.010001 Files Virus – Remove It and Restore Data

.010001 Files Virus – Remove It and Restore Data

This article has been created with the main idea to help users by showing what is the .010001 files virus and it can be safely removed.

A new form of ransomware infection, carrying around the .010001 file extension has been reported to be infecting users on a massive scale. The ransomware virus appends the .010001 file extension to the files of victims and they become no longer able to be opened. The ransomware then drops a ransom note file which extorts victims to pay BitCoin or other cryptocurrencies for the hackers to recover their files. If your PC has been infected by the .010001 ransomware, we recommend that you read this article as it aims to help you remove this ransomware virus and shows you alternative ways by which you can try and restore encrypted files.

Threat Summary

Name.010001 Files Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on the infected computers and then extort victims to pay ransom to get the encyrpted files to work again
SymptomsThe files on the user’s PC are encrypted and the file extension .010001 is appended to them.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .010001 Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .010001 Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.010001 Files Virus – Distribution

The main method of distribution that is used by the .010001 variant of this ransomware has been reported to be conducted via e-mail spam messages. This malicious spam may include the infection file of this virus to be uploaded as attachment and to pretend to be a legitimate type of file, like:

  • An invoice.
  • Order receipt.
  • Banking document.
  • Important document.

In addition to this, the ransomware virus may also be spread by having it’s malicious files to be uploaded on websites, where they may pretend to be seemingly legitimate files, such as:

  • Cracks.
  • Patches.
  • Activation software.
  • Portable versions of programs.

.010001 Ransomware – Activity Report

Once an infection has occurred, the .010001 ransomware may drop it’s malicious files under different names In the commonly targeted windows directories, such as:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalLow%
  • %Temp%

Once this is done, the ransomware virus may also drop it’s ransom note in a way so that you can not miss it. The ransom note is in a text file and it’s contents are the following:

ATTENTION!!!! Your personal files are encrypted!

To recover the files, you must:

* Send 500$ to the wallet 123PyVpWMSFW6V2qVyywRz7zhEo3K82M8K
* Send email to “jduy3jd87dhs@grr.la” indicating the reference “11111111111111110000000011110001” when you have paid.
* We will send a decryption program to recover your files.
* Make a backup of this file.


– How do I buy digital currency with a credit or debit card in the US?

– How do I send digital currency to another wallet?

– How to Buy Bitcoin on Coinbase, Step by Step

– Google

After the .010001 files virus drops it’s ransom note, the malware may also begin modifying the Windows Registry Editor. This is achievable by adding registry entries In the following Windows registry sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In addition to this, the .010001 ransomware is the type of virus which may also delete the shadow copies of the infected machine, so that it mimizes any possibility of the victim recovering their files via backup. This is usually done by executing the following commands as administrator on victim machines:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

.010001 Files Virus – Encryption

In order for it to encrypt the files of victims, the .010001 files virus may use advanced encryption mechanisms. The malware may irst scan for the files it wants to encrypt. Then, it may encrypt files that have the following file extensions:


The encrypted files can no longer be opened and usually contain the following extension:

Remove .010001 Files Virus and Try Restoring Files

Before beginning the removal process of this ransomware infection, we recommend that you backup your files.

If you want to remove the .010001 files virus, we strongly recommend that you follow the removal instructions underneath. They are divided in manual and automatic removal instructions. The main idea behind those is to get users to remove the virus based on their capability. Be advised that the most effective way of removing ransomware viruses is to scan your PC with an advanced anti-malware software. Such tool aims to scan your computer and make sure that all of the malicious files are automatically removed from it.

If you want to restore files, encrypted by .010001 files virus, we recommend that you follow the “Restore files” instructions underneath this article. They have been created with the main idea to help you recover as many encrypted files as possible, even though they may not be 100% effective.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share