FileCoder Ransomware

FileCoder Ransomware is a serious infection that usually enters the system without a user’s permission and places a warning message on the screen. Of course, it encrypts files first, which means that you will not be able to access them. You will definitely notice that the majority of your files have been encrypted because they will be renamed and they will have the .xtbl extension. Our researchers have noticed that encrypted files usually have the following pattern: (random symbols)=(Public key/ID).xtbl. Unfortunately, it is not so easy to gain access to files, but there is no doubt that you have to remove FileCoder Ransomware first. It is not so simple to do that because this infection cannot be removed like adware or potentially unwanted applications. In other words, it cannot be erased via Control Panel. Do not worry; we understand that less experienced computer users might not know how to get rid of this ransomware infection, so we will provide all the necessary information in this article.

Researchers working at pcthreat.com have tested FileCoder Ransomware and found out that it encrypts text documents and pictures mainly. According to them, it uses the well-known XOR cipher for this matter. Therefore, there is basically no doubt that files with such extensions as .txt, .docs, .docx, .xml, .jpg, and .png will be encrypted. Of course, it might affect other files as well; however, it is known that it will not touch files with the .bmp extension because it creates its own .bmp image in order to place the warning message.

After encrypting your files, FileCoder Ransomware will change the background of your desktop. You will see a message in Russian and English claiming that “all the important files on your disks were encrypted”. Research has shown that a number or README.txt files will be added on the desktop and other folders too. If you open them, you will find the personal code there. If we believe the message, it is necessary to send the code to files11470@gmail.com or post100023@gmail.com in order to receive the instructions on the decryption. Actually, there is no point in writing an email because you will be asked to pay a particular sum of money in order to gain access to your files. You should not make any payment because it is not likely that you will get the key to unlock your files.

There is another fact that shows that FileCoder Ransomware is a serious computer infection. Our researchers have noticed that the main file of this threat, which is csrss.exe, resembles the name of the legitimate file. More experienced users can immediately find out that it is the file that belongs to malware, FileCoder Ransomware in this case, because it appears in the %ALLUSERSPROFILE% directory, whereas the legitimate file is located elsewhere. As can be seen, this ransomware infection tries to hide itself in order not to be detected and removed easily. In fact, it does not differ from other malicious applications that try to hide their presence as well.

Ransomware infections are usually spread through email attachments, so if you tend to open attachments sent by unknown senders, it is not surprising that this threat has slithered onto your computer. In some cases, users download threats themselves from untrustworthy websites or after clicking on a suspicious advertisement, so it is necessary to install a reliable security application in order to protect the system from infections. A reliable security tool will help you to prevent infections from entering the system; however, you should be very careful yourself as well if you want to be 100% sure that malware cannot enter your system. By saying “careful”, we believe that you should never open attachments if you do not know who has sent them to you. In addition, it is also very important to stop clicking on various ads which you detect on P2P and other similar websites.

The easiest way to remove FileCoder Ransomware from the system is to scan the system with the SpyHunter antimalware suite. This tool will erase all the existing infections for you; however, your files will stay encrypted. Do not worry; you can restore them easily from a backup or you can try to use one of the decryption tools available on the web. If you wonder whether it is possible to get rid of FileCoder Ransomware manually, you should know that this process is very difficult and it is suitable only for really experienced computer users. Therefore, we recommend leaving all the work for an antimalware tool.

How to get rid of FileCoder Ransomware

1. Open your browser.
2. Type in http://www.pcthreat.com/download-sph in the address bar.
3. Download SpyHunter and install it.
4. Perform the full system scan in order to remove this ransomware.