[KB7079] Clean a Filecoder.AE infection using the ESET Filecoder.AE cleaner


  • Your ESET product detected a Win32/Filecoder.AE infection
  • Decrypt specific variants of your files using the decoder.exe tool
  • Your personal files have become encrypted
  • Users are told they have to send information or a certain amount of money via Onpay.ru payment service
  • You receive the following message on your computer:


In order to run the decoder, you have to manually find two files (config.cfg and account.cfg) created as a side effect of this malware.
  1. Download the decryptor tool and save the file to your Desktop.

  2. Unzip the file and copy decoder.exe to your Desktop.
  3. Ensure that you have copied config.cfg and account.cfg to your Desktop.
  4. Create a new folder on your Desktop and name it Encrypted. Copy (do not move) the encrypted files you want to decrypt to this folder.
  5. Click StartAll Programs Accessories, right-click Command prompt and then select Run as administrator from the context menu.
    • Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
  6. Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username; type the command exactly as shown) and then press Enter.
  7. Type decoder.exe Encrypted and press Enter to scan the folder drive.
  8. The decryptor tool has run successfully when the "Decoding 100%" or "Done" message is displayed.

Figure 1-2


Open decoder_log.txt on your Desktop if you need to troubleshoot execution of the cleaner.

  1. If decryption was successful, type decoder.exe C: to decrypt all infected files on your C drive. To scan a different location, replace C: with the applicable path.


Need Assistance in North America?

If you are a North American ESET customer and need assistance, visit helpus.eset.com to chat with a live technician, view product documentation or schedule a consultation with an ESET Home Advisor.