.LoveYou File Virus (Remove + Restore Files) - How to, Technology and PC Security Forum | SensorsTechForum.com

.LoveYou File Virus (Remove + Restore Files)

This article should be able to help you remove J-Ransomware virus (J-Ransomware.exe) and show how to try and restore .LoveYou encrypted files without paying the ransom.

A new ransomware infection utilizing the AES encryption algorithm has been detected, malware researchers say. The virus is dubbed J-Ransomware, because of the malicious executable used by it. The ransomware also adds the .LoveYou file suffix to the files encrypted by it and the files themselves become no longer able to be opened. Once the .LoveYou file virus has already infected a computer, it drops a ransom note, named ReadMe.txt. It aims to convince victims into paying a hefty ransom fee to get the files decrypted back to their working state again. If your computer has been infected by the .LoveYou file virus, we advise you to read this article thoroughly.

Threat Summary


.LoveYou File Virus

Short DescriptionEncrypts the files on the computers infected by it demanding a ransom payoff to be made to get them back.

SymptomsFiles are encrypted with the .LoveYou file extension added as their suffix and a ransom note, named ReadMe.txt is dropped on the victim PC.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by .LoveYou File Virus


Malware Removal Tool

User ExperienceJoin our forum to Discuss .LoveYou File Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Did I Get Infected With .LoveYou File Virus

The infection process of the .LoveYou ransomware virus may only appear to be very simple, but it actually includes multiple different types of software that may be used to slither the malicious files of the virus onto your computer without you noticing it:

  • Malware obfuscators to conceal the malicious files from any average AntiVirus software.
  • Web-injectors that can infect your computer automatically after you have clicked on a malicious web link.
  • Fake system updates which only pretend to patch yoru PC, while in fact, they are downloading the payload files off .LoveYou file virus.
  • Fake setups that pretend to be the free program that you have been searching for to download and install for free online.
  • Documents that contain malicious macros and infect your computer after you click on the “ Enable Content” button. Such are usually spread as fake invoices, receipts and other types of seemingly legitimate documents added as e-mail attachments in spam mails.

Once you open the malicious objects, the J-Ransomware virus immediately establishes a connection to the following host:

→ hxxp://jackspam(dot)esy(dot)es/public_html/ransomware.php

After connecting there, the virus immediately downloads it’s payload file, named J-Ransomware.exe, as reported in VirusTotal:

.LoveYou J-Ransomware – Malicious Activity

Once the ransomware virus has infected a targeted computer system, it may immediately insert various different types of functions in Windows. Some of them may interfere with Windows system processes to gain the virus Read and Write (administrative) privileges. Once there, the .LoveYou file virus may perform a set of activities.

One of those activities .LoveYou file virus may be involved with is the creation of registry entries in the following Windows Registry Editor sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

After this has completed, the .LoveYou file virus may also delete the backups and shadow volume copies on your computer. This is achieved by executing multiple different commands in Windows Command Prompt:

→ vssadmin delete shadows /all /quiet
wmic shadowcopy delete
bcdedit /set boostatuspolicy ignoreallfailures
bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

After this has been done, the malware may also force restart the computer so that it can begin the encryption procedure.

J-Ransomware – Encryption Process

The files that are targeted for encryption by this ransomware infection may be of the following types:


As soon as the .LoveYou file virus detects that some of the file types It has been pre-configured to encrypt are present, the ransomware infection immediately attacks those files and alters their structure with the aid of the AES encryption algorithm. After the encryption process has completed, the .LoveYou file virus adds it’s distinctive file extension to the encrypted files, making them look like the following:

Remove J-Ransomware and Restore .LoveYou Encrypted Files

For the removal process of this ransomware infection, malware researchers recommend to backup your files, just in case, despite them being encyrpted. Then, it is strongly advisable to follow the removal instructions below. They are specifically designed to help you get rid of .LoveYou ransomware either manually or automatically. Since this ransomware virus may create various different files that may tamper with key Windows processes, manual removal may be a risky process. Security experts often advise to use an advanced anti-malware tool that is ransomware-oriented in order to perform the removal automatically and protect your system in the future.

If you are interested in restoring your files in the event that they are encrypted by this virus, recommendations are to try the alternative methods for file recovery in step “2. Restore files encrypted by .LoveYou file virus” below. They are in no way 100% guarantee to recover all your files, but with their aid, you may restore at least some of the data.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share