[KB8114] Clean a SynAck infection using the ESET SynAck decryptor

Issue

• Decrypt specific variants of your files using the ESETSynAckDecryptor.exe tool
• Your ESET product detected a Win32/Filecoder.SynAck infection
• Your personal files have become encrypted
• Your files have been renamed with one of the following extensions: .RANDOM_CHARACTERS
• You receive the following messages on your computer's desktop background, or in a .txt or .html file:

Details

Win32/Filecoder.SynAck is a trojan that encrypts files on fixed, removable, and network drives. To decrypt these files the user is requested to comply with given conditions in exchange for a password/instructions.

Image gallery

Solution

1. Download the ESET SynAck decryptor tool and save the file to your desktop.

2. Press the Windows key + Q on your keyboard to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.

   • Earlier versions of Windows: Click Start → All Programs → Accessories, right-click Command prompt and select Run as administrator from the context menu.

3. Type the command cd %userprofile%\Desktop (do not replace "userprofile" with your username – type the command exactly as shown) and then press the Enter key on your keyboard.

4. Type the command ESETSynAckDecryptor.exe and press the Enter key on your keyboard.

5. Read and agree to the end-user license agreement.

6. Type ESETSynAckDecryptor.exe <Ransom_note> C: and press the Enter key on your keyboard to scan the C drive. To scan a different drive replace C: with the applicable drive letter.