Remove Ecovector (Vegclass) Ransomware. Restore @aol(.)com.xtbl Files

ecovector-vegclass-ransomware-stforum Our research indicates that there are at least three identical ransomware viruses currently infecting victims under different names. Ecovector and Vegclass ransomware “share” the same desktop wallpapers, and act in a very similar way. We also suspect that these two ransomware pieces are operated by the same individual(s) also spreading Green_Ray and the .xtbl extension ransomware. Encrypted files will have these extensions – .Vegclass(@)aol.com.xtbl, .{ecovector3(@)aol.com}.xtbl.

All of those crypto viruses set an email address type of extension ({.ecovector3(@)aol.com.xtbl, green_ray(@)aol.com.xtbl, etc.) and provide email addresses for contact that are quite alike. Continue reading to learn how to deal with those crypto threats.

Threat Summary

Name	Ecovector (Vegclass) Ransomware
Type	Ransomware
Short Description	A new ransomware that has a lot in common with other “@india.com” crypto viruses.
Symptoms	Files become corrupted and the wallpaper is changed to instructions on how to pay the ransom money and decrypt your files.
Distribution Method	Spam email attachments, EKs, etc.
Detection Tool	See If Your System Has Been Affected by Ecovector (Vegclass) Ransomware Download Malware Removal Tool
User Experience	Join Our Forum to Discuss Ecovector (Vegclass) Ransomware.
Data Recovery Tool	Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Other ransomware viruses we suspect to be operated by the individual or group of individuals are:

Because of their suspected Indian origin, security researchers refer to these ransomware pieces as “@india.com viruses”.

Ecovector (Vegclass) Ransomware – Distribution Method

The most likely distribution methods that Ecovector (Vegclass) crypto virus may have employed to infect the victim’s system are:

Malicious URLs posted as spam comments on forums or other social websites.
Malicious URLs featured in spam emails appearing to be sent by a legitimate service.

However, the Ecovector (Vegclass) ransomware may be spread with the assistance of other malware. We have observed that the most often malware to download crypto-viruses are MSIL Trojans and exploit kits, such as the Angler EK. Since their executables are obfuscated by the so-called cryptors or obfuscating software, it is difficult for a conventional antivirus software to detect them. The distribution malware may either open a port, connect to a host and download the malicious .exe via the port or directly create an exploit for the attackers.

Ecovector (Vegclass) Ransomware – Technical Overview

The wallpaper and text file set by this crypto virus show a message explaining that the user’s files are now encrypted and that the victim should contact the provided email address. This encouragement should make the victim contact the cyber criminals, who are then supposed to send a private decryption key.

Ransomware such as Ecovector (Vegclass) use asymmetric algorithm which means that decryption is only possible via a private key only possessed by the ransomware operators. However, note that paying the ransom is never recommended since it supports the cyber criminal business and doesn’t guarantee that the affected files will be restored. There are numerous cases of victims who have sent payments, typically in Bitcoin, but couldn’t get their files back to their normal condition. Our advice is to seek alternative restoration methods, such as the ones provided in the manual below the article.

This is the text displayed on the ransomware desktop set by Ecovector (Vegclass) ransomware:
Attention!!! To restore information email technical support send 3 encrypted files Econvector3(@)aol.com or Eco_vector(@)india.com

As mentioned in the beginning, files encrypted by this crypto virus will be appended the following extensions:

.Vegclass(@)aol.com.xtbl
.{ecovector3(@)aol.com}.xtbl

Ecovector (Vegclass) Ransomware Removal Instructions

To rid your system of Ecovector (Vegclass) ransomware, we advise you to have a look at the instructions provided below the article. If you’re an experienced user and have dealt with similar infections below, you can follow the manual guide. However, to make sure that all files associated with Ecovector (Vegclass) are fully removed from the system, it’s best to use a specific anti-malware program.

Manually delete Ecovector (Vegclass) Ransomware from your computer

Note! Substantial notification about the Ecovector (Vegclass) Ransomware threat: Manual removal of Ecovector (Vegclass) Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Ecovector (Vegclass) Ransomware files and objects.

2. Find malicious files created by Ecovector (Vegclass) Ransomware on your PC.

3. Fix registry entries created by Ecovector (Vegclass) Ransomware on your PC.

Automatically remove Ecovector (Vegclass) Ransomware by downloading an advanced anti-malware program

1. Remove Ecovector (Vegclass) Ransomware with SpyHunter Anti-Malware Tool

2. Back up your data to secure it against infections and file encryption by Ecovector (Vegclass) Ransomware in the future

Back up your data to secure it against attacks in the future

IMPORTANT! Before reading the Windows backup instructions, we highly recommend to back up your data automatically with cloud backup and insure it against any type of data loss on your device, even the most severe. We recommend reading more about and downloading SOS Online Backup .

To back up your files via Windows and prevent any future intrusions, follow these instructions:

1. For Windows 7 and earlier

1. For Windows 8, 8.1 and 10

1. Enabling the Windows Defense Feature (Previous Versions)

1-Click on Windows Start Menu

2-Type Backup And Restore
3-Open it and click on Set Up Backup

4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.

5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.

6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by Ecovector (Vegclass) Ransomware.

1-Press Windows button + R

2-In the window type ‘filehistory’ and press Enter

3-A File History window will appear. Click on ‘Configure file history settings’

4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.

5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from Ecovector (Vegclass) Ransomware.

1- Press Windows button + R keys.

2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.

3- A System Properties windows should appear. In it choose System Protection.

5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from Ecovector (Vegclass) Ransomware is on.

Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.

2-Click on the Previous Versions tab and then mark the last version of the file.

3-Click on Apply and Ok and the file encrypted by Ecovector (Vegclass) Ransomware should be restored.