I have a cold forensic image of a computer that got infected with Ransomware. From what I can find with Google, this was probably TeslaCrypt/AlphaCrypt. Encrypted files have extension .CCC and folders have the _how_recover_???.txt and .html files....
What is .CCC Extension?
If your files become unreadable and end up with a .ccc extension, your computer is infected by a new variant of TeslaCrypt ransomware. This ransomware has ability to encrypt the important files in the infected machines. Any files that are encrypted with the newer variant of TeslaCrypt will have the .exx, .xyz, .zzz, .aaa, .abc, .ccc or .vvv extension appended to the end of the filename.
.CCC Extension (TeslaCrypt) is often distributed via spam emails and torrent files. You should avoid download attachments from suspected emails and files from unreliable resources. Once infected, this ransomware will encrypt all your important files and ask you to pay for the ransom. However, paying the ransom cannot help solve the fundamental problem. You should follow the guide below to completely get rid of them.
How to Get Rid of .CCC Extension (TeslaCrypt) Completely & Safely?
Method 1: Remove .CCC Extension (TeslaCrypt) Step by Step
Method 2: Get Rid of .CCC Extension (TeslaCrypt) with SpyHunter
Method 1: Remove.CCC Extension (TeslaCrypt) Step by Step
Step 1: Reboot your PC into Safe Mode with Networking
Restart your computer and keep pressing F8. Select Safe Mode with Networking by using the up and down arrow key in your keyboard.
Step 2: Delete suspicious or malicious process related to .CCC Extension (TeslaCrypt).
Step 3: Remove suspected programs from Control Panel.
Press Win & R on your keyboard to open Run. Type in "control" to open control panel and then select Uninstall a program/Program and Features. Search PUP/Malware from the list and remove it.
Step 4: Show hidden folder.
Go to control panel >> Appearance and Personalization >> Folder Options
Tick "show hidden files, folders and drives" like the picture below.
Step 5: Delete from local disk.
%AppData%\<random>.exe
%CommonAppData%\<random>.exe
%temp%\<random>.exe
C:\Program Files\<random>
C:\Windows\Temp\<random>.exe
Step 6: Delete infected or additional registry entries.
Press Win & R to open Run, type in "regedit" and hit enter. Click Edit >> Find... to search unwanted keys
Method 2: Get Rid of .CCC Extension (TeslaCrypt) with SpyHunter
SpyHunter is powerful anti-spyware/malware application. It is created to help inexperience computer users to get rid of nasty and stubborn malware including adware, browser hijacker, trojan, worm and may other viruses. There are many features in SpyHunter. You will never regret to remove malware and protect your PC with this application.
You can click the icon below to get SpyHunter.
This real-time malware protection and removal tool offers free malware scanner. You can buy the removal service to get rid of all the PC threats detected by it. It has powerful features that other free antivirus cannot offer.
.CCC Extension (TeslaCrypt) can cause a lot of troubles. Usually, the manual tips above may help your get rid of it. But if you fail, you can download powerful remover to get rid of it.
ReplyDeleteAre you willing to know who your spouse really is, if your spouse is cheating just contact cybergoldenhacker he is good at hacking into cell phones,changing school grades and many more this great hacker has also worked for me and i got results of spouse whats-app messages,call logs, text messages, viber,kik, Facebook, emails. deleted text messages and many more this hacker is very fast cheap and affordable he has never disappointed me for once contact him if you have any form of hacking problem am sure he will help you THANK YOU.
contact: cybergoldenhacker at gmail dot com