Eternity virus - How to remove

Eternity virus goes under the category of  one of the most lethal computer viruses – ransomware. If it manages to get inside of your system, most of the personal files stored there will be locked by using encryption methods and a ransom will be demanded.

Regardless the fact that ransomware is well-known computer virus (we have analysed hundreds of similar cases), new infections are released everyday. This week alone we already informed our readers about File Spider and Cryp70n1c ransomware viruses and it’s only Tuesday! It’s the most active type of malware and the market of ransomware is only rising. As reported by Sophos, ransomware will remain the most popular malware infection online in 2018 as well, so even if you are not infected right now, it would be useful to read this article and learn how ransomware is distributed – so you would know to watch out for.

Eternity virus remove

Obviously, the main distribution channel for all malware, including ransomware is spam emails. Eternity ransomware virus is most likely to come as an attachment to the email letter. Most of the time those emails end up in the spam category, because mail providers are filtering and all incomings letters. Nevertheless, some users manage to open emails from spam section and even download attached files. Once this is done, it’s game over – the virus is installed automatically.

If malicious files of Eternity ransomware is inside of your computer, you can’t really go back and avoid consequences. The same goes to other ransomware infections of this type. Unless you have a real-time anti-malware security installed on your computer. We recommend to use either Spyhunter. Either one of those programs will ensure that your computer is safe against ransomware and other types of malware infections.

Now, in case it’s too late for prevention and your computer is already infected, Eternity virus will scan all files stored on a hard drive and will add an extension “.eternity”. That’s where the name of this infection came from. This extension means that files are encrypted and no longer eligible for usage. Immediately after that you will notice that your normal desktop wallpaper is set to a lockscreen with a following message:

AlL yOuR fIlEs HaVe BeEn EnCrYpTeD bY eTeRnItY RaNsOmWaRe
yOu aRe uNdEr cOnTrOl oF EtErNiTy rAnSoMwArE
AlL YoUr vIdEoS, pHoToS, dAtAbAsEs aNd iMpOrTaNt fIlEs
hAvE BeEn eNcRyPtEd bY A StRoNg eNcRyPtIoN MeThOd.
If yOu nEeD ThE DeCrYpTiOn kEy tO DeCrYpT YoUr fIlEs
pAy $1000 tO ThE FoLlOwInG BiTcOiN AdDrEsS.
BTC Address – 3a6dd5ad74e5sdsd25as656w4
Contact US For More Details
Enter Your Decryption Key Here and Click On the Skull to Decrypt Your Files…
[ … ]

As you can see, it’s an offer to purchase a special decryption key that would allow to unlock all of your files. Those keys are unique – assigned to every computer separately after the infection and stored on the remote server that can be accessed only by cyber criminals behind this ransomware. This “service” will cost you a thousand dollars and even if it is rather small amount for your personal files, we do not recommend to pay it. As a matter of fact, we don’t even recommend to contact cyber criminals because there are chances you will be simply scammed. Instead of that – look for reliable cyber security solutions that will solve your problem for a much lower price.

Decryption tools for Eternity ransomware

After examination of Eternity virus code, it seems like it is built on the same framework as ransomware viruses from “Stupid” family. Other infections from this family, like JeepersCrypt or Rijndael ransomware also encrypted files this way. Fortunately, a successful decryptor was developed – StupidDecryptor (click on the hyperlink and the download will start automatically). Even though we do not guarantee that it will work with Eternity ransomware, it’s definitely worth to give it a try – this tool is completely free. As an alternative method for retrieving locked files is to restore them from a backup. You can find instructions how to do that below this article.

You should also make sure that malicious files associated to Eternity virus are no longer operating on your computer. Again, anti-malware software mentioned before can do that – simply scan your computer with one of them and virus itself will be removed automatically.

How to recover Eternity virus encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:


for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode
 

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again.CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before Eternity virus has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3
 

Step 2. Complete removal of Eternity virus

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Eternity virus. You can check other tools here.  

Step 3. Restore Eternity virus affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Eternity virus tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
Previous version
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover Eternity virus encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download a data recovery program.
  • Install and scan for recently deleted files. Data Recovery Pro
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.

Manual removal

Leave a Reply

Your email address will not be published. Required fields are marked *