1 of 3
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Slow internet connection
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Nemucod Ransomware

Nemucod Ransomware is an infection that will encrypt files you keep on your computer the first thing it enters your system. According to specialists at pcthreat.com, this threat will lock the majority of files, which means that you will not be able to access your important documents, music, and video files. The only solution you have is to delete Nemucod Ransomware and then try unlocking files. There are, of course, users who decide to pay money for cyber criminals; however, we do not recommend doing that because there are ways to decrypt files free of charge. We will talk about these methods in this report. Also, we are going to tell you how to get rid of the ransomware infection.

Ransomware infections are threats that are created by cyber criminals who have only one purpose in mind – to steal money from users. In order to make users pay money themselves, this infection encrypts all the most important files. In case of Nemucod Ransomware, it is going to lock files with such extensions as .wav, .wma, .flv, .gzip, .bz, .img, .iso, .java, .jpeg, .m3u, .sql, .vob, .bak, and .ogg. If you can recognize these extensions, you probably understand that Nemucod Ransomware is targeted at all the most important files. There is no doubt that the file is already encrypted if it has the .crypted filename extension instead of its original extension. In order to tell you what to do next, Nemucod Ransomware creates the a.txt file with instructions. You will find the explanation there and step by step instructions how to unlock files:

All your documents, photos, databases and other important personal files

were encrypted using strong RSA-1024 algorithm with a unique key.

To restore your files you have to pay 0.52985 BTC (bitcoins).

As you can see, the decryption tool is not cheap, so you should not spend your money on it, especially when you do not know that you will really get it and thus be able to decrypt your files. Fortunately, there are other ways to decrypt files. Researchers at pcthreat.com have managed to find out that the decryption tool that can unlock files free of charge can be downloaded from the web. Secondly, it is also possible to restore files from external storages.

Specialists have managed to find out that Nemucod Ransomware not only encrypts the majority of files and then asks to pay a ransom in Bitcoins, but it also downloads and installs additional malware on the user’s computer. In this case, the ransomware infection comes together with the Trojan Kovter (Poweliks). Of course, not all the versions of this infection distribute this Trojan; however, you should still not forget to check your system’s condition after you remove Nemucod Ransomware. It is extremely hard to come across a Trojan infection, so it would be best that you scan your computer with an automatic diagnostic scanner.

Nemucod Ransomware is definitely unique in a sense that it comes together with Trojan; however, there are several other unique facts about it too. For example, it has been observed that this ransomware infection keeps connecting to a bunch of servers: ujjwaljeweller.com, topikriau.com, yc4tuna.com, yingyigood.com, and xn--oi2bq3ygphw3bbzh.com. Secondly, it creates its own Values in the RUN registry to be able to start working the moment Windows OS loads up. Finally, it locks files with the key that consists of 36 characters in order to make it impossible to crack the key.

Cyber criminals create ransomware infections every day, so you might encounter another ransomware again in the future if you do not do anything about the safety of your PC. Researchers have observed that Nemucod Ransomware is spread as a .js file in spam email attachments, and it is not a unique ransomware infection in this sense because other similar threats travel the same too. Of course, they might sneak onto the computer if a user clicks on some kind of unreliable link as well. Therefore, it is highly recommended to install reputable security tool on the system. You should be very careful on the web all the time too.

You need to remove Nemucod Ransomware from your PC before you try to decrypt your files. Of course, do that only if you are sure that you are not going to pay the required ransom. We hope that instructions provided below will help you to erase the ransomware; however, you will have to take care of Trojan this ransomware installed alongside separately. The easiest and quickest way to make it disappear is to scan the system an automatic malware remover, e.g. SpyHunter.

Delete Nemucod Ransomware manually

  1. Open the Windows Explorer.
  2. Go to the %TEMP% directory.
  3. Locate these files and delete them one after the other: a0.exe, a2.exe, and a.txt.
  4. Open the Registry Editor (Windows key + R and then enter regedit into the box. Click OK).
  5. Move to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  6. Find and delete two Values: Upkfmedia and one with the random name.
  7. Empty Recycle bin.
Download Spyware Removal Tool to Remove* Nemucod Ransomware
  • Quick & tested solution for Nemucod Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.