.skeleton Files Virus – How to Remove and Restore Files
THREAT REMOVAL

.skeleton Files Virus – How to Remove and Restore Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by .skeleton Virus and other threats.
Threats such as .skeleton Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article has been created in order to help you by showing you how to remove the new version of Blind ransomware and how to restore .skeleton files, encrypted by it without paying the actual ransom.

New version of Blind ransomware, reported to encrypt the files on the infected computers by it after which leave them with the .skeleton file extension and add a ransom note, named How_Decrypt_Files.txt. It’s purpose is to get the victims whose files have been encoded to pay a hefty ransom fee in order to get the crooks to decrypt the files. If your computer has been infected by the .skeleton files virus, we advise you to read this article and learn how to remove the .skeleton file ransomware and how to restore files, encrypted by it on your PC.

Threat Summary

Name.skeleton Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computers infected by it after which aims to extort the victim to make a payoff.
SymptomsLeaves behind the .skeleton file extension. Drops a ransom note, called How_Decrypt_Files.txt, containing ransom payoff instructions in it.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .skeleton Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .skeleton Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.skeleton Files Virus – How Does It Spread

For it to be widespread, the .skeleton files virus may come in many different forms. The main method by which your computer could become infected by this virus is if you open a malicious spam e-mail attachment that is embedded on a spammed e-mail. Such attachments often pose as legitimate files, like:

  • Invoices.
  • Fake receipts.
  • Fake order confirmations.
  • Banking statements.

In addition to this, the e-mails themselves are carefully written to seem legitimate, for example:

In addition to the malicious e-mails, the files spread by this virus may also pose as legitimate setups, key generators, software license activators and other types of fake files.

.skeleton Files Virus – Activity

When the .skeleton files virus has infected your computer, you will most certainly notice it, since this ransomware aims to make sure it’s presence is known. The .skeleton files virus drops it’s payload data upon infection in the following Windows folders:

  • %AppData%
  • %Local%
  • %Roaming%
  • %Temp%
  • %LocalLow%

After the malicious files of this ransomware infection have already been dropped on the victim’s computer, the malware may modify the Windows Registry Editor of your computer by adding registry values in the following Windows Registry sub-keys:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

After having done this, the .skeleton ransomware may also perform other malicious activities on the computers of victims, like delete the shadow volume copies by executing a script that runs the bcedit and vssadmin commands as an administrator in the background:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

Among the activities off the .skeleton files virus is to also drop it’s ransom note, which is named How_Decrypt_Files.txt and has the following message:

Hello !
All your files have been encrypted !
If you want restore your files write on email – [email protected]
In the subject write

Once the malware has dropped it’s ransom note, it may also touch system files of Windows and may create mutexes as well.

.skeleton Ransomware – Encryption Process

Since it’s a variation of the Blind ransomware infection, the .skeleton files virus scans for the following documents, audio files, videos and other data on the computers infected by it:

→ .1c, .3fr, .accdb, .ai, .arw, .bac, .bay, .bmp, .cdr, .cer, .cfg, .config, .cr2, .crt, .crw, .css, .csv, .db, .dbf, .dcr, .der, .dng, .doc, .docm, .docx, .dwg, .dxf, .dxg, .eps, .erf, .gif, .htm, .html, .indd, .iso, .jpe, .jpeg, .jpg, .kdc, .lnk, .mdb, .mdf, .mef, .mk, .mp3, .mp4, .mrw, .nef, .nrw, .odb, .ode, .odm, .odp, .ods, .odt, .orf, .p12, .p7b, .p7c, .pdd, .pdf, .pef, .pem, .pfx, .php, .png, .ppt, .pptm, .pptx, .psd, .pst, .ptx, .r3d, .rar, .raw, .rtf, .rw2, .rwl, .sql, .sr2, .srf, .srw, .tif, .wb2, .wma, .wpd, .wps, .x3f, .xlk, .xls, .xlsb, .xlsm, .xlsx, .zip

After encrypting the victims files, the virus adds behind the .skeleton file extension to them, making them look like the following:

Remove .skeleton Files Virus and Restore Data

In order to remove this ransomware infection we recommend that you follow the removal instructions down below. They are divided in manual or automatic so that they help you isolate the .skeleton files virus and then remove it. If manual removal does not work for you or you feel unsure how to do it, security experts strongly recommend that you download and advanced anti-malware software which will help you to automatically remove all the malicious files of this virus and protect your computer against future infections as well.

Be advised, that if you want to restore files, encrypted by the .skeleton ransomware, you can try and use the alternative methods for file recovery below in step “2. Restore files, encrypted by .skeleton Virus”. They are specifically created in order to best assist you into recovering as many files as possible without having to pay the ransom, but they are no guarantee of 100% success, so make a backup beforehand.

Note! Your computer system may be affected by .skeleton Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as .skeleton Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove .skeleton Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove .skeleton Virus files and objects
2. Find files created by .skeleton Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by .skeleton Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...