Issue
- Your ESET product detected a Win32/Filecoder.AE infection
- Decrypt specific variants of your files using the decoder.exe tool
- Your personal files have become encrypted
- Users are told they have to send information or a certain amount of money via Onpay.ru payment service
- You receive the following message on your computer:
Solution
- Download the decryptor tool and save the file to your Desktop.
ESETFilecoderAEcleaner.zip
- Unzip the file and copy decoder.exe to your Desktop.
- Ensure that you have copied
config.cfgandaccount.cfgto your Desktop.
- Create a new folder on your Desktop and name it
Encrypted. Copy (do not move) the encrypted files you want to decrypt to this folder.
- Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
- Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
- Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
- Type the command
cd %userprofile%\Desktop(do not replace "userprofile" with your username; type the command exactly as shown) and then press Enter.
- Type
decoder.exe Encryptedand press Enter to scan the folder drive.
- The decryptor tool has run successfully when the "Decoding 100%" or "Done" message is displayed.
Figure 1-2
- If decryption was successful, type decoder.exe C: to decrypt all infected files on your C drive. To scan a different location, replace
C:with the applicable path.
