Remove “ABOUT FILES!” error_ Ransomware and Restore Files - How to, Technology and PC Security Forum |

Remove “ABOUT FILES!” error_ Ransomware and Restore Files

An “ABOUT FILES!” (*.txt) ransom message has been detected in the wild. If the file is located in all directories on a system and an error_ is added to files with various extensions, then the PC have been attacked by ransomware. The message reads that the victim’s files have been encrypted by the AES and RSA encryption algorithms, and a private RSA key is needed to decrypt the data. It is also noted that an “error_” is added to the names of all ‘crypted’ files. The cyber crooks then suggest buying their decryptor so that the user’s data is restored.

Download a System Scanner, to See If Your System Has Been Affected By “ABOUT FILES!” error_.

However, paying the asked $230 in 3 bitcoins does not guarantee files will be safely restored. The best measure against ransomware is having crucial data previously stored on an external memory device or via a cloud service. Also, keep in mind that there has been a tangible increase in Cryptowall 3.0 attacks.ABOUT_FILES!

“ABOUT FILES!” *.txt Ransom Message Distribution

There is no particular information on how users have been contaminated with the file encryption threat. Nonetheless, there are several known distribution paths ransomware employs. It is also important to note that ransomware attacks both personal and business computers. When it first appeared on the malware scene, ransomware was spread across computers via malicious emails. Recently, the old method has been improved, thus increasing the effectiveness of the infection.

‘Drive-by ransomware’ is downloaded to the computer after visiting a compromised website. Cyber criminals tend to send infectious emails in the attempt to lure users into visiting their suspicious websites. To make the whole process more believable, crooks usually masquerade their emails so that they do not appear suspicious to the recipients.

“ABOUT FILES!” *.txt Ransomware Description

As previous stated, cyber crooks have revealed their methods in the displayed text file. The message starts with a ‘friendly’ remark, then explaining how the victim’s files have been encrypted via the AES and RSA encryption algorithms. Once the payment in 3 bitcoins has been done, the crooks promise to decrypt the “error_” files in several, to 24 hours. What may appear interesting is that at the end of the message, the criminals claim they do not want to destroy the victim’s files because they just need some money.

As visible, the ransom message is written in English. However, grammatical mistakes are present, meaning that a non-native speaker has written it. STF researchers remind that ransomware attacks originate from Russia, even though such online extortion schemes have reached an international level.

“ABOUT FILES!” *.txt Removal and Prevention

The FBI has created a short list suggesting several ways to stay protected against ransomware attacks. The first step towards prevention is having an updated antivirus program, and making sure to keep it intact. Other important measures are:

  • Enabling automated patched for the OS and web browser.
  • Using strong passwords. Every account should have a different password.
  • Downloading freeware from known websites and always reading the EULA.
  • Blocking pop-up windows.
  • Being cautious about email attachments and unsolicited email messages.
  • Not clicking on provided URLs to avoid malicious drive-by downloads.
  • Previously having all essential files backed up.

If affected by “ABOUT FILES!” *.txt, running a full system scan through a valid anti-malware solution is highly advisable. There are also several other steps the user can try, but since more information on the threat is needed, the STF team cannot guarantee their complete effectiveness.

Stage One: Remove CryptoWall 3.0

1. First and most important – download and install a legitimate and trustworthy anti-malware scanner, which will help you run a full system scan and eliminate all threats. donload_now_250
Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool

2. Run a second scan to make sure that there are no malicious software programs running on your PC. For that purpose, it’s recommended to download ESET Online Scanner.

Your PC should be clean now.

Stage Two: Restore the Encrypted Files

Option 1: Best case scenario – You have backed up your data on a regular basis, and now you can use the most recent backup to restore your files.

Option 2: Try to decrypt your files with the help of Kaspersky’s RectorDecryptor.exe and RakhniDecryptor.exe. They might help you in the process but keep in mind that they were not specially designed to encrypt information that was decrypted by this particular ransomware.

Option 3: Shadow Volume Copies

1. Install the Shadow Explorer, which is available with Windows Vista, Windows 7, Windows 8 and Windows XP Service Pack 2.

2. From Shadow Explorer’s drop down menu choose a drive and the latest date you would like to restore information from.

3. Right-click on a random encrypted file or folder then select “Export”. Select a location to restore the content of the selected file or folder.

Remove “ABOUT FILES!” error_ Automatically with Spy Hunter Malware – Removal Tool.

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share