.yum Files Virus - How to Remove IT
THREAT REMOVAL

.yum Files Virus – How to Remove It

This article has been created to explain what is the .yum file ransomware and how you can effectively remove it from your computer.

The .yum file ransomware is the type of virus whose main idea is to slither onto your computer, encrypt the files in it and then aims to scare you off into paying ransom in order to get your files to work once again. The ransomware may perform various different types of activities on the computers of victims which may lead to your files no longer being able to be opened. To decrypt the files, the .yum virus may leave a ransom note explaining that you must pay money in the form of BitCoin to recover your data, which is strongly not advisable. If you want to remove .yum files virus from your computer and try to restore your data, we would strongly recommend that you follow the removal steps underneath this article.

Threat Summary

Name.yum Files Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt files and extort victims into paying cryptocurrency to get their files to work.
SymptomsFiles can no longer be opened and the .yum extension Is added to them.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .yum Files Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .yum Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.yum Files Virus – Update April 2019

A decryption tool for the .yum Files Virus got released by EMSIsoft, that you can download from the link provided here – Emsisoft Decrypter for Planetary Ransomware (.mira, .pluto, .Neptune, .yum). You will need a ransom note from this ransomware in order to use the decrypter.

.yum Files Ransomware – Distribution

Viruses, like the .yum threat are spread in various manners, but the main one which is typical for such threats is e-mail spam. Such spam messages may replicate the virus files of .yum Ransomware as some sort of important attachments to the e-mail. The ransomware virus could also include e-mail text that is very convincing, like pretend that your license for a service has expired or that your online purchase is revoked, for example.

Anther way via which this nasty virus may have entered your computer system is likely done via the virus being spread by being uploaded on websites, where it patiently waits to be downloaded and executed. Such files often turn out to be fake versions of:

  • Setups.
  • Cracks.
  • Patches.
  • License activation programs.
  • Key generators.

.yum Files Virus – More Information

Once it has already compromised your computer, the .yum file ransomware may begin it’s nasty activities. First, the virus may situate its malicious files on your computer as if they were legitimate files. They may reside in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

Once the .yum ransomware has dropped the files on your computer, the virus may then begin to create mutexes in Windows. As soon as this is done, the .yum ransomware may perform a check if it is dropped on a real Windows computer or if it’s running in a virtual operating system. If it is running In a virtual environment, then .yum ransomware may self-delete. Not only this, but the .yum virus may also check if it has already infected your computer in the past and if so, the ransomware may also self-erase its files.

In addition to checks, .yum ransomware may also do a check on your IP address and MAC address as well. Then, the virus may run the following commands in Windows Command Prompt without you even noticing it:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

These commands may effectively delete the shadow copies on the compromised computer and disable Windows Recovery services. The .yum virus may do this to prevent you from recovering your files via these services.

Futhermore, the .yum files virus may also create registry strings with random names in the following Windows sub-keys:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
HKEY_CURRENT_USER\Control Panel\Desktop

.yum Files Virus – Encryption

Once the .yum virus infects your computer, all of it’s activities may be done in a matter of seconds and then, the virus may get to the file encryption part. The encryption is usually done either by copying your original files and then creating their encrypted analogues that cannot be opened and have the .yum extension:

The files for which the .yum ransomware scans for to encrypt are usually the following types:

  • Document file types.
  • Videos.
  • Images.
  • Archives.
  • Audio files.
  • Virtual drive files.
  • Presentation files.
  • Photoshop files.
  • Database files.

Once the files are encrypted, the .yum virus may generate a unique decryption key which may be private and public. The private key may be encrypted with another cipher or deleted. This makes the cyber-criminals the only ones in power to decrypt your files, since they receive all decryption keys. However, paying ransom to those crooks is highly inadvisable, because you cannot fully trust them with your files.

Remove .yum Ransomware and Try Restoring Files

The .yum ransomware should not be underestimated and you should do a fresh backup of your files before actually trying to remove this virus.

The .yum files virus is the type of ransomware whose main idea is to convince users to pay ransom. To remove it safely you should follow the removal steps underneath. If the first two steps do not seem to remove the .yum ransomware permanently from your computer, we strongly suggest using the automatic removal instructions underneath them. They include scanning your PC with an advanced anti-malware software, which is the preferred solution by most cyber-security experts. Such software aims to effectively scan your computer against all forms of malware threats and remove them effectively.

If you want to try and restore files, encrypted by this ransomware on your computer, we strongly suggest that you try the methods in the “Try to restore” step below. They may not restore all your files, but with their aid, you could be able to recover at least some of them.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...