Remove AnonPop Fake Ransom Virus and Restore Deleted Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove AnonPop Fake Ransom Virus and Restore Deleted Files


Warning: Creating default object from empty value in /usr/hosting/sensorstechforum-com/sensorstechforum.com/wp-content/themes/minezine/single.php on line 187

Warning: Creating default object from empty value in /usr/hosting/sensorstechforum-com/sensorstechforum.com/wp-content/themes/minezine/single.php on line 201

Warning: Creating default object from empty value in /usr/hosting/sensorstechforum-com/sensorstechforum.com/wp-content/themes/minezine/single.php on line 215

Warning: Creating default object from empty value in /usr/hosting/sensorstechforum-com/sensorstechforum.com/wp-content/themes/minezine/single.php on line 234

Warning: Creating default object from empty value in /usr/hosting/sensorstechforum-com/sensorstechforum.com/wp-content/themes/minezine/single.php on line 295
OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by AnonPop and other threats.
Threats such as AnonPop may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Anonymous-encrypted-anonpop-sensorstechforumA devastating virus has appeared on the malware radar, known as AnonPop has been deleting files of infected computers, reports indicate. The virus has been reported to infect users via several different techniques. The worst part is that the sinister individuals behind this twisted cyber threat do not encrypt your files, and they delete them instead. This is particularly frustrating. However, researchers report that there are several methods to restore the files using special software. For more information on how to delete this ransomware yourself and restore the deleted files, make sure to go through this article to find out.

Threat Summary

NameAnonPop
TypeFake ransomware. Lockscreen.
Short DescriptionAnonPop immediately deletes files of all drives and folders possible and leaves a fake ransom note asking the user to pay and lying to him/her that the files are encrypted.
SymptomsFiles are deleted and a fake ransom note is set as what appears to be a screensaver, locking the user out of the computer.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by AnonPop

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Locky Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

AnonPop Fake Ransomware Virus – Spread

To effectively infect users on a massive scale, the AnonPop ransomware may be spread via massive spam campaigns which can distribute it either via malicious URLs or malicious files, both of which may be posted in spam messages all over the web:

  • Referral spam on blogs.
  • Forums.
  • Social media spam.
  • Spam e-mail messages with malicious URLs or attachments.

Such attachments may turn to be dangerous because a malicious macro, an Exploit Kit or even a malicious JavaScript attack may be used to infect unsuspecting users.

AnonPop Fake Ransomware – In Depth Analysis

As soon as it has infected the computer of the user, AnonPop immediately deletes every file with the exceptions of files that belong to Windows so that it does not break it. The virus looks in the following folders for files and erases them:

%Documents%, %Downloads%, %Pictures%, %Music%, %Videos%, %Contacts%, %Favorites%, %Searches%, Google’s Folders, Windows Defender’s Folders, Mozilla Firefox’s Folders, Internet Explorer’s Folders, %AppData%\Local\Temp\, %Desktop%
D:\ ,E:\ ,F:\ ,H:\ ,G:\ ,I:

In addition to this nightmare, the AnonPop Virus not only deletes the files but also locks the screen of the infected computer, setting an Anonymous-themed wallpaper which lies to the user that his files are encrypted:

anonpop-fake-ransom-note-sensorstechforum

The lock screen locks the user out of his computer by staying over the desktop. This strongly suggests that the registry keys for the ScreenSaver of the infected machine have been infected. This immediately points out to the following keys and values being affected:

In the key:
HKEY_USERS\.DEFAULT\Control Panel\Desktop
The values:
ScreenSaveActive
SCRNSAVE.EXE
ScreenSaveTimeOut
ScreenSaverIsSecure

The AnonPop ransomware also can shut down your computer after displaying a similar pop-up message with the following text:

ransom-pop-up-sensorstechforum-anonpop

AnonPop Fake Ransomware – Conclusion, Remove It and Restore Deleted Files

It is so far unclear what kind of sick individuals are behind this ransomware and go around and delete users’ files left and right. The good news is that they did not use unconventional methods to erase the files from the sectors of the Hard Drive of the infected computers. This is why we have suggested a solution below, but for it to work you must do two things:

1. Remove the ransomware using either the manual(if you know where its files and registries are) or automatic instructions which are illustrated after this article. They will help you deal with it without reinstalling Windows and formatting your drive which is what we are aiming at for this method do work. For maximum effectiveness, experts advise scanning in safe mode with an anti-malware scanner which will automatically take care of AnonPop fake ransomware.

2.Do not reinstall Windows and do not format your hard drive.

3.1 Check your computer for enabled “File History,” any backup or Shadow Volume Copies. This will help you to immediately get all your files back if you have it enabled. To restore your data, your first bet is to check again for shadow copies in Windows using this software:

Shadow Explorer

3.2 Download Data Recovery Software – we have suggested few data recovery programs which you can download and use. They will automatically scan the sectors of your hard drive and recover what can be recovered. Bear in mind that you may not recover 100% of your files, but there is a high possibility that you may get most of your files back especially if this has happened very soon to you and you haven’t reformatted the memory of your drive.

Here are some of our suggestions for data recovery software:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...