.SENRUS17 Files Virus – How to Remove and Restore Files (OCT 2017)

.SENRUS17 Files Virus – How to Remove and Restore Files


This article aims to help you remove .SENRUS files ransomware (RotorCrypt) from your computer and restore files that have been encrypted by it on your computer system.

New variant of the RotorCrypt ransomware viruses, known as .SENRUS17 file virus, has been reported to cause immense damage on the files of the computers it infects. Luckily this virus only encrypt the files and does not damage them permanently, meaning they cannot be opened until the victims pay a hefty ransom fee to get back the files that have been encrypted by it on their PC’s. If your PC has been infected by the .SENRUS17 files virus and you are looking for a way to remove this ransomware and restore your encrypted files without paying the ransom, we recommend you to read this article.

Threat Summary

Name.SENRUS17 Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on your computer adding a custom file extension and demands ransom payoff in BitCoin to get them back.
SymptomsThe files on the victim’s computer are encrypted with the added .SENRUS17 file extension.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .SENRUS17 Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .SENRUS17 Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.SENRUS17 Files Virus – Distribution

The infection process of this ransomware virus is conducted primarily via spammed e-mails. Such messages often aim to trick potential victims into opening the e-mail attachments on them or clicking on a malicious web link related to them where the actual infection file can be found. Here is one example of such malicious e-mail which has linked the infection file download page directly In the e-mail:

Since the actual infection file is linked via Dropbox, which is one of the biggest cloud-sharing services, the malware cannot be blocked from the e-mail provider.

Besides via e-mail, the .SENRUS17 variant of RotorCrypt is a ransomware virus that may also be spread via other methods, such as being integrated in multiple different types of fake programs, like setups of freeware, fake game installers, fake game patches and cracks.

.SENRUS17 Files Virus – More Information

In addition to having multiple different types of methods to infect your, .SENRUS17 files virus has various functions that allow it to perform a set of malicious activities on your infected computer. These ultimately result in your files becoming encrypted.

The first set of activities which .SENRUS17 ransomware performs is to drop it’s malicious payload on your computer, after which executes it. The payload may be located in the following Windows directories:

  • %AppData%t
  • %Local%
  • %LocalLow%
  • %Roaming%

In addition to this, the ransomware virus also aims to modify the Windows Registry Editor of your computer system. To do that, .SENRUS17 file virus may add custom Windows registry values in the Run and RunOnce sub-keys, making the malware to automatically run on Windows boot:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

After doing so, the virus may also obtain administrative permissions with the purpose to run commands as an administrator on your computer in order to delete the Windows Shadow volume copies:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

.SENRUS17 Ransomware – Encryption Process

The encryption of .SENRUS17 files virus is conducted in a similar way to other RotorCrypt variants. The virus uses the RSA encryption algorithm to generate unique private and public encryption keys for the encrypted files. The types of files this virus scans for are from different types, and they are reported by researchers to have the following file extensions:

→ .1cd, .avi, .bak, .bmp, .cf, .cfu, .csv, .db, .dbf, .djvu, .doc, .docx, .dt, .elf, .epf, .erf, .exe, .flv, .geo, .gif, .grs, .jpeg, .jpg, .lgf, .lgp, .log, .mb, .mdb, .mdf, .mxl, .net, .odt, .pdf, .png, .pps, .ppt, .pptm, .pptx, .psd, .px, .rar, .raw, .st, .sql, .tif, .txt, .vob, .vrp, .xls, .xlsb, .xlsx, .xml, .zip

After the files have been detected this ransomware encrypts them and adds the “!==solve a [email protected]===.SENRUS17” file extension to them. This results in the files beginning to look like the following:

The RotorCrypt ransomware variants have all similar file extensions and this does not exclude all the previous variants, which have so far used the following extensions:

→ !-=solve a [email protected]=-.PRIVAT66
[email protected]____.ANTIDOT
[email protected]_____.rar
[email protected]______.SPG
[email protected]______.OTR
[email protected]________.pgp
[email protected]____.granit
[email protected]___.GRANIT
[email protected]_____.GRANIT
[email protected]____.c300

Remove .SENRUS17 Files Ransomware and Restore Encrypted Files

If you want to remove this ransomware infection from your computer, recommendations are to focus on removing it by following either the manual or automatic instructions below. Even though manual removal may seem like the way to go, malware researchers and security analysts often advise removing viruses, like .SENRUS17 ransomware automatically using an advanced anti-malware software. Such will make sure that all of the related files to this virus are removed from your computer automatically and your PC is protected against future infections as well.

If you are looking for methods to recover files that have been encrypted with the .SENRUS17 file extension, we recommend that you follow our alternative methods for file recovery below in step “2. Restore files encrypted by .SENRUS17 Virus”. They are specifically designed to help you recover as many files as possible without paying the ransom.

Manually delete .SENRUS17 Virus from your computer

Note! Substantial notification about the .SENRUS17 Virus threat: Manual removal of .SENRUS17 Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .SENRUS17 Virus files and objects
2.Find malicious files created by .SENRUS17 Virus on your PC

Automatically remove .SENRUS17 Virus by downloading an advanced anti-malware program

1. Remove .SENRUS17 Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .SENRUS17 Virus
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...