• Your ESET product detected a Win32/Filecoder.AE infection
   
• Decrypt specific variants of your files using the decoder.exe tool
   
• Your personal files have become encrypted
   
• Users are told they have to send information or a certain amount of money via Onpay.ru payment service
   
• You receive the following message on your computer:

1. Download the decryptor tool and save the file to your Desktop.
   
   ESETFilecoderAEcleaner.zip
    
2. Unzip the file and copy decoder.exe to your Desktop.
    
3. Ensure that you have copied config.cfg and account.cfg to your Desktop.
    
4. Create a new folder on your Desktop and name it Encrypted. Copy (do not move) the encrypted files you want to decrypt to this folder.
    
5. Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
   • Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
      
6. Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username; type the command exactly as shown) and then press Enter.
    
7. Type decoder.exe Encrypted and press Enter to scan the folder drive.
    
8. The decryptor tool has run successfully when the "Decoding 100%" or "Done" message is displayed.

Figure 1-2

9. If decryption was successful, type decoder.exe C: to decrypt all infected files on your C drive. To scan a different location, replace C: with the applicable path.