In this article, you will find more information about .com files virus as well as a step-by-step guide on how to remove malicious files from an infected system and how to potentially recover files encrypted by this ransomware.
The .com files virus is a variant of Dharma ransomware that corrupts computer systems so it can reach target files and encode them with the help of a sophisticated cipher algorithm. To mark corrupted files, the ransomware uses a specific extension of the same name .com. All corrupted files remain inaccessible until their code is reverted back to its normal state. This consequence is misused by hackers who attempt to extort a ransom fee for recovery tool.
|Name||.com Files Virus|
|Short Description||A version of the CrySyS/Dharma ransomware that is designed to encrypt valuable files stored on infected computers and then extort a ransom from victims.|
|Symptoms||Important files are encrypted and renamed with the extension .com|
A ransom note appears on PC screen to present instructions on ransom payment.
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by .com Files Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .com Files Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.com Files Virus (Dharma) – Distribution
The main distribution technique of .com ransomware is likely to be malspam. Malspam or massive spam e-mail campaigns that attempt to deliver malicious code on computer devices have several common traits:
- A link to compromised web page that is set to download and execute infection files directly on the PC. The URL address to this page may be presented in the form of an in-text link, banner, image, button or full URL address.
- A malicious file attachment that is presented as legitimate document by the text message. It could be uploaded in a .rar or .zip archive. Such a file could be set to evade active security measures and trick you into running the ransomware on your PC.
Attack campaigns could be set against users worldwide.
.com Files Virus (Dharma) – Overview
The .com files virus is a data locker ransomware that belongs to Dharma threat family. Like its predecessors (.combo, .adobe, .bkp, etc.) .com is designed to invade computer systems and then corrupt valuable files stored on connected drives.
Once its payload file is run on the system, .com Dharma ransomware becomes able to pass through several attack stages. At first, it searches for certain Windows processes which once stopped could prevent active security measures from detecting its presence on the computer.
Then the ransomware is likely to establish a bunch of additional malicious files. By executing them in a predefined order it becomes able to fulfill sequent attack stages. With their help .com files virus plagues the settings of some main system components.
Windows Registry is one of the components that may be affected by .com ransomware. Since the registry keys Run and RunOnce manage the automatic execution of all files they store, they are often exploited by crypto viruses. By adding its malicious values under the registry key Run, .com files virus gains persistence on the infected system. It becomes able to load on each system.
Тhe end of the attack is marked by the appearance of a ransom message on the screen. This message reveals the presence of .com ransomware and urges you to contact hackers at [email protected]. For the sake of your security, we recommend you to avoid these instructions and cope with the problem in a secure manner.
.com Files Virus (Dharma) – Encryption Process
The primary goal of .com files virus is to reach data encryption stage. During this stage, it activates a built-in encryption module that scans the system for target types of files and encodes them with the help of sophisticated cipher algorithm. Following encryption, almost all of your valuable files may be inaccessible. This is a result of significant changes applied to their original code. Unfortunately, all commonly used files that are likely to store important information could be affected by the ransomware:
- Audio files.
- Image files.
- Banking files.
Corrupted files could be recognized by the distinctive extension .com appended to their names. Beware that ransom payment does not guarantee the recovery of your .com files. Hackers’ decryption tool may be inefficient due to existing mistakes in the code of their threat. Furthermore, they could skip contacting you at all. So what we could recommend you is to consider the help of alternative data recovery methods that may restore some of your .com files.
Remove .com Files Virus (Dharma) and Attempt to Restore Data
The so-called .com files virus is a threat with highly complex code designed to corrupt both system settings and valuable data. So the only way to use your infected system in a secure manner again is to remove all malicious files and objects created by the ransomware. For the purpose, you could use our removal guide that reveals how to clean and secure your system step by step. In addition, in the guide, you will find several alternative data recovery approaches that may be helpful in attempting to restore files encrypted by Dharma .com ransomware. We remind you to back up all encrypted files to an external drive before the recovery process.