A devastating virus has appeared on the malware radar, known as AnonPop has been deleting files of infected computers, reports indicate. The virus has been reported to infect users via several different techniques. The worst part is that the sinister individuals behind this twisted cyber threat do not encrypt your files, and they delete them instead. This is particularly frustrating. However, researchers report that there are several methods to restore the files using special software. For more information on how to delete this ransomware yourself and restore the deleted files, make sure to go through this article to find out.
Threat Summary
| Name | AnonPop |
| Type | Fake ransomware. Lockscreen. |
| Short Description | AnonPop immediately deletes files of all drives and folders possible and leaves a fake ransom note asking the user to pay and lying to him/her that the files are encrypted. |
| Symptoms | Files are deleted and a fake ransom note is set as what appears to be a screensaver, locking the user out of the computer. |
| Distribution Method | Spam Emails, Email Attachments, File Sharing Networks. |
| Detection Tool | See If Your System Has Been Affected by AnonPop Download Malware Removal Tool |
| User Experience | Join our forum to Discuss Locky Ransomware. |
| Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |
AnonPop Fake Ransomware Virus – Spread
To effectively infect users on a massive scale, the AnonPop ransomware may be spread via massive spam campaigns which can distribute it either via malicious URLs or malicious files, both of which may be posted in spam messages all over the web:
- Referral spam on blogs.
- Forums.
- Social media spam.
- Spam e-mail messages with malicious URLs or attachments.
Such attachments may turn to be dangerous because a malicious macro, an Exploit Kit or even a malicious JavaScript attack may be used to infect unsuspecting users.
AnonPop Fake Ransomware – In Depth Analysis
As soon as it has infected the computer of the user, AnonPop immediately deletes every file with the exceptions of files that belong to Windows so that it does not break it. The virus looks in the following folders for files and erases them:
D:\ ,E:\ ,F:\ ,H:\ ,G:\ ,I:
In addition to this nightmare, the AnonPop Virus not only deletes the files but also locks the screen of the infected computer, setting an Anonymous-themed wallpaper which lies to the user that his files are encrypted:
The lock screen locks the user out of his computer by staying over the desktop. This strongly suggests that the registry keys for the ScreenSaver of the infected machine have been infected. This immediately points out to the following keys and values being affected:
HKEY_USERS\.DEFAULT\Control Panel\Desktop
The values:
ScreenSaveActive
SCRNSAVE.EXE
ScreenSaveTimeOut
ScreenSaverIsSecure
The AnonPop ransomware also can shut down your computer after displaying a similar pop-up message with the following text:
AnonPop Fake Ransomware – Conclusion, Remove It and Restore Deleted Files
It is so far unclear what kind of sick individuals are behind this ransomware and go around and delete users’ files left and right. The good news is that they did not use unconventional methods to erase the files from the sectors of the Hard Drive of the infected computers. This is why we have suggested a solution below, but for it to work you must do two things:
1. Remove the ransomware using either the manual(if you know where its files and registries are) or automatic instructions which are illustrated after this article. They will help you deal with it without reinstalling Windows and formatting your drive which is what we are aiming at for this method do work. For maximum effectiveness, experts advise scanning in safe mode with an anti-malware scanner which will automatically take care of AnonPop fake ransomware.
2.Do not reinstall Windows and do not format your hard drive.
3.1 Check your computer for enabled “File History,” any backup or Shadow Volume Copies. This will help you to immediately get all your files back if you have it enabled. To restore your data, your first bet is to check again for shadow copies in Windows using this software:
3.2 Download Data Recovery Software – we have suggested few data recovery programs which you can download and use. They will automatically scan the sectors of your hard drive and recover what can be recovered. Bear in mind that you may not recover 100% of your files, but there is a high possibility that you may get most of your files back especially if this has happened very soon to you and you haven’t reformatted the memory of your drive.
Here are some of our suggestions for data recovery software:
- Stellar Phoenix Data Recovery Technicians License(Pro version with more features)
- Stellar Phoenix Windows Data Recovery
- Stellar Phoenix Photo Recovery
Manually delete AnonPop from your computer
Note! Substantial notification about the AnonPop threat: Manual removal of AnonPop requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
1. For Windows 7,XP and Vista.
2. For Windows 8, 8.1 and 10.
Automatically remove AnonPop by downloading an advanced anti-malware program
1. Install SpyHunter to scan for and remove AnonPop.
1. For Windows 7 and earlier
STOPZilla Anti Malware
