AutoTron virus - How to remove

AutoTron ransomware has been noticed targeting victims the past whole month of April 2018. The working principle of this crypto-extortionist is the same as any other ransom demanding virus: it enters the computer without your consent, encrypts your most valuable files, appends .TRON extension to the affected files’ names and asks for a certain amount of money in cryptocurrency for the decryption key. But there is one interesting feature about this threat that slightly differs him from the others. If you’d like to find out keep reading this article.

Distribution and working principles of the AutoTron virus

AutoTron crypto-infection targets mostly English-speaking internet users and spreads the most common way – through infected spam email attachments. These emails provide false officially-looking information, suggesting the victim to open the attached file, which later appears to be a virus. Yet the distribution is not limited to emails only and can be done via infected update bundles, downloaded files and torrents from unauthorized websites, exploits, unprotected RDP configurations, web injections.

When the downloaded AutoTron virus launches, ransomware quickly overcomes computer’s security through vulnerability loopholes and gets into the registry trying to create persistence, reloading every time you restart your system. At the same time, this threat copies itself into the file directories which allow AutoTron crypto-infection to search for encryption-suitable files and to drop the visible ransom note for the victim to read. And here’s what so unique about AutoTron ransomware. It targets only files that are less than 15728640 bytes (15,7MB) and only in certain directories, which makes it harder for the user to see how many and what files are encrypted, unlike the other ransomware variants. The victim has to go through all folders to see which files were locked with the .TRON extension and which ones are good to use. Nevertheless, AutoTron still targets mostly personal files, so the victim would be more motivated to pay the ransom.

Once the files are coded with difficult algorithms AutoTron displays the ransom note:

What Happened to My Computer?
Your important files are encrypted.
Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recovery your files, but do not waste your time. Nobody can recover your files without our decryption service.
Can i Recover my Files ?
Sure, We guarantee that you can recover all your files safely and easily. But you have not so enough time.
You have only have 10 days to submit the payment. Also, if you don’t pay in 10 days, you won’t be able to recover your files forever.
How Do I pay?
Payment is accepted in bitcoin only. For more information. Please check the current price of bitcoin and buy some bitcoins.
And send the correct amount to the address specified in the window.
After your payment you need to write to us on mail ( [email protected] )
We will decrypt your files.
We strongly recommend you to not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!
To unlock the computer, you must transfer the bitcoins to this address: ……….
to contact us, write here: [email protected]
For buy bitcoins, i can advise
Website: localbitcoins.com
Website: www.bestchange.com
The essence of the work through the exchangers is very simple: Choose what currency to change.
Then what currency you want to ( in our case – want to receive bitcoins )
Indicate the requisites of your wallet pay and a few minutes receive bitcoins to your wallet.
if you do not understand, you can watch the video how to exchange your money for bitcoin…….

You must remember, that cyber crooks will write anything to get money from you and ransom amount can fluctuate from a few hundred to thousands of dollars, therefore there is no point in paying hackers because you can also never be sure if they will keep their word, instead of taking your money and leaving your files still locked.

On the contrary, report this cybercrime to FBI’s Internet Crime Complaint Centre and read the following section, which may help remove this malicious infection without spending a dime.

Removal of AutoTron ransomware

Regardless of targeting only files that are no larger than approximately 16MB, AutoTron virus removal process is exactly the same as any other ransomware’s infection, e.g. Assembly, TripleM, RansomAES, and others. Since there is no decryption tool specifically for AutoTron virus (you can, of course, try the other decrypting software from the internet), there is no guarantee that your files will get unlocked, yet it is essential to make following steps to at least restore part of your system’s safety and protect it from other malicious infections.

As some sources suggest, in order to remove AutoTron ransomeware manually you can try searching for files that were opened during the infection in the ‘Desktop’ or ‘Downloads’ directories then deleting them together with the ransom note file, but in reality you won’t probably be able to gather all problem causing files, nor easily remove them. What is more, one threat ‘doesn’t walk alone’ and you probably have more than one virus in your PC.  The most optional, 2-viruses team recommended AutoTron ransomware elimination method is with a help of anti-spyware tools, preferably Malwarebytes and Spyhunter. Despite malware removal programs not yet having the decryption option, they are really proficient at detecting computer bothering threats and deleting them, additionally, they can help to restore some corrupted files. If methods above doesn’t seem to work or only work partially, leaving your files encrypted, you can try rebooting your system from the backups.

Lastly, don’t forget to clean your portable devices that were connected to the computer right before and during AutoTron’s infection. This ransomware is persistent, intrusive and has a capability of spreading to not just PC, but any device which permits access to the files, therefore the documents, pictures and etc. in your USBs, media devices, and external hard drives may also be encrypted and ready to spread AutoTron back to your PC once connected.

Automatic Malware removal tools