[KB7081] Clean a Filecoder.AR infection using the Filecoder.AR cleaner

• Your personal files were encrypted
• Your ESET product detected the Win32/Filecoder.AR infection
• Decrypt your files using the ESETFilecoderARcleaner.exe tool

• Your files were encrypted without notification in your computer or a .txt, .html or .png file
• File extensions are not being renamed as they are in other ransomware variant infections

1. Download the ESETFilecoderARcleaner.exe tool and save the file to your Desktop.
    
2. Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
   • Windows 8 / 8.1 / 10 users: press the Windows key + Q to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
      
3. Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username–type the command exactly as shown) and then press Enter.
    
4. Type the command ESETFilecoderARcleaner.exe and press Enter.
    
5. Read and agree to the end-user license agreement.
    
6. Type ESETFilecoderARcleaner.exe C: and press Enter to scan the C drive. To scan a different drive replace C: with the appropriate drive letter.

7. When prompted to make a backup of every cleaned file, select Yes by pressing the y key.
    
8. When prompted to overwrite files to be cleaned in the C drive, select Yes by pressing the y key again.
    
9. The FilecoderAR cleaner tool will run and the message "Looking for infected files..." will be displayed. If an infection is discovered, follow the prompts from the FilecoderAR cleaner to clean your system.

Figure 1-1
Click the image to view larger in new window