Trojan.Olydestroy Virus - How to Remove It and Restore Destroyed Files

Trojan.Olydestroy Virus – How to Remove It and Restore Destroyed Files

This article explains what is Trojan.Olydestroy virus and how to remove it from your computer plus how to try and restore your encrypted files.

Trojan.Olydestroy is the type of malware which is the last thing you want on your computer. The virus aims to destroy your computer completely by deleting the backups on it and prevent it from booting by stopping it’s services. The malware also does not have any symptoms to run on your PC, making it completely undetectable. This is the main reason why you should read the following article to learn how to detect this malware on your computer and remove it so that you can boot your PC once more and recover all of your files after removing this virus.

Threat Summary

TypeTrojan/File Remover
Short DescriptionThe only purpose of this malware is to delete the files on your computer and break down your Windows after stealing your files and other information.
SymptomsIf you have been successfully infected by this Trojan, you may no longer have access to your computer.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Trojan.Olydestroy


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Trojan.Olydestroy.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Trojan.Olydestroy – How Does It Infect

In order to infect your computer successfully, the Trojan.Olydestroy infection uses obfuscation tools to conceal it’s infection file from any antivirus or other protection software. The malware may be spread primarily via malicious e-mail spam messages or other forms of malspam campaigns that carry malicious web links, disguised as legitimate buttons, similar to the malicious PayPal e-mail down below, which is carefully masked to resemble a legitimate message:

In addition to this, the Trojan.Olydestroy is the type of infection which can also enter your computers by being bundled to the installers of legitimate programs or pretend to be:

  • Game or program patches, cracks and other fake licensing software.
  • Key generators or other forms of activators.

Trojan.Olydestroy – Malicious Activity

Once this Trojan has infected your computer, it’s primary purpose is to drop it’s payload files, which are it’s main malicious file and support executable files, all of which have random names and are located in the %Temp% directory:

→ %Temp%\{RANDOM} – primary executable.
%Temp%\{RANDOM} – executable tool.
%Temp%\{RANDOM}.exe – infostealer module for passowrds from browsers.
%Temp%\{RANDOM}.exe – infostealer for the computer.
%Temp%\{RANDOM}.exe – destruction file which damages your computer.

The Trojan.Olydestroy malware’s other purpose is to run a script which prevents you to recover your files. This happens by running the following commands in Windows Command Prompt as an administrator on the victimized device:

→ vssadmin.exe delete shadows /all /Quiet
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
bcdedit /set {default} recoveryenabled No
wbadmin.exe delete catalog -quiet
wevtutil.exe cl System
wevtutil.exe cl Security

Then, the Trojan.Olydestroy malware begins the actual attack on the victim’s computer. The malware first creates copies of itself in case it’s malicious file is deleted. Then, it runs the first executable which begins to collect information about your computer, such as:

  • Your IP address.
  • Windows Live Account passwords.
  • Windows Account logins.
  • IP address.
  • System Information.

Shortly after this, the malware runs the second executable, which begins to collect any saved passwords that you have on your web browser for your online accounts, like Facebook, LinkedIn, PayPal and others.

Then, the nightmare happens. Trojan.Olydestroy basically disables all of the important services on your Windows OS in order to make sure that you cannot start your computer.

Remove Trojan.Olydestroy from Your Computer

In order to detect and remove this Trojan from your computer system, we recommend that you focus on downloading an advanced anti-malware software from it. The Trojan.Olydestroy is the type of malware which aims to remain unnoticed so experts would strongly suggest to use an advanced malware detection and removal tool for Windows machines in order to make sure that this program is fully gone from your computer and it stays protected against future infections as well.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share