Remove Ecovector (Vegclass) Ransomware. Restore @aol(.)com.xtbl Files

Remove Ecovector (Vegclass) Ransomware. Restore @aol(.)com.xtbl Files

ecovector-vegclass-ransomware-stforumOur research indicates that there are at least three identical ransomware viruses currently infecting victims under different names. Ecovector and Vegclass ransomware “share” the same desktop wallpapers, and act in a very similar way. We also suspect that these two ransomware pieces are operated by the same individual(s) also spreading Green_Ray and the .xtbl extension ransomware. Encrypted files will have these extensions – .Vegclass(@), .{ecovector3(@)}.xtbl.

All of those crypto viruses set an email address type of extension ({.ecovector3(@), green_ray(@), etc.) and provide email addresses for contact that are quite alike. Continue reading to learn how to deal with those crypto threats.

Threat Summary

NameEcovector (Vegclass) Ransomware
Short DescriptionA new ransomware that has a lot in common with other “” crypto viruses.
SymptomsFiles become corrupted and the wallpaper is changed to instructions on how to pay the ransom money and decrypt your files.
Distribution MethodSpam email attachments, EKs, etc.
Detection Tool See If Your System Has Been Affected by Ecovector (Vegclass) Ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Ecovector (Vegclass) Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Other ransomware viruses we suspect to be operated by the individual or group of individuals are:

Because of their suspected Indian origin, security researchers refer to these ransomware pieces as “ viruses”.

Ecovector (Vegclass) Ransomware – Distribution Method

The most likely distribution methods that Ecovector (Vegclass) crypto virus may have employed to infect the victim’s system are:

  • Malicious URLs posted as spam comments on forums or other social websites.
  • Malicious URLs featured in spam emails appearing to be sent by a legitimate service.

However, the Ecovector (Vegclass) ransomware may be spread with the assistance of other malware. We have observed that the most often malware to download crypto-viruses are MSIL Trojans and exploit kits, such as the Angler EK. Since their executables are obfuscated by the so-called cryptors or obfuscating software, it is difficult for a conventional antivirus software to detect them. The distribution malware may either open a port, connect to a host and download the malicious .exe via the port or directly create an exploit for the attackers.

Ecovector (Vegclass) Ransomware – Technical Overview

The wallpaper and text file set by this crypto virus show a message explaining that the user’s files are now encrypted and that the victim should contact the provided email address. This encouragement should make the victim contact the cyber criminals, who are then supposed to send a private decryption key.

Ransomware such as Ecovector (Vegclass) use asymmetric algorithm which means that decryption is only possible via a private key only possessed by the ransomware operators. However, note that paying the ransom is never recommended since it supports the cyber criminal business and doesn’t guarantee that the affected files will be restored. There are numerous cases of victims who have sent payments, typically in Bitcoin, but couldn’t get their files back to their normal condition. Our advice is to seek alternative restoration methods, such as the ones provided in the manual below the article.

This is the text displayed on the ransomware desktop set by Ecovector (Vegclass) ransomware:
Attention!!! To restore information email technical support send 3 encrypted files Econvector3(@) or Eco_vector(@)

As mentioned in the beginning, files encrypted by this crypto virus will be appended the following extensions:

  • .Vegclass(@)
  • .{ecovector3(@)}.xtbl

Ecovector (Vegclass) Ransomware Removal Instructions

To rid your system of Ecovector (Vegclass) ransomware, we advise you to have a look at the instructions provided below the article. If you’re an experienced user and have dealt with similar infections below, you can follow the manual guide. However, to make sure that all files associated with Ecovector (Vegclass) are fully removed from the system, it’s best to use a specific anti-malware program.


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share