At first, Alphabet virus was described as a screen locker without a closer relation to crypto-ransomware viruses. This first version appeared in a form of a red lock screen that prevented users from logging into their Windows. Even though the screen indicated to encrypt files, such process did not actually occur. As the creators of Alphabet virus indicate, this was a “debug version” and they even provided a key completely free-of-charge. As we can guess, this was just a practice run, which attempted to detect any glitches that might need solving. After the test, Alphabet virus did not take long to appear again, only this time in a more functional manner.
From A to Z: Alphabet virus
Alphabet virus might still be under construction and preparation. Nevertheless, victims are reporting that its improved version is currently being distributed. People explained that a screen locker blocks access to their devices and introduces itself as Alphabet virus. Hackers also informed its victims about the fact of data, stored in the device, being encrypted with the strongest encryption algorithm around. This simply means that probably a common cipher is selected to ruin data. For now, there is no information about an extension that would be appended to the data that becomes encoded with cryptography. Alphabet virus may not be acting by-the-book if it does not have an original extension. Of course, primarily, victims of this sample are going to concerned with the possible methods of getting rid of a screen locker that annoyingly refuses to allow their system to fully load. If you get infected with the trial version of Alphabet virus, you can escape the screen locker by typing: MjA0OCE8UINBS2V5VmFsdV.
There is a one specific feature that you should be aware about: Alphabet virus might be traveling disguised as an update for Windows 10. If you are downloading updates from unreliable sources, you might install something different from what promises described. It is possible that you knowingly allow Alphabet virus to become your bundle of distress. If you launch the program you download, you will be presented with a seemingly legitimate screen. It will indicate that your system is being updated. In realty, Alphabet virus, or more specifically, its payload, is going to exploit this time for other objectives. Goals of file encryption and windows registry key modification are going to be carried out during this process. It is presumable that when the update is concluded, this will mean that the necessary procedures have been successfully implemented. The screen locker might appear immediately or wait until the computer is going to be restarted.
What should be mentioned about distribution of Alphabet virus?
You might discover the payload of Alphabet virus as a torrent download or a file, promoted by unreliable file-sharing centers. Do not download software from such sources: promoted Windows versions and updates for it should be obtained from legitimate locations. In addition to that, you might receive a bizarre letter, supposedly sent by Microsoft to offer an update to your Windows 10. If such email arrives in your inbox, remember that you should not download attachments that are inside them. Spam campaigns are frequently put in motion to spread ransomware viruses: beware.
Restore files that are encoded by Alphabet virus
No matter how glad we would be to give you a promising answer about decryption of files, but we can only express guesses. We do believe that decryptor is on its way: security researchers are working non-stop to reassure that ransomware viruses get what they deserve. Every this type of infection deserves to be shoved into trash. As for the audience that have never encountered Alphabet virus and its screen locker, we remind you that you should not feel too happy or peaceful. You can get infected in the most inconvenient time. If you wish to be immune to ransomware viruses, we highly recommend keeping copies of your files in other locations besides your device. USB flash drives, backup storages are one of the best places to keep your data safe from encryption.
Reimage, Spyhunter or Malwarebytes are anti-malware tools that will provide you with maximum security from infections. Security researchers respect these products as their efficiency is undeniable. If you desire to learn more about the possibility of manually removing Alphabet virus, we advise you to continue on reading this article. Tips for decryption are also included.
- From A to Z: Alphabet virus
- What should be mentioned about distribution of Alphabet virus?
- Restore files that are encoded by Alphabet virus
- Automatic Alphabet virus removal tools
- How to recover Alphabet virus encrypted files and remove the virus
- Step 1. Restore system into last known good state using system restore
- Step 2. Complete removal of Alphabet virus
- Step 3. Restore Alphabet virus affected files using Shadow Volume Copies
- Step 4. Use Data Recovery programs to recover Alphabet virus encrypted files
- Removal guides in other languages
Automatic Alphabet virus removal tools
How to recover Alphabet virus encrypted files and remove the virus
Step 1. Restore system into last known good state using system restore
1. Reboot your computer to Safe Mode with Command Prompt:
for Windows 7 / Vista/ XP
- Start → Shutdown → Restart → OK.
- Press F8 key repeatedly until Advanced Boot Options window appears.
- Choose Safe Mode with Command Prompt.
for Windows 8 / 10
- Press Power at Windows login screen. Then press and hold Shift key and click Restart.
- Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
- When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.
2.Restore System files and settings.
- When Command Prompt mode loads, enter cd restore and press Enter.
- Then enter rstrui.exe and press Enter again.
- Click “Next” in the windows that appeared.
- Select one of the Restore Points that are available before Alphabet virus has infiltrated to your system and then click “Next”.
- To start System restore click “Yes”.
Step 2. Complete removal of Alphabet virus
After restoring your system, it is recommended to scan your computer with an anti-malware program, like Reimage and remove all malicious files related to Alphabet virus. You can check other tools here.
Step 3. Restore Alphabet virus affected files using Shadow Volume Copies
If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Alphabet virus tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so.
Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer.a) Native Windows Previous Versions
Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
b) Shadow Explorer
It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Step 4. Use Data Recovery programs to recover Alphabet virus encrypted files
There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
- We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
- Download Data Recovery Pro (commercial)
- Install and scan for recently deleted files.
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.