.bin Files Virus - How to Remove It

.bin Files Virus – How to Remove It

remove .bin files virus restore data sensorstechforum guide

This article explains the issues that occur in case of infection with .bin files virus and provides a complete guide on how to remove malicious files and how to potentially recover files encrypted by this ransomware.

Ransomware dubbed .bin files virus has been detected to infect computer systems in order to encode target files with the sophisticated AES cipher algorithm. Following data encryption, it extorts a ransom payment from victims. In case this threat has infected your system you won’t be able to open files marked with the extension .bin.

Threat Summary

Name.bin Files Virus
TypeRansomware, Cryptovirus
Short DescriptionA data locker ransomware that encodes files with a strong cihper algorithm and then demands a ransom for their decryption.
SymptomsImportant files are corrupted and renamed with the .bin extension. The access to encrypted files is restricted and a ransom is demanded.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .bin Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .bin Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.bin Files Virus – Distribution

There are several spread techniques that may be used for the distribution of .bin ransomware. One of those techniques is called malwspam. It lets hackers spread malicious code via massive email campaigns. They usually embed their malware in files of common types and attach these files to email messages. In addition, emails are often disguised as legitimate businesses or services.

The last could be explained by the fact that their purpose is to trick you into opening the corrupted file on your device as this action triggers the execution of ransomware payload. A variety of common file types such as documents, PDFs, images could be transformed into carriers of ransomware code.

These files are often presented as the following:

  • Invoices coming from reputable sites, like PayPal, eBay, etc.
  • Documents from that appear to be sent from your bank.
  • An online order confirmation note.
  • Receipt for a purchase.
  • Others.

Malware authors may be also using compromised software installers and infected websites to spread this nasty ransomware infection. These methods enable them to embed the ransomware payload to an app installer or inject it into a web page. Both cases could result in automatic and unnoticed execution of this payload directly on a target system.

.bin Files Virus – Overview

The so-called .bin files virus is a threat that is designed to act like a typical data locker ransomware. It invades computer systems, plagues essential system components, encodes target files and extorts a ransom payment.

Yet another ransomware that belongs to the

The Scarab-Bin Virus has been identified in an attack encrypting the victim files with the .bin extension, read more in our removal guide
Scarab ransomware family was associated with the same .bin extension as this new strain of the virus. Even though they act quite the same there is no evidence of their relation.

The infection process with this ransomware which is named after the extension it appends to corrupted files starts with the execution of its payload file on the system. Soon after this event occurs, a large number of malicious files are established on the infected device. Some of these files may be stored in essential system folders like:

  • %Roaming%
  • %Windows%
  • %AppData%
  • %Local%
  • %Temp%

With the help of these files, the ransomware could perform lots of malicious activities that interfere with main system settings. Among the affected system components is likely to be the Registry Editor as its contamination could provide for the persistent presence of this nasty ransomware on the device.

Once affected the registry sub-key Run stored by the Registry Editor starts executing malicious files on each system start. While an affected RunOnce sub-key enables the automatic load of a ransom note file. This file is named readme.txt and all it reads is:

Hello, you or someone who are using this computer has downloaded a game/software illegally.
Unfortunately, a malware has infected your computer and a large number of your files has been encrypted using a hybrid encryption scheme.
To recover your files your only option is to send the following amount of Bitcoin to the following address. Be careful, send the exact amount.
Amount (BTC): 0.047831
Address: bc1q7nr4m6vyxv9t0pcgs7fnd8sxuk78j3jh9g7vwy
Where to buy Bitcoins? https://localbitcoins.com/
Once the transaction will be confirmed by the network (up to 1hour), decryption of your files will start.

Apparently, this message aims to blackmail you into paying hackers a ransom of approximately 0.5 Bitcoin for the decryption of your .bin files. However, you should not trust them. They are cybercriminals. They could trick you once again by stealing your money and skip sending you back a working decrypter. What we could advise you is to consider the immediate removal of this nasty ransomware from your machine. Once it’s gone you could attempt to restore encrypted files with the help of some alternative data recovery methods.

.bin Files Virus – Encryption Process

The main purpose this newly discovered .bin files virus is the encryption of many commonly used types of files. So once it reaches data encryption stage it is liekly to detect and transform the original code of all your:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

Following encryption, all corrupted files remain inaccessible due to changes applied by the ransomware. For these changes .bin ransomware has been claimed to use the sophisticated cipher algorithm – AES. How you could recognize files encrypted by this crypto virus is by the extension .bin which is appended to their original names.

An infection with this .bin ransomware could also lead to the execution of the following command:

→vssadmin.exe delete shadows /all /Quiet

By executing it, .bin files virus erases all the Volume Shadow Copies stored by the Windows operating system. This action makes the encryption process more efficient as it prevents you from recovering corrupted files with the help of the Shadow Explorer. Happily, there are other alternative data recovery approaches that could potentially help you to restore a few to all of your .bin files. More information about these approaches is presented in the steps of our removal guide.

Remove .bin Files Virus and Restore Data

The so-called .bin files virus is a threat with highly complex code designed to corrupt both system settings and valuable data. So the only way to use your infected system in a secure manner again is to remove all malicious files and objects created by the ransomware. For the purpose, you could use our removal guide that reveals how to clean and secure your system step by step. In addition, in the guide, you will find several alternative data recovery approaches that may be helpful in attempting to restore files encrypted by this ransomware. We remind you to back up all encrypted files to an external drive before the recovery process.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share