How to remove Anatova virus and restore encrypted files

Anatova ransomware virus

This page is dedicated to ransomware called Anatova that infects users' PC in different countries of the world, and encrypts their files. Here you will see information about this virus that is available today. Our article contains few removal and decryption tips.

Anatova is a new ransomware described by Valthek malware analist in twitter 16 january. On this moment most of antiviruses detects it: https://www.virustotal.com/#/file/170fb7438316f7335f34fa1a431afc1676a786f1ad9dee63d78c3f5efd3a0ac0/detection. In any case, they detect the sample that was given by malware analyst. Virus infects computers mainly through Trojans and phishing e-mails. Occasionally scammers use exploits to infect the system, but well-known software developers quickly fix them. After virus corrupted the system, it starts command prompt to encrypt important data. The last step is to destroy shadow copies of the system. The files became encrypted, but the extension or name are not changed.Virus opens ANATOVA.TXT file with next text:

All your files are crypted. Only us can decrypt your files, you need pay 10 DASH in the address:

XpRvUwSjSeHfJqLePsRfQtCKa1VMwaXh12

After the payment send us the address used to make the payment to one of these mail addresses:

This email address is being protected from spambots. You need JavaScript enabled to view it.

This email address is being protected from spambots. You need JavaScript enabled to view it.

Later wait for our reply with your decryptor. If you want can send us ONE JPG FILE ONLY max 200kb to decrypt per free before of payment.

Dont try fuck us, in this case you NEVER will recover your files. Nothing personal, only business.

Send this file untouched with your payment or/and free file!

As you can see, ransomware asks for 10 DASH. It's a new crypto currency, this sum is equivalent 700 usd.

Nowadays, any modern ransomware can cypher image, video, text and audio info in all popular extensions. Special attention is attracted to businesslike information, since representatives of business are the priority objective for criminals. All software in the system will be untouched since criminals are interested only in information. Encryption is executed via famous encryption algorithms, and its intricacy is so high that decryption of data with no key is impossible. This is the root for impressive efficiency of this kind of viruses in recent years: an ordinary customer, even if he has a fairly good experience in suchlike things, will never be able to recover the files, and will have no choice except paying to criminals. The sole method to restore the data is to hack the scam site and get the master key.

The knowledge of computers is extremely important in progressive world, as it assists user to protect the workstation from harmful programs. For encrypting software it's very important, as, unlike common viruses, when you remove ransomware from the system, the consequences of its actions won't vanish anywhere. You easily can reduce the chances to get ransomware if you'll follow these regulations:

    • Keep an eye on the state of your machine. Information encrypting is a complicated act that consumes a lot of computer resources. When the virus is starting to operate, the CPU speed decreases, and the encrypting process appears in Process Manager. You can anticipate this moment and shut down the system before data will be fully encrypted. These measures, in case of penetration, will save some of your files.
    • Closely inspect your mailbox, particularly those messages that have attached files. If this letter was sent from an unknown sender and it is about receiving any prize, a lost parcel or something similar, this could be a scam letter. You also should be attentive with business correspondence, particularly if you don't know the person who send it and not sure what's inside. lawsuits, summaries, complaints, Invoices for products and services and other sensitive information cannot be sent without warning, and you, as a minimum, should know the sender. Otherwise, it is a scam.
    • Don't accept any alterations to the PC, coming from weird software. If the computer is penetrated by Anatova, it will endeavour to delete the shadow copies of your data, to make the recovery less possible. The removal of shadow copies requires administrator rights and acceptance from the user. If you'll think for few seconds before verifying the dialogue box, it can save your information and your time.

Malware uninstalling isn't the happy end - it's only a one move on the long road before the full file recovery. To restore the files you will need to follow the instructions in the next chapter of our entry. To uninstall Anatova, you need to load the machine at safe mode and check it with antivirus software. We do not advise trying to delete Anatova manually, since it has numerous protection mechanics that could counteract you. Some malware can fully remove cyphered data, or part of it, when trying to uninstall the program. To neutralize this, follow the guide below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab

Startup

Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you made all conditions, described in above paragraph - it's time to recover the data. Actually, this is not literally decryption, since the encryption methods used by swindlers are very complicated. There are the few exceptions, but usually data restoration requires lots of time and money. If you are more interested in the manual file recovery - read this article, which shows all the safest ways.

To restore information, follow the article about files decryption.

Add comment

Security code
Refresh

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.