.styver Files Virus – How to Remove and Restore Encrypted Files

.styver Files Virus – How to Remove and Restore Encrypted Files

This article has been created to explain what is .styver files virus and how to remove it from your PC plus how to restore files, encrypted by it.

A new ransomware virus, going by the name .styver as the extension it uses, has been detected in the wild to compromise the computers of victims. The ransomware virus aims to encrypt the files on the PCs it has infected, making them no longer able to be opened. The malware then drops a HELP ME PLS.txt file which has ransom payoff instructions for victims to get the files back. If your files have been encrypted by the .styver files virus, we recommend that you read this article thoroughly to learn how to remove .styver files virus and restore encrypted data on your PC.

Threat Summary

Name.styver Files Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the data on the infected computer and ask for payment in cryptocurrencies to get the files decrypted once again.
SymptomsDrops a file, named HELP ME PLS.txt and files are encrypted with added .styver extension.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .styver Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .styver Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.styver Files Virus – Distribution Methods

The main method which may be used to spread this ransomware infection is believed to be via e-mail spam messages. The .styver ransomware, discovered by the researcher Michael Gillespie* https://twitter.com/demonslay335/status/968489946964267008) may come as a result of opening a malicious e-mail attachment which might as well be sent from companies, like:

  • PayPal.
  • DHL.
  • FedEx.
  • Amazon.
  • eBay.

The e-mail messages themselves may be created in a deceitful manner, pretending that the attachment is an important document of some sort, from the likes of:

  • An invoice.
  • An order receipt.
  • Banking statement.

In addition to this, there may also be another means via which the .styver files virus may infiltrate a computer system and this is if the virus file that causes the infection pretends as if it is:

  • Setup or a program.
  • Key generator.
  • License activator.
  • Crackfix.
  • Patch.

.styver Files Virus – More Information

Once infected a certain computer system, the .styver files virus may begin to drop it’s payload on the computer of the victim. The payload consists of the HELP ME PLS.txt ransom note, which has the following contents:

Hello. If you want to restore files, write me to [email protected]

In addition to this, the .styver ransomware may also check if it’s running on a virtual drive or actual machine and close itself if it’s running in a virtual environment. The malicious payoad files of the virus may be more than one and are likely in the following Windows folders:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %AppData%
  • %Roaming%

After the .styver ransomware infection has dropped it’s payload on the victim’s computer, the malware may also add registry entries in the Run or RunOnce Windows registry sub-keys in order to make it’s executables and ransom note run automatically on system login. The sub-keys have the following locations:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

After .styver ransomware has set it’s registry sub-keys to run on the computers of victims, the malware may begin to encrypt the files on the compromised computers and also may delete the shadow volume copies to eliminate any chances of restoring them via system backup. The commands to do this are the following:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

.styver Files Virus – Encryption Process

In order to encrypt the files on the infected machine, .styver ransomware may firstly scan for the following file types:

→ Documents.

The .styver ransomware may then encrypt those files on your PC, adding the .styver file suffix. After the encryption process is complete, the files can no longer be opened and contain the .styver file extension added after their name, looking like the following:

Remove .styver Files Virus and Restore Files Encrypted by It

In order to fully erase this ransomware infection, we advise you to follow the removal instructions down below. They are specifically created to help delete this ransomware threat either manually or automatically from your PC. If manual removal is not something you have done before, be advised that experts always outline that using an advanced anti-malware software is the best option to go for. Such program will make sure to scan for the .styver ransomware files and remove them automatically plus delete any other malware and secure your PC by ensuring active protection against future threats.

If you want to restore files that have been encrypted with the added .styver file extension, we recommend that you follow the file recovery instructions in step ‘2. Restore files encrypted by ,styver Files Virus’. They may not be 100% effective, but may help you to recover as many files as possible without actually having to pay for the decryption to the cyber-criminals behind this infection.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share