.UselessFiles Ransomware Virus – How to Remove and Restore Data

.UselessFiles Ransomware Virus – How to Remove and Restore Data

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article has been created in order to help explain to your what is the .UselessFiles ransomware virus and how to remove this infection from your computer plus how to try and restore files, that have been encrypted by it.

A new ransomware sample was detected by MalwareHunterTeam to append the file extension .UselessFiles on the files of the computers it infects after the malware encrypts them. The virus’s primary purpose is to make sure that the files remain no longer openable, until the victim pays ransom in BitCoins. These activities may result in the victim being extorted in return for his or her files. If your computer has been infected by the .UselessFiles virus, we recommend that you read this article and learn how to remove this ransomware from your computer and how to restore the files encrypted by the virus.

Threat Summary

Name.UselessFiles virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on your computer after which extort you into paying a ransom fee to make them openable again.
SymptomsThe main symptoms of this virus are a ransom note, called “UselessFiles!” and the files encrypted with the same name as a file extension added to them.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .UselessFiles virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .UselessFiles virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.UselessFiles Ransomware – How Does It Infect

The UselessFiles ransomware may use several methods in order to infect computers.

The main method via which this ransomware virus infects the computers of victims is believed to be via spammed e-mail messages. These may contain malicious e-mail attachments and malicious web links. The e-mails can often be mistaken for legitimate ones as cyber-criminals become more and more advanced in their efforts to disguise them. They often make it seem as if the e-mails come from legitimate companies, like:

  • PayPal.
  • LinkedIn.
  • Facebook.
  • eBay.
  • Amazon.
  • DHL.
  • FedEx.

The e-mails themselves may contain files, such as malicious documents, containing macros. These look like legitimate Microsoft Word .doc types of files, but in reality their primary goal is to get the user to open them and click on “Enable Content” after which the malicious macros are triggered. In addition to this, the e-mails may also spread .SFX archives and other archived files, like .js files or .wsf and even .hta files, causing the infection via malicious scripts.

Besides via e-mails, the .UselessFiles file ransomware may also be replicated via other methods, like pretending to be a legitimate program, uploaded online. Such programs are often uploaded on third-party websites for software and they most often pretend to be:

  • Installers for software or games.
  • Patches.
  • Key generators.
  • Cracks.
  • Software License activators.

UselessFiles! Ransomware – More Information

The main idea behind the UselessFiles! Ransomware is to get the victim to pay a hefty ransom fee in order to decrypt the files for him or her. To get to it’s end goal, the virus first drops it’s malicious files. They may be of the following file types;

.exe; .htm; .hta; .vbs; .dll; .tmp;

These files may exist under different names, pretending to be legitimate programs, like Notepad or they may have completely random names. They may be detected in some of the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Temp%
  • %Roaming%

After the malicious files are dropped, the UselessFiles ransomware may begin to perform various different types of activities on the computer, which include touching system files of Windows and creating mutexes. The virus also reads system information and may check if it’s running on a virtual drive in order to self-delete and shut down to prevent security analysts from analyzing it’s code.

The UselessFiles! Ransomware may also perform other activities on the computers of victims, which may include modifying the Run and RunOnce Windows registry sub-keys by adding value strings with random data within them which aim to get the malicious files of the ransomware to run automatically when you log in Windows. The sub-keys have the following locations:


Among the malicious activities of the .UselessFiles ransomware may also be to make sure that the shadow volume copies of your computer are deleted, and to do this, it may trigger Windows Command prompt with the following commands to be executed without you even knowing it:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

Last but not least, the .UselessFiles virus also opens It’s ransom note type of file, which has the following instructions for the victims of the virus:


Ooops,your files have been encrypted!
[What Happened to My Computer?
Your important files are encrypted-
Many of your documents, photos, videos, databases and other files are no longer
accessible because they have been encrypted. Maybe you are busy looking for a
way to recover your files, but do not waste your time- Nobody can recover your
files without our decryption service-
Can I Recover My Files?
Sure- We guarantee that you can recover all your files safely and easily.
But if you want to decrypt all your files, you need to pay-
How Do I Pay?
Payment is accepted in Bitcoin only-Please check the current price of Bitcoin
and buy some bitcoins-And send the correct amount to the address specified in
this window-Once the payment is checked, you can start decrypting your files
We strongly recommend you to not remove this software, and disable your anti-
virus for a while, until you pay and the payment gets processed. If your anti-virus
gets updated and removes this software automatically, it will not be able to
recover your files even if you pay!
Send 300$ worth of bitcoin to this address:

.UselessFiles Ransomware – File Encoding

To encrypt the files on the victim’s computer, the .UselessFiles ransomware may begin to scan for often used types of objects, such as:

  • Documents.
  • Images.
  • Videos.
  • Audio files.
  • Archives.
  • Virtual drives.
  • Other often used file types.

The malware is extremely careful not to encrypt important Windows files, since this may break your OS. After encryption, the files may appear like the following:

Remove .UselessFiles Ransowmare and Restore Your Important Data

If you want to remove the .UselessFiles ransomware infection from your computer it is strongly recommended that you follow the removal instructions underneath this article. They have been created in order to best make sure that this malware is gone. If manual removal does not seem to work for you, be advised that according to security experts, the best way to remove malware, like the .UselessFiles ransomware is to do it automatically with the aid of an advanced anti-malware program. Such software has the capability of making sure that the malware is fully gone and your system is fully secure, without the need to reinstall your Windows whatsoever.

If you wish to restore the files that have been enciphered by this infection, it is strongly advisable to try the alternative methods for file recovery in step “2. Restore files encrypted by .UselessFiles Virus” underneath. They may not be 100% effective in the recovery of all the files, but may assist you in restoring as many encrypted files as possible.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share