Remove AnonPop Fake Ransom Virus and Restore Deleted Files - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove AnonPop Fake Ransom Virus and Restore Deleted Files

Anonymous-encrypted-anonpop-sensorstechforumA devastating virus has appeared on the malware radar, known as AnonPop has been deleting files of infected computers, reports indicate. The virus has been reported to infect users via several different techniques. The worst part is that the sinister individuals behind this twisted cyber threat do not encrypt your files, and they delete them instead. This is particularly frustrating. However, researchers report that there are several methods to restore the files using special software. For more information on how to delete this ransomware yourself and restore the deleted files, make sure to go through this article to find out.

Threat Summary

NameAnonPop
TypeFake ransomware. Lockscreen.
Short DescriptionAnonPop immediately deletes files of all drives and folders possible and leaves a fake ransom note asking the user to pay and lying to him/her that the files are encrypted.
SymptomsFiles are deleted and a fake ransom note is set as what appears to be a screensaver, locking the user out of the computer.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by AnonPop

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Locky Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

AnonPop Fake Ransomware Virus – Spread

To effectively infect users on a massive scale, the AnonPop ransomware may be spread via massive spam campaigns which can distribute it either via malicious URLs or malicious files, both of which may be posted in spam messages all over the web:

  • Referral spam on blogs.
  • Forums.
  • Social media spam.
  • Spam e-mail messages with malicious URLs or attachments.

Such attachments may turn to be dangerous because a malicious macro, an Exploit Kit or even a malicious JavaScript attack may be used to infect unsuspecting users.

AnonPop Fake Ransomware – In Depth Analysis

As soon as it has infected the computer of the user, AnonPop immediately deletes every file with the exceptions of files that belong to Windows so that it does not break it. The virus looks in the following folders for files and erases them:

%Documents%, %Downloads%, %Pictures%, %Music%, %Videos%, %Contacts%, %Favorites%, %Searches%, Google’s Folders, Windows Defender’s Folders, Mozilla Firefox’s Folders, Internet Explorer’s Folders, %AppData%\Local\Temp\, %Desktop%
D:\ ,E:\ ,F:\ ,H:\ ,G:\ ,I:

In addition to this nightmare, the AnonPop Virus not only deletes the files but also locks the screen of the infected computer, setting an Anonymous-themed wallpaper which lies to the user that his files are encrypted:

anonpop-fake-ransom-note-sensorstechforum

The lock screen locks the user out of his computer by staying over the desktop. This strongly suggests that the registry keys for the ScreenSaver of the infected machine have been infected. This immediately points out to the following keys and values being affected:

In the key:
HKEY_USERS\.DEFAULT\Control Panel\Desktop
The values:
ScreenSaveActive
SCRNSAVE.EXE
ScreenSaveTimeOut
ScreenSaverIsSecure

The AnonPop ransomware also can shut down your computer after displaying a similar pop-up message with the following text:

ransom-pop-up-sensorstechforum-anonpop

AnonPop Fake Ransomware – Conclusion, Remove It and Restore Deleted Files

It is so far unclear what kind of sick individuals are behind this ransomware and go around and delete users’ files left and right. The good news is that they did not use unconventional methods to erase the files from the sectors of the Hard Drive of the infected computers. This is why we have suggested a solution below, but for it to work you must do two things:

1. Remove the ransomware using either the manual(if you know where its files and registries are) or automatic instructions which are illustrated after this article. They will help you deal with it without reinstalling Windows and formatting your drive which is what we are aiming at for this method do work. For maximum effectiveness, experts advise scanning in safe mode with an anti-malware scanner which will automatically take care of AnonPop fake ransomware.

2.Do not reinstall Windows and do not format your hard drive.

3.1 Check your computer for enabled “File History,” any backup or Shadow Volume Copies. This will help you to immediately get all your files back if you have it enabled. To restore your data, your first bet is to check again for shadow copies in Windows using this software:

Shadow Explorer

3.2 Download Data Recovery Software – we have suggested few data recovery programs which you can download and use. They will automatically scan the sectors of your hard drive and recover what can be recovered. Bear in mind that you may not recover 100% of your files, but there is a high possibility that you may get most of your files back especially if this has happened very soon to you and you haven’t reformatted the memory of your drive.

Here are some of our suggestions for data recovery software:

Manually delete AnonPop from your computer

Note! Substantial notification about the AnonPop threat: Manual removal of AnonPop requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove AnonPop files and objects
2.Find malicious files created by AnonPop on your PC
3.Fix registry entries created by AnonPop on your PC

Automatically remove AnonPop by downloading an advanced anti-malware program

1. Remove AnonPop with SpyHunter Anti-Malware Tool
2. Back up your data to secure it against infections and file encryption by AnonPop in the future
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.