Acton Virus Files – How to Remove It (Phobos)
THREAT REMOVAL

Acton Virus Files – How to Remove It (Phobos)

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

What is ACTON ransomware? What are .Acton Files? How to remove .Acton virus from your computer? How to try and restore .Acton files?

ACTON is a ransomware virus that is a variant of Phobos ransomware. It’s primary purpose is to encrypt the files on your computer and then hold them hostage until you pay ransom to get the files to work again. The ransomware may use AES encryption mode on the files and then adds a unique ID plus the extension .Acton to the encrypted files. The ransomware’s main purpose is for you to pay BitCoin in order to get your files back. Read this article in order to understand how you can remove the .Acton virus from your computer and how you can try and get back .Acton encrypted files.

Threat Summary

Name.Acton Virus
TypeRansomware, Cryptovirus
Short DescriptionVariant of the Phobos virus. Aims to encrypt files and then ask victims to pay ransom in order to get the files to work again.
SymptomsFiles are encrypted and have the id[UNIQUE ID].[datadecryption@countermail.com].Acton file extension added to them. A Phobos ransom note is also dropped on the computers of victims.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .Acton Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .Acton Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.Acton Virus – How Did I Get It and What Does It Do?

Similar to other Phobos ransomware variants, like .actor virus, .blend virus or .1500dollars virus, the .Acton virus also aims to spread via multiple different ways. One of them is via e-mail, so you could see the infection file of .Acton virus to be pretending to be a legitimate e-mail attachment, like an invoice, receipt or some other “must see” document. When downloaded and executed, this document infects your computer with the virus. Another way of infection with the .Acton virus is likely done by spreading the malware file by uploading it on compromised software download sites. There, the .Acton virus may pretend to be your average installer .exe, crack, patch, portable program or any other download. Once downloaded and executed, infection with .Acton virus is inevitable.

Once .Acton virus is in your computer, you may immediately notice it, because the virus becomes administrator on your computer and starts to encrypt files. The files that are encrypted by the .Acton virus could be of the following file types:

  • Documents.
  • Videos.
  • Images.
  • Archives.
  • Audio files.
  • Other often used files.

Once the encryption is done, .Acton virus has successfully replaced blocks of data on your files, enough to make them no longer usable. The files then start to look like the following:

After encryption, the .Acton virus may add the following ransom note on your computer:

The note aims to extort you into paying ransom in the form of BitCoin to get the decryption key, which is used to unlock your files. In addition to those actions, the .Acton virus may also do the following activities on your computer once infecting it:

  • Copy and send the MAC and IP address of your computer to the servers of the criminals.
  • Obtain administrator rights.
  • Create registry entires in the Run and RunOnce registry sub-keys of your PC.
  • Create mutexes.
  • Disable your antivirus.
  • Create copies of itself in case you delete it’s original files.

Paying the crooks who are behind the .Acton virus is NOT recommended because you cannot trust these people and the ransom is too high, often in the thousands of dollars. Instead, we recommend that you backup your files and read the removal steps below, that also contain file recovery alternatives.

Remove .Acton Virus and Try Restoring Files

The .Acton virus can be removed manually, if you follow the removal steps down below. They have been made to help you isolate and get rid of the virus. However, for maximum effectiveness and faster removal, we strongly suggest that you get rid of the .Acton virus automatically. This can happen if you download and run a scan with a professional anti-malware program that will safely detect and eliminate all .Acton virus files from your computer.

For the file recovery of the .Acton files, you should first back the files up on a USB or some other drive until a decryptor comes out. A decryptor is a free program that can decrypt your files. We will update this article when researchers create such a decryptor and link it in this post. Until then, you are welcome to try the alternative file recovery methods we have suggested in the steps below. They are not 100% guarantee to restore all the files, but with their aid, you can at least get back some of the data.

Avatar

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...