How to remove Bam! virus and restore encrypted files

This entry is dedicated to Bam! virus that infects customers' laptops in diverse countries of the world, and encrypts the files. In this item we've compiled full info on Bam!'s essence, and the uninstalling of Bam! from the computer. Furthermore, we'll teach you how to restore the encrypted files, if possible.

Bam! is the undesired program infecting workstations mainly through Trojans and phishing e-mails. Sometimes fraudsters use exploits to take control over the system, but they are speedily corrected. After penetration, Bam! checks the PC memory, defines the quantity of folders to be cyphered and their general price. At the moment, each modern ransomware is able to cypher text, video, image and audio files in all known extensions. Ransomware corrupts all files, but those that look like business documents go first. All programs on computer will be untouched since scammers want only information. Encryption is performed through world-known AES and RSA algorithms, and it is so complex that that decryption of information without a key is impossible. This is the ground for unbelievable success of ransomware in recent years: common user, even if he has a fairly good experience in suchlike things, won't ever be able to restore the data, and will be forced to pay the price. The single method to decrypt files is to find the scammer's site and retrieve the encryption keys. Also there's a way to withdraw these keys due to faults in viruse's program code. The corrupted files get .bam! extension. Hackers don't claim the specific ransom amount, and want their victims to contact them by email to know how much will the price of decryption.

There is one common feature for all sorts of harmful software: it's way simpler to dodge it than to neutralize its consequences. For encrypting viruses it's very important, as, unlike common viruses, after uninstalling ransomware from the computer, the effects of its doings do not vanish anywhere. You easily can minimize the chances to get ransomware by following these rules:

    • Be cautious with the messages that contain data. If you don't know the user who send the message and it tells about receiving any prize, a lost parcel or anything like that, this might be a fraud message. The #2 popular type of such messages is a forgery for biz correspondence. summaries, Bills for services and goods, lawsuits, reports and similar important information do not come accidentally, and the receiver should know the person who sent it. Otherwise, it is a scam.
    • Don't neglect the symptoms that your laptop shows. File encryption is a complicated process that needs a lot of hardware resources. When the ransomware is starting to operate, the machine slows down, and the encryption process appears in Process Manager. You might catch this event and switch off the system before information will be completely encoded. Of course, the certain amount of files will be damaged, but the rest of them will remain intact.
    • Don't accept any alterations to your system, coming from suspicious programs. If the system is infected by Bam!, it will try to delete all copies of the files, to make the decryption impossible. Anyway, deleting of copies needs admin rights and your confirmation. So, if you don't confirm changes from a suspicious program at the right moment, you will keep the opportunity to recover all lost data free of charge.

We draw your attention to the fact that the elimination of the virus is just a first and mandatory move for the normal operation of the workstation. If you remove ransomware, you won't recover the files immediately, it will demand additional measures described in the next part. In case of ransomware we do not provide the hand deletion tips, because its complexity and the probability of failing will be extremely high for average customer. We do not suggest you to uninstall the virus by hand, since it has various security mechanisms that will counteract you. The most effective ransomware protection technique is the removal of data on the chance of file restoration or virus removal attempt. This is extremely bad, and the below instruction will help you to deal with it.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Antivirus scanner

Why we recommend SpyHunter antimalware as removal tool

Removes virus fully: all files and even registry keys of malware will be deleted

Protects your system in the future

24/7 free support team

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After uninstalling Bam! from the computer, you should recover the encrypted files. We won't try to reverse the encryption, but we'll restore them via OS functionality and the additional software. There are the certain chances, but usually data restoration takes a lot of time and efforts. If you don't want to wait and are ready to get back the information manually - here's the complete article on that topic.

To restore information, follow the article about files decryption.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.