Home » Trojans » Alex.vlasov@aol.com Ransomware

Alex.vlasov@aol.com Ransomware Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 1272
Category: Trojans

We have recently received a sample of a ransomware-type application known as Alex.vlasov@aol.com Ransomware. Its objective is to encrypt most of the files located on your PC’s hard drive and demand that you pay a ransom for the decryption tool necessary to get them back. However, you should consider removing it because there is no guarantee that its developers will keep their word and give you the decryptor. We have tested this malicious application and, in this article, we will provide you with all of the information that we have managed to extract.

We purposefully infected one of our test computers with this ransomware several times, and we found that it can drop its malicious executable in %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs, %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs, %USERPROFILE%\Microsoft\Windows\Start Menu\Programs, %APPDATA%\Microsoft\Windows\Start Menu\Programs, %ALLUSERSPROFILE%\Start Menu\Programs or %APPDATA%. The location where its dropper file places the randomly executable varies with each case. The main executable’s name can vary in length and symbol arrangement, so the name does not make sense. Furthermore, it can use uppercase and lowercase letters, so you should be able to identify it without having an issue.

Alex.vlasov@aol.com Ransomware does not lock the screen, but encrypts the files only. It uses the RSA-2048-bit algorithm to encrypt them. This algorithm is quite strong, and there is no way to decrypt the files that have been encrypted by this particular ransomware. It is set to encrypt hundreds of file formats such as image, video, and audio files, as well as documents and executables. Therefore, you will be unable to access your personal files or launch most of the applications present on your PC. This ransomware adds the .id-78684129.{alex.vlasov@aol.com}.xtbl extension to all encrypted files which is an indication that they have been encrypted. Once the encryption process is complete, it will change the desktop wallpaper with an image named How to decrypt your files.jpg and drop a file named How to decrypt your files.txt on the desktop, but it can also drop it in each folder where a file was encrypted. These files are ransom notes, but all they say is that you need to contact “technical support” which is a fancy way of saying that you need to contact the cyber crooks that got your PC infected with this ransomware.

We do not know how much money the criminals want you to pay in exchange for the decryptor, but we have found that this ransomware’s developer have also created Saraswati Ransomware that demands that you pay up to 3 BTC which is an approximate $1412 USD. Therefore, we believe Alex.vlasov@aol.com Ransomware should also demand a similar sum of money which is a lot. Also, this ransomware is similar to Redshitline Ransomware, and Green_ray Ransomware. All of these extensions come from the same developers based somewhere in India.

We have found that, like its predecessors, Alex.vlasov@aol.com Ransomware is disseminated using email spam. We think that its developers have set up a server dedicated to sending email spam that contains an attachment that serves as the dropper file that injects the main executable in one of the locations mentioned above. The email spam can masquerade as legitimate business correspondence, invoices, receipts and tax return forms, so you can be tricked into opening the malicious attachment.

In closing, Alex.vlasov@aol.com Ransomware is the type of program that can enter your computer without your knowledge or consent via email spam. So if you got it on your computer, then we recommend that you remove it using the instructions provided below. However, if you have trouble identifying its locations, then we suggest using SpyHunter, our featured anti-malware scanner which is capable of detecting and eradicating this ransomware in its entirety.

Removal Instructions

  1. Press the Windows+E keys.
  2. Enter each of the following file paths in the File Explorer’s address box.
    • %APPDATA%
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs
    • %ALLUSERSPROFILE%\Start Menu\Programs
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs
  3. Find and delete the randomly named executable.
  4. Then, press Windows+R.
  5. Type regedit in the dialog box and click OK.
  6. Go to go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  7. Identify and delete the string that features the Value data C:\Users\user\AppData\Roaming\randomlynamed.exe
  8. Navigate to HKCU\Control Panel\Desktop and Delete the string named Wallpaper.
  9. Then, go to KCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers
  10. Find and delete BackgroundHistoryPath0
Download Remover for Alex.vlasov@aol.com Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *