Healforyou Virus - How to remove

You have probably heard of notorious Globeimposter ransomware virus. There were two versions of this infection – Globe Imposter and Globeimposter 2.0. Well, it seems like we are facing a third, updated version of the original Globeimposter.

Most of the features are really similar and it might look like Healforyou hasn’t delivered any new features, but they obviously use other contact information and extension to mark locked files. In fact, it’s not even clear whether developers of those viruses are the same. It might be that some crooks just “borrowed” the structure and code of Globe Imposter ransomware viruses and adapted it to Healforyou infection.

Nevertheless, this virus is really dangerous and can put you in a world of pain. If Healforyou infection finds a way into your computer, it will automatically lock (encrypt) most or all of your personal files, so you will be no longer able to use them. However, they won’t touch systemic files, thus your operating system will be running just fine.

If you were attacked by Healforyou or you just want to learn more about this lethal infection – please continue reading the article. We will inform you about the most notorious features of this virus and effective methods that can be helpful to remove the infection itself.

How Healforyou Virus Operates

So as we have mentioned before, Healforyou is a crypto virus that will demand a ransom in exchange for your files. It employs strong, military-grade cryptography to change the structure of your personal files stored on the hard drive. Unfortunately, Healforyou is capable of encrypting almost all file types, including but not limited to photos, text documents, audio/video files and so on.

Once that structure is changed, you won’t be able to use your files anymore. However, your files won’t be deleted or damaged for good – if the encryption process is reversed, they will be good to go once again.

Now you are probably wondering how to reverse the encryption process? Well, a decryptor is needed to do that. Unfortunately, one universal decryptor for all ransomware infections doesn’t exist. To perform the decryption, you will have to have a unique ’decryption, which is stored in a remote server controlled by cyber criminals. Eventually, the only way to get it is to contact them, pay the ransom and hope that they will keep their word and send you the key.

Cyber criminals behind Healforyou virus don’t disclose how much you will have to pay in order to receive the key. However, they provide you with the information on how the process should be executed in a ransom note. It goes like this:

YOUR PERSONAL ID
–

ENGLISH
ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED.
The only method of recovering files is to purchase an unique private decryptor.
Only we can give you this decryptor and only we can recover your files.
For fast data recovery and vulnerability removal, contact us by e-mail:
[email protected]
[email protected]

We guarantee full recovery after payment. To confirm the ability to return files, we decrypt one file for free. Attach to your email 1 test file. In the letter include your personal ID (look at the beginning of this document).

We will give you the decrypted file and assign the price for decryption all files.

After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions.

Attention!
Only [email protected] or [email protected] can decrypt your files.
Do not attempt to remove the program or run the anti-virus tools.
Attempts to self-decrypting files will result in the loss of your data.
Modify encrypted files will result in the loss of your data.
Decoders other users are not compatible with your data, because each encryption key unique and will result in the loss of your data.

There are two email addresses – [email protected] and [email protected]. You are asked to send them a letter with one encrypted file attached, so they can decrypt it and prove that they have the technology to reverse the process. Also, they will provide you with further instructions.

We highly recommend not to do that. There are other ways to solve this problem and you should go for them. We have analyzed various ransomware viruses similar to this one, such as .adobee ransomware, Tfudeq, or Rumba virus, and there are always better ways to do it than paying a ransom.

How Healforyou Managed To Infect Your System

There are various ways to distribute ransomware like Healforyou. The most popular one – spam emails. Executive files of Healforyou are attached to well-crafted emails and it’s enough to simply open the attachment to get infected. That leads to a conclusion – try avoiding emails from spam folder, especially if they feature some kind of attached files.

Obviously, it would be best to protect your computer with special software that is designed to fight against ransomware. Programs like Malware Fighter or Restoro can stop ransomware infections on the go. You should not forget that ransomware viruses are capable of infecting not only computers with Windows operating systems but Mac systems as well. In this case, we recommend protecting your computer with Combo Cleaner. It is also a great tool to remove various junk files that are generated over time.

How To Get Rid of Healforyou

Removal of Healforyou itself is not that difficult – you simply need to scan your computer with Spyhunter. Either one of those programs should immediately detect and eliminate the virus from your computer.

Unfortunately, removing the virus is not enough – it won’t unlock your files. To do that, you need to perform a system restore. In case you need some further guidance, please take a look at the instructions below or contact us in the comments section.

Automatic Malware removal tools

How to recover Healforyou Virus encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP

• Start → Shutdown → Restart → OK.
• Press F8 key repeatedly until Advanced Boot Options window appears.
• Choose Safe Mode with Command Prompt.

for Windows 8 / 10

• Press Power at Windows login screen. Then press and hold Shift key and click Restart.
• Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
• When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.

 

2.Restore System files and settings.

• When Command Prompt mode loads, enter cd restore and press Enter.
• Then enter rstrui.exe and press Enter again.
• Click “Next” in the windows that appeared.
• Select one of the Restore Points that are available before Healforyou Virus has infiltrated to your system and then click “Next”.
• To start System restore click “Yes”.

 

Step 2. Complete removal of Healforyou Virus

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Healforyou Virus. You can check other tools here.  

Step 3. Restore Healforyou Virus affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Healforyou Virus tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.

b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.

Step 4. Use Data Recovery programs to recover Healforyou Virus encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

• We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
• Download a data recovery program.
• Install and scan for recently deleted files.

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.