Traveling through different cities and villages, a person willy-nilly encounters surprises that can be both pleasant and provoking increased discomfort, severe grief.
The same emotions can await a user who is fond of "traveling" on the Internet. Although sometimes unpleasant surprises fly on their own to e-mail in the form of threatening letters, documents that users want to read as soon as possible, thereby falling into the networks of scammers.
On the Internet, you can encounter an incredible number of viruses programmed to perform multiple negative tasks on your computer, so it is important to learn to distinguish between safe links for downloading files and documents and bypass those that are a clear danger to your computer.
If you have become one of those unfortunates who had to experience the negative consequences of the intervention of a virus, you will not doubt that it is useful to collect and subsequently organize information on how to prevent infection of a computer.
Viruses appeared as soon as computer technology appeared. Every year there are more and more varieties of viruses, so it is easy for the user to destroy only the virus carrier that has long been known, and a 100% method of its destruction has been found.
It is much more difficult for a user to “fight” against virus carriers that just appear on the network or are accompanied by full-scale destructive actions.
In a situation where a virus has encrypted files on a computer, what to do for many is a key issue. If these are amateur photos, which you also don’t want to come to terms with the loss, you can look for ways to solve the problem over a long period of time. However, if a virus has encrypted files that are essential for business, the desire to figure out what to do becomes incredibly large, and besides, you want to take action quickly enough.
If system protection was enabled on your computer in advance, then even in cases where an “uninvited encryptor guest” has already managed to take care of you, you will still be able to recover documents, knowing what to do in this case.
The system will help you restore documents using their shadow copies. Of course, the Trojan also directs its efforts to eliminate such copies, but viruses do not always succeed in such manipulations, since they do not have administrative rights.
So, restoring a document using its previous copy is easy. To do this, you right-click on the file that turned out to be damaged. Select "Properties" from the menu that appears. A window will appear on your PC screen, in which there will be four tabs, you need to go to the last tab "Previous Versions".
In the window below, all available shadow copies of the document will be listed, you just have to choose the option that is most suitable for you, then click on the "Restore" button.
Unfortunately, such an "ambulance" cannot be applied on a computer where system protection was not enabled in advance. For this reason, we recommend that you turn it on in advance, so that later you don’t “bite your elbows”, reproaching yourself with obvious disobedience.
Enabling system protection on a computer is also easy, it will not take you much time. Therefore, drive away your laziness, stubbornness and help your computer become less vulnerable to Trojans.
Right-click on the "Computer" icon, select "Properties". On the left side of the window that opens, there will be a list in which find the line "System Protection", click on it.
Now a window will open again, in which you will be prompted to select a disk. With the local drive "C" highlighted, click the "Configure" button.
Now a window will open offering recovery options. You need to agree with the first option, which involves restoring system settings and previous versions of documents. Finally, click the traditional "Ok" button.
If you have done all these manipulations in advance, then even if a Trojan visits your computer and encrypts files, you will have excellent predictions for the recovery of important information.
At least you won't panic when you discover that all the files on your computer are encrypted, in which case you will already know exactly what to do.
Many antivirus companies do not leave users alone with the problem when viruses encrypt documents. Kaspersky Lab and Doctor Web have developed special utilities to help eliminate such problematic situations.
So, if you find terrible traces of a ransomware visit, try using the Kaspersky RectorDecryptor utility.
Run the utility on the computer, specify the path to the file that was encrypted. It is not difficult to understand what the utility should do directly. She is trying to find the key to decrypt the file by sorting through multiple options. Unfortunately, such an operation can be very lengthy and not suitable for many users in terms of time frame.
In particular, it may happen that it takes about 120 days to select the correct key. At the same time, you must understand that it is not recommended to interrupt the decryption process, so you cannot turn off the computer either.
These utilities are aimed at the results of the malicious activities of other ransomware Trojans. In particular, the Ransomware Decryptor utility is still unknown to many, since it is aimed at combating CoinVault, which is only now beginning to attack the Internet and infiltrate users' computers.
The developers of Doctor Web are not idle either, so they present their utilities to users, with the help of which they can also try to recover encrypted documents on a computer.
Create any folder on drive C, come up with a simple name for it. In this folder, unzip the utility downloaded from the official website of the company.
Now you can use it for a practical solution to the problem. To do this, run the command line, type "cd c:\XXX" in it, where instead of XXX write the name of the folder in which you placed the utility.
Instead of "myfiles", the name of the folder in which the damaged documents are located should be spelled out.
Now the utility will start and the treatment process will begin, after successful completion you will find a report that will indicate what was recovered. By the way, the program does not delete encrypted files, but simply saves the restored version next to them.
Unfortunately, even this Doctor Web utility cannot be considered by you as a magic wand, it also cannot do everything.
What to do in case of infection, many may have already figured out, but experienced users recommend getting information on what to do is categorically not recommended so as not to provoke more serious consequences when the chances of recovering documents will be equal to zero.
You cannot reinstall the operating system on the computer. In this case, you may be able to eliminate the pest, but you definitely won’t be able to return the documents to working condition.
You can not run programs responsible for cleaning the registry, deleting temporary files on the computer.
It is not recommended to do anti-virus scanning, during which infected documents can simply be deleted. If you are a little stupid and start your antivirus in a panic, then at least make sure that all infected files are not deleted, but simply quarantined.
If you are an advanced user, you can interrupt the encryption process on your computer until it has spread to all files and documents. To do this, start the "Task Manager" and stop the process. An inexperienced user is unlikely to be able to figure out which process is related to the virus.
It is useful to disconnect the computer from the Internet. If this connection is broken, the process of encrypting files and documents on the computer is also interrupted in most cases.
So, knowing perfectly well what to do when a ransomware trojan visit is detected, you can take steps that are hopeful of success. In addition, having received information on how to decrypt files encrypted by a virus, you can try to fix the problem yourself and prevent it from reappearing.
