.MERRY File Virus (Remove and Restore Files) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

.MERRY File Virus (Remove and Restore Files)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Merry X-Mas and other threats.
Threats such as Merry X-Mas may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Article, created to show how to remove Merry Christmas ransomware and restore .MERRY files encrypted by the malware.

A ransomware virus, detected in mid-January, named Merry Christmas has been reported by malware researchers to use a very sophisticated techniques to operate, infect and encrypt files of compromised computers. This ransomware threat may use a advanced encryption ciphers to encode the data on the computers it attacks, making the files no longer able to be opened. To give the victim access back to the files, .MERRY Virus demands a payment from a well-designed ransom note page. If you have become infected by the Merry Christmas virus, we suggest reading the following material.

UPDATE! Decryption is now available for the .MERRY file extension ransomware.Please try decrypting your files using the following instructions from the related article below:

Threat Summary

NameMerry X-Mas
TypeRansomware Virus
Short DescriptionThis variant of Merry X-Mas virus encrypts files with strong encryption and asks a hefty ransom of .MERRY to be paid to the crooks to get the files back.
SymptomsEncrypted files will have the ..MERRY extension appended to them. Also adds a ransom note, named MERRY_I_LOVE_YOU_BRUCE.HTA and changes the wallpaper with a Robot-santa.
Distribution MethodSpammed e-mail attachments, URLs, JavaScript or Exploit Kit files posted all over the web.
Detection Tool See If Your System Has Been Affected by Merry X-Mas

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Merry X-Mas.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.MERRY Virus – Further Information

This virus has been deemed to be from the file encryption type. It aims to infect the user in multiple ways and then modify Windows to allow the encoding process to take place.

Infection Methods of Merry Christmas .MERRY Ransomware

In order to cause an infection that is successful, good deception Is required, because most users already have had experience with ransomware and other malware and how it infects. This is why the ones behind .MERRY use different methods and techniques to cause an infection. One of those is to make up different phishing e-mails on which the crooks pretend to be a legitimate organization have worked on a request and this is the reworked file. Ofcourse, this is just one example of the spam, distributed by .MERRY ransomware. These e-mails may contain an .hta file in a .zip archive which is the one that is causing the actual infection.

This file appears to be heavily obfuscated, due to the fact that average antivirus programs tend to skip rendering it as an actual malicious file. This means that the virus uses an expensive obfuscation software which conceals it’s actual identification of being malicious.

One of those tools is a similar exploit kit that is very expensive and not sold to just any random hacker. This replication malware is usually a more sophisticated version than the average ones sold on the deep web.

.MERRY X-Mas Ransomware- Infection Activity

As soon as the malicious file has been opened, it immediately introduces itself by adding it’s distinctive ransom note, which is not only a note, but a whole system, containing different aspects of “customer support” to the victims as shown below:

But this is not where the terror caused by the .MERRY file virus ends. The ransomware also appends a unique file extension to the encrypted files. The files which have been encrypted by this ransomware virus appear like the following:

This is primarily because .MERRY ransomware appends a sophisticated encryption algorithm which actually replaces bytes of information of those files. These bytes are enough to make the files unable to be opened again.

The types of files which this iteration of .MERRY ransomware hunts for are of various character, but one thing is in common – they are often used. These files include:

  • Documents.
  • Photos.
  • Music and other audio.
  • Videos.
  • Other files associated with often used Software.

.MERRY file ransomware is very careful not to encrypt the system Windows folders crucial to the working process of the OS, since this might damage it.

The .MERRY file virus also drops a ransom note, named MERRY_I_LOVE_YOU_BRUCE.HTA which has the following content:

ALL COMPUTER DATA ENCRYPTED
TIME AFTER ALL FILES WILL BE DELETED
YOUR ID
NOW YOU NEED TO PAY TO RECOVER YOUR DATA
AFTER MONEY TRANSFER YOU WILL RECIEVE THE DECRYPTOR
CONTACTS
TELEGRAM @comodosecunty
EMAIL [email protected]
Any attempts to return your files with the third-party tools can be fatal for your encrypted files! The most part of the third-party software change data within the encrypted file to restore it but this causes damage to the files.
Finally it will be impossible to decrypt your files! There are several plain steps to restore your files but if you do not follow them we will not be able to help you!

The primary goal of this ransom note is to scare off the user and give him or her instructions on how to pay the .MERRY file virus’s ransom which is in BTC.

In addition to this, the .MERRY ransomware virus does not fool around when it comes to “not getting your files back”. The virus may actually delete the shadow volume copies of the infected computer, by using the privileged vssadmin command in Windows command prompt.

After this has been completed, the virus may either have modified the Windows Registry Editor to add custom keys in the Run or RunOnce registry sub-keys or may have dropped files in the %Startup% folder of Windows. These files may run on System Startup every time.

Remove .MERRY File Virus and Get Your Files Back

In case your computer has become infected by the MERRY ransomware virus, there is one thing that you should not do and that is to pay the ransom. The primary reasons for that is paying the ransom may not result in getting the files back and supporting cyber-crooks to spread .MERRY ransomware further is not a good idea in general. This is why the removal of this virus is strongly suggestible.

An effective method to remove the .MERRY file virus from your computer is to follow the specific removal instructions we have designed for you below. They will make sure that you will be able to safely locate and remove the files from your computer. If you do not have experience in how to manually locate all the registry entries and modified as well as touched objects in key Windows directories of the virus, security experts always advise using an advanced anti-malware tool for the removal process. The usage of such tools not only ensures full removal of all objects but also protects your computer in the future.

After already having remove the .MERRY file ransomware from your computer, we urge you to focus on getting the files back the hard way and that is to use other alternative tools. We have suggested several of those in step “2. Restore files encrypted by .MERRY Virus” below. Bear in mind, however that the tools are not 100% effective and if you try other decryptors for other viruses they may further scramble your encrypted files. So doing a backup of the encrypted files is also a necessity.

Note! Your computer system may be affected by Merry X-Mas and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Merry X-Mas.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Merry X-Mas follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Merry X-Mas files and objects
2. Find files created by Merry X-Mas on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Merry X-Mas

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...