.SENRUS17 Files Virus – How to Remove and Restore Files (OCT 2017)

.SENRUS17 Files Virus – How to Remove and Restore Files

This article aims to help you remove .SENRUS files ransomware (RotorCrypt) from your computer and restore files that have been encrypted by it on your computer system.

New variant of the RotorCrypt ransomware viruses, known as .SENRUS17 file virus, has been reported to cause immense damage on the files of the computers it infects. Luckily this virus only encrypt the files and does not damage them permanently, meaning they cannot be opened until the victims pay a hefty ransom fee to get back the files that have been encrypted by it on their PC’s. If your PC has been infected by the .SENRUS17 files virus and you are looking for a way to remove this ransomware and restore your encrypted files without paying the ransom, we recommend you to read this article.

Threat Summary

Name.SENRUS17 Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on your computer adding a custom file extension and demands ransom payoff in BitCoin to get them back.
SymptomsThe files on the victim’s computer are encrypted with the added .SENRUS17 file extension.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .SENRUS17 Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .SENRUS17 Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.SENRUS17 Files Virus – Distribution

The infection process of this ransomware virus is conducted primarily via spammed e-mails. Such messages often aim to trick potential victims into opening the e-mail attachments on them or clicking on a malicious web link related to them where the actual infection file can be found. Here is one example of such malicious e-mail which has linked the infection file download page directly In the e-mail:

Since the actual infection file is linked via Dropbox, which is one of the biggest cloud-sharing services, the malware cannot be blocked from the e-mail provider.

Besides via e-mail, the .SENRUS17 variant of RotorCrypt is a ransomware virus that may also be spread via other methods, such as being integrated in multiple different types of fake programs, like setups of freeware, fake game installers, fake game patches and cracks.

.SENRUS17 Files Virus – More Information

In addition to having multiple different types of methods to infect your, .SENRUS17 files virus has various functions that allow it to perform a set of malicious activities on your infected computer. These ultimately result in your files becoming encrypted.

The first set of activities which .SENRUS17 ransomware performs is to drop it’s malicious payload on your computer, after which executes it. The payload may be located in the following Windows directories:

  • %AppData%t
  • %Local%
  • %LocalLow%
  • %Roaming%

In addition to this, the ransomware virus also aims to modify the Windows Registry Editor of your computer system. To do that, .SENRUS17 file virus may add custom Windows registry values in the Run and RunOnce sub-keys, making the malware to automatically run on Windows boot:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

After doing so, the virus may also obtain administrative permissions with the purpose to run commands as an administrator on your computer in order to delete the Windows Shadow volume copies:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

.SENRUS17 Ransomware – Encryption Process

The encryption of .SENRUS17 files virus is conducted in a similar way to other RotorCrypt variants. The virus uses the RSA encryption algorithm to generate unique private and public encryption keys for the encrypted files. The types of files this virus scans for are from different types, and they are reported by researchers to have the following file extensions:

→ .1cd, .avi, .bak, .bmp, .cf, .cfu, .csv, .db, .dbf, .djvu, .doc, .docx, .dt, .elf, .epf, .erf, .exe, .flv, .geo, .gif, .grs, .jpeg, .jpg, .lgf, .lgp, .log, .mb, .mdb, .mdf, .mxl, .net, .odt, .pdf, .png, .pps, .ppt, .pptm, .pptx, .psd, .px, .rar, .raw, .st, .sql, .tif, .txt, .vob, .vrp, .xls, .xlsb, .xlsx, .xml, .zip

After the files have been detected this ransomware encrypts them and adds the “!==solve a problem==stritinge@gmail.com===.SENRUS17” file extension to them. This results in the files beginning to look like the following:

The RotorCrypt ransomware variants have all similar file extensions and this does not exclude all the previous variants, which have so far used the following extensions:

→ !-=solve a problem=-=grandums@gmail.com=-.PRIVAT66

Remove .SENRUS17 Files Ransomware and Restore Encrypted Files

If you want to remove this ransomware infection from your computer, recommendations are to focus on removing it by following either the manual or automatic instructions below. Even though manual removal may seem like the way to go, malware researchers and security analysts often advise removing viruses, like .SENRUS17 ransomware automatically using an advanced anti-malware software. Such will make sure that all of the related files to this virus are removed from your computer automatically and your PC is protected against future infections as well.

If you are looking for methods to recover files that have been encrypted with the .SENRUS17 file extension, we recommend that you follow our alternative methods for file recovery below in step “2. Restore files encrypted by .SENRUS17 Virus”. They are specifically designed to help you recover as many files as possible without paying the ransom.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share