Being infected with a Ransomware is worse especially if you have tried all the solution available but it still did not work out that you reach the point of downloading a decryption assistant program with the hopes of restoring your encrypted files. Most users fell prey to this program called Decryption Assistant. Decryption Assistant is a ransomware that spreads in the form of a fake Flash Player Update. If the user agrees to install it, the ransomware encrypts the data stored in the computer. Decryption Assistant is a Hidden-Tear based ransomware that uses AES algorithm to encrypt files and demands the ransom by paying through Bitcoin. Bitcoin is a cryptocurrency used by almost all ransomware developers as a way for the users to pay the ransom. But what is Hidden-Tear? Hidden-Tear is an open-source malware that is used by many ransomwares in encrypting files.
This is the message displayed:
“YOUR OPERATING SYSTEM AND DATA HAS BEEN COMPROMISED
All important data including your personal pictures, music, videos, documents and many more has been encrypted. The data cannot be recovered unless a fee has been paid to decrypt them.
The private decryption key for the data has been stored on our server and will be sent to this computer once the payment is sent. Any attempt to removing this software will lead an immediate destruction to the private key.
To obtain your decryption key, you will first need a bitcoin wallet to send us the payment. You can start the process by clicking which will start the payment process.
We advise you immediately buy the bitcoins before the countdown timer drops to zero which will immediately destroy your private key.
Time Remaining
Private Key Destruction in
[COUNTDOWN 1 HOUR]”
Moving on, Decryption Assistant was analyzed by experts and found out that it is still an underdeveloped ransomware. Meaning, you are still lucky because it does not really encrypt your files unlike what it claimed, so don’t waste your time trying to find a decryption key. So you have to use this opportunity in getting rid of this pretentious ransomware before it is updated and fixed by cyber criminals. Once this ransomware is fully-developed, it will encrypt files with these filename extensions as soon as it enters your computer system, .mdb, .odt, .ppt, .pptx, .psd, .sql, .txt, .xlsx, .xml, and many more. All of these files extension will be added with .pwned right next to the original file extension.
Decryption Assistant Ransomware is not that famous since it is barely developed so it is not actively distributed by hackers. According to experts, its distribution methods do not differ to the other ransomware distribution methods like attachments in spam emails and software bundles. They also stated that this ransomware might be available on file-sharing websites.
File encryption is not in itself a malicious process, but it is taken advantage by most cyber criminals to obtain money from their victims using tricks like ransomware. So you got to have a reputable anti spyware installed in your computer like the SpyRemover Pro.
Steps in Removing Decryption Assistant:
Step 1: Restart your computer into Safe Mode.
Step 2: Open the Processes tab under the Windows Task Manager by Pressing Ctrl + Shift + Esc.
Look for Decryption Assistant or any suspicious processes. Right-click on them and select Open File Location then scan them using any up-to-date antivirus. After opening each folder, end the infected processes and delete their folders.
Step 3: Press the Start button+R, then copy+paste: notepad %windir%/system32/Drivers/etc/hosts. Then click OK.
After that, click the Windows button located at the lower-left corner on your screen and type msconfig on the search box and this window below will show up:
Go to the Startup tab and unmark entries which have an unknown manufacturer.
Step 4: Click the Windows button again and type Regedit and hit Enter. Once opened, press Ctrl + F at the same time and type Decryption Assistant.
Look for Decryption Assistant in the registries and delete the entries, but be careful though, deleting the wrong registry might affect your computer.
Type all of these in the search box after clicking the Windows button.
-
%AppData%
-
%LocalAppData%
-
%ProgramData%
-
%WinDir%
-
%Temp%
Erase everything on the Temp folder.