Remove Anti-DDos Ransomware and Restore Your Files

Remove Anti-DDos Ransomware and Restore Your Files

This article will help you remove Anti-DDos ransomware absolutely. Follow the ransomware removal instructions at the end of the article.

Anti-DDos ransomware is also a cryptovirus with screen-locking capabilities and is dubbed after its payload dropper – “Anti-DDos.exe”. The screenlocker is smart as it shows a fake Windows Update, while the ransom message that shows afterward is written in Brazilian Portuguese. Probably users from Brazil are being the main target of the cryptovirus. Continue to read below to see how you could try to potentially restore some of your files.

Threat Summary

Short DescriptionThe ransomware encrypts files on your computer and later tries to extort you to pay a ransom to get your files back.
SymptomsThe ransomware will encrypt your files while putting up a screenlocker that is presented as a Windows Update service. The update is of course fake and only there to trick users.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Anti-DDos


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Anti-DDos.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Anti-DDos Ransomware – Update

Update! A decryption tool is now available for the Anti-DDoS ransomware! The tool was created by the malware researcher Michael Gillespie and can be downloaded from the following link, wrapped inside a .zip archive: Anti-DDos Ransomware Decrypter.

Anti-DDos Ransomware – Infection Spread

Anti-DDos ransomware might spread its infection with various methods. A payload dropper which initiates the malicious script for this ransomware could be circling around the World as this article is being written. In the case such a file lands on your computer system and you execute it – your PC will become infected.

Anti-DDos ransomware might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware found in our forums.

Anti-DDos Ransomware – Detailed Information

Anti-DDos is the name of a cryptovirus that demands a ransom to be paid out and you to provide your “Steam” credentials to the developer of the virus. The name of the ransomware comes from the payload file “Anti-DDos.exe”. The target of the virus is quite likely to be just people from Brazil, as its ransom note is written in Brazilian Portuguese. However, people who are from the rest of the World could be affected as well and Brazilians might be just the main focus and not the only one. While your files are being encrypted, the following fake Windows Update screen will show up (which is also a screenlocker):

Anti-DDos ransomware could make entries in the Windows Registry to achieve persistence, and probably launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.

The ransom message is written in Brazilian Portuguese, as it uses that dialect specifically, and gives details about how you could restore your files by paying a ransom. You can preview the ransom message that loads after the encryption process is complete from the below image:

That ransom message reads the following:

Ransoware Detected!
Seu pc Foi Sequestrado!
Aviso: Desligar o computador irar fazer seus arquivos serem deletados!
Se você pretende recuperar seu computador siga os passos:
1.) Pegue a chave
2.) 123-4CS-31G-GH1
3.) Coloque em chave de acesso e de Ok
4.) Logo em seguida crie um arquivo na sua area de trabalho chamado acesso.txt
5.) Coloque seu email e senha da Steam.
6.) Espere 60 segundos!
Endereço de bitcoin: xxxxxxxxxxxxxxxxx
Digite a chave de acesso:

A rough translation of that message in English is the following:

Ransomware Detected!
Your PC has been hijacked!
Warning: Turn off the computer irar make your files be deleted!
If you plan to recover your computer follow the steps:
1.) Take the key
2.) 123-4CS-31G-GH1
3.) Put in access key and Ok
4.) Next create a file on your desktop called access.txt
5.) Enter your Steam email and password.
6.) Wait 60 seconds!
Bitcoin’s address: xxxxxxxxxxxxxxxxx
Enter the passkey:

The note of the Anti-DDos ransomware states that your files are encrypted. A warning is given, that upon turning off your computer machine, all your files will be deleted. Even if that is true, do not worry as the ransomware seems to be decryptable. Do not give your “Steam” or E-mail credentials, nor should you pay up or contact the criminals. Your files may not get restored upon payment and you have no guarantee of that working. Moreover, giving money to cybercriminals will likely motivate them to delve further into the criminal world.

Anti-DDos Ransomware – Encryption Process

The ransomware uses the AES algorithm for its encryption process according to some malware researchers. You can see a list with file extensions that the Anti-DDos ransomware probably seeks to encrypt:

→.7z, .bmp, .doc, .docm, .docx, .html, .jpeg, .jpg, .mp3, .mp4, .pdf, .php, .ppt, .pptx, .rar, .rtf, .sql, .tiff, .txt, .xls, .xlsx, .zip

Those files are the most commonly-used ones for most Windows users, which is why the list could be on-point.

The Anti-DDos cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

In case the command stated above is executed that would make the encryption process more efficient as it will eliminate one of the ways for restoring your files. If your computer was infected with this ransomware and your files are locked, read on through to find out how you could potentially recover your files.

Remove Anti-DDos Ransomware and Restore Your Files

If your computer got infected with the Anti-DDos ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share