.Loveransisgood Files Virus – Remove and Restore Encrypted Files

.Loveransisgood Files Virus – Remove and Restore Encrypted Files

This article aims to help you remove the .loveransisgood ransomware virus from your computer and restore files that have been encrypted by this SamSam variant without having to pay the ransom.

SamSam ransomware viruses have been coming out in new variants every week and .loveransisgood files virus is no exception. The virus is from the file encryption type, meaning that it uses an encryption algorithm to encrypt the files on your computer and then extort you into paying the ransom. Read this article to learn how to remove .loveransisgood ransomware and restore the files that have been encoded by it on your computer.

Threat Summary

Name.loveransisgood Virus
TypeRansomware, Cryptovirus
Short DescriptionPart of the SamSam ransomware family. Encrypts the files on your computer and demands a ransom to be paid in BitCoin to get them back.
SymptomsThe files are appended .loveransisgood file extension and can no longer be opened. A ransom note may appear as an .html file somewhere on your desktop.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .loveransisgood Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .loveransisgood Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Loveransisgood Ransomware – Distribution

For this virus to be widespread, it may use different methods which cause the infection itself. The main method used by it is via spammed e-mail messages. Such messages often contain either malicious web links embedded within them or spammed e-mail attachments that pretend to be legitimate types of files. Such messages often pose as:

  • Banking statements of suspicious activity on your bank account.
  • Fake PayPal invoices.
  • Fake receipts from online retailers, like eBay, Amazon, etc.

Besides via spammed e-mails, .Loveransisgood may also be replicated via other methods, like being disguised as a fake program setup, software activator, game patch or crackfix for such.

.Loveransisgood Ransomware – More Information

Once an infection with .loveransisgood ransomware takes place, the virus drops two malicious files on the victim’s computer. They have been reported to be .exe types of files with different names:

  • {random name}{number}.exe
  • {random name}.exe

Besides these files, other files may also be dropped on the victim’s computer, more specifically in the following Windows folders:

  • %AppData%
  • %Local%
  • %Roaming%
  • %LocalLow%
  • %Temp%

After these files have already been dropped on the victim’s computer, the malware may delete the shadow volume copies of the infected computer by executing the vssadmin command as an administrator in Windows Command Prompt:

→ vssadmin delete shadows /for={DrivePartition} [/oldest | /all | /shadow={Identification of the shadow copies}] [/quiet]

After having done this, the .loveransisgood may also modify the Run and RunOnce Windows registry sub-keys, adding values in them with data that points to the location of the malicious files which cause the encryption. The sub-keys have the following location:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

.Loveransisgood Ransomware – Encryption Process

In order to encrypt files on your computer, this variant of SamSam ransomware scans for them and then uses encryption to alter data from the original files with scrambled data. The .Loveransisgood ransomware does not encrypt the entire files, instead it encrypts the . It looks for specific files to encrypt, while excluding the important Windows files which may damage your OS. The files which SamSam’s .loveransisgood variant may scan for are usually videos, documents, archives, audio files, pictures and other often used types of files. The virus does the scanning process by looking for the files, based on a file extension list of commonly used types of files, for example:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

After the encryption process has completed, the files have the following appearance:

Remove SamSam Ransomware and Restore .loveransisgood Encrypted Files

In order to remove this ransomware completely from your computer, we recommend that you follow the removal instructions below. They are created to help remove all the files and objects created by .loveransisgood file virus on your computer. If manual removal is a difficulty for you, it is advisable to remove .loveransisgood files ransomware using an advanced anti-malware scanner, which will fully and automatically take care of the removal for you and protect your PC against future infections as well.

Furthermore, if you want to restore files that have been encrypted by this ransomware on your computer, you can try the alternative methods for file recovery below in step “2. Restore files encrypted by .loveransisgood Virus”. They are specifically created to help restore as many files as possible without paying any ransom.

Manually delete .loveransisgood Virus from your computer

Note! Substantial notification about the .loveransisgood Virus threat: Manual removal of .loveransisgood Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .loveransisgood Virus files and objects
2.Find malicious files created by .loveransisgood Virus on your PC

Automatically remove .loveransisgood Virus by downloading an advanced anti-malware program

1. Remove .loveransisgood Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .loveransisgood Virus
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...