruses, like .jundmd@cock.li!! tend to stay hidden as different types of files often sought for download by the average user, like:

  • Software cracks.
  • Activators.
  • Key generators.
  • Torrents.
  • Portable versions of programs.

In addition to this, the .jundmd@cock.li!! ransomware may also come as an e-mail attachment, the main purpose of which could be to trick victims that it is an important file, like an invoice, recipe or a letter from their own bank.

.jundmd@cock.li!! Ransomware – More Information

As soon as it has infected your computer, the .jundmd@cock.li!! ransomware may drop files in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

After doing that, the .jundmd@cock.li!! ransomware virus may create multiple different types of files on the computers of victims. They are called modules and via these files, the .jundmd@cock.li!! ransomware may perform the following actions:

  • Create mutexes.
  • Modify Windows Registries.
  • Obtain permissions.
  • Obtain system information.

To modify the registry editor, the .jundmd@cock.li!! ransomware virus may create various types of value entries in the following Windows registry sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In addition to this, the .jundmd@cock.li!! files virus may delete the shadow volume copies of the infected machine via the following commands:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

.jundmd@cock.li!! Ransowmare – Encryption Process

To encrypt files, the .jundmd@cock.li!! ransomware may first scan for them, based on their file extensions and types. The malware is very clever as it skips encrypting data, located in system folders so you can still use your PC, but other than that it may look for documents, video files, images and other file types outside them. The extensions it scans for are the most commonly used ones, for instance:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

To encrypt the files, the .jundmd@cock.li!! ransomware may encipher portion of their data, using an encryption algorithm, like Salsa20, RSA or AES. The files are left behind, looking like the image below shows:

Remove .jundmd@cock.li!! Files Virus and Try Restoring Files

If you want to remove the .jundmd@cock.li!! files virus, we would suggest that you follow the removal instructions that are underneath this article. They have been created with the main idea to assist you in removing the malicious files of this virus either manually or automatically. In addition to this, the jundmd@cock.li!! file ransomware is the type of malware that has been created to remain persistent and it’s removal may be tricky. This is the main reason why researchers believe the most effective removal method is to use an advanced anti-malware software. It aims to automatically scan for and remove all files that are related to jundmd@cock.li!! ransomware and protect your PC against such threats in the future as well.

If you want to restore files, encrypted by the jundmd@cock.li!! files virus, we would suggest that you try the alternative methods underneath this article. They may not work for you at a 100% rate, but with their help, you might be able to recover some of your data.

Avatar

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...