Ad Virus Ransomware (.ad Files) - How to Remove and Restore Data
THREAT REMOVAL

Ad Virus Ransomware (.ad Files) – How to Remove and Restore Data

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

What is Ad Virus? How does Ad Virus work? How to open Ad Virus files? How to remove Ad Virus and try to restore files, encrypted by it?

The Ad Virus is actually a ransomware infection, whose main idea is to make sure that you won’t be able to use your files anymore, until you pay ransom to the cyber-criminals who are behind it. The main idea of this is that your files get blocks of their data replaced with data from the encryption algorithm used by the Ad Virus. The virus then adds its own file extension and drops a ransom note file. This file’s main purpose is to get victims to pay ransom to get your files to be decrypted using the unique decryption key that is generated and held by the crooks. Read this article to learn how to remove Ad Virus from your computer and learn how to recover data encoded by it.

Threat Summary

NameAd Virus
TypeRansomware, Cryptovirus
Short DescriptionA variant of GlobeImposter 2.0 ransomware. Aims to encrypt files and then ad its custom file extension to them,
SymptomsFiles are encrypted with the added .ad file extension and the e-mail gustafkeach@johnpino.com and cannot be opened. The Ad Virus also drops a ransom note file, containing the extortionist message.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Ad Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Ad Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Ad Virus – How Did I Get It and What Does It Do?

The primary method of distribution that is used by the Ad Virus is believed to be either via malicious web links or infection files. If by infection files. The Ad Virus may enter your computer as an e-mail attachment in an e-mail sent via various different types of convincing mail subjects. Such can pretend that you have received an invoice, receipt or a document from your bank.

Not only this, but you may also download various different types of files and objects that you believe are legitimate. They can however prove to be exactly the opposite as these files may turn out to be the virus infection file.

Once you have become infected with the Ad Virus, you may immediately notice it as your files may start to appear with the Ad Virus extension.

The first thing that happens after an infection with the Ad Virus is that the virus files are dropped in the following directories:

  • %AppData%
  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

When this happens, the Ad Virus will then begin to perform the following malicious actions on your computer:

  • Create mutexes.
  • Touch system files.
  • Modify the Run and RunOnce Windows registries.
  • Obtain system information from your computer.
  • Relay information.
  • Obtain rights as an administrator to read and write files.

Similar to other viruses just like it, the Ad Virus, leaves the following ransom note, called “Read_For_Restore_File.html”:

After it has becomes a reality, the Ad Virus begins scanning your computer for different files to encyrpt. Ad Virus carefully skips encrypting files in the default system directories of Windows and instead it begins to encrypt files that have the following file extensions:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

Despite this being the fact, we strongly advise you not to pay any ransom for that matter, because paying means that you lay your trust in the same people who encrypted your files and this is not a good idea.

Remove Ad Virus and Try Restoring Files

To remove Ad Virus from your computer, we strongly recommend that you read the instructions underneath. They have been created with the primary purpose to help you remove the Ad Virus files and try to restore all encrypted data. For a faster and effective removal, we strongly recommend that you download and run a scan of your computer using a professional malware removal software. Such program has been made with the main idea to help you erase all traces of the Ad Virus from your machine by scanning for its files and objects. It can also protect you from future threats and intrusive software of this type.

Avatar

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...