Onecrypt@aol.com ransomware virus is a malware that invisibly penetrates the computer and encrypts personal files which stored on PC system disks. While encrypting, it renames all encrypted documents, photos and music so that they have the .good file extension.
The Onecrypt@aol.com ransomware is a malware, that made to encrypt the photos, documents and music found on infected computer using a strong encryption algorithm with long key, appending the .good extension to all encrypted photos, documents and music. It can encrypt almost types of files, including the following:
.psk, .z3d, .das, .slm, .pptx, .ptx, .jpg, .iwi, .crw, .pdf, .dbf, .hkdb, .fsh, .kf, .wpt, .bsa, .mdf, .3dm, .sid, .zabw, .xwp, .zip, .wb2, .wpe, .wpd, .menu, .wmv, .xml, .nrw, .bar, .wsd, .ztmp, .m4a, .svg, .wcf, .xls, .pdd, .vpk, .wpa, .7z, .pst, .yml, .xlsx, .xyw, .wpb, .xdb, .bc6, .hvpl, .ai, .dba, .wpg, .xmmap, .rtf, .wp5, .vpp_pc, .wpw, .upk, .wps, .ncf, .odt, .wp7, .x3f, .hkx, .cas, .ff, .mov, .zip, .jpe, .tax, .wn, .png, .erf, .yal, .wotreplay, .docm, .x3f, .mef, .p7b, .ibank, .wdb, .wp4, .xx, .vtf, .sql, .pak, .xbplate, .wbd, .wmf, .map, .qdf, .xbdoc, .wri, .itl, .wpl, .xlsb, .z, .js, .pptm, .docx, .gho, .1, .arw, .sum, .wma, .bkp, .xlsm, .jpeg, .d3dbsp, .mddata, .rb, .t13, .odb, .esm, .desc, .xy3, .forge, .icxs, .mdb, .pef, .bc7, .pkpass, .arch00, .fpk, .kdc, .flv, .webp, .dwg, .wav, wallet, .iwd, .litemod, .db0, .ppt, .rgss3a, .3fr, .cr2, .wmd, .xlsm, .zif, .wot, .itm, .wgz, .bik, .sie, .rim, .wma, .2bp, .gdb, .css, .wsh, .srf, .p12, .xll, .p7c, .ods, .wbk, .der, .vdf, .wbz, .fos, .ybk, .t12, .xyp, .xlk, .rofl, .dcr, .ntl, .vcf, .wsc, .sidd, .rar, .zdc, .crt, .dxg, .odm, .wm, .dmp, .mcmeta, .tor, .sis, .accdb, .eps, .xf, .zw, .dng, .py, .doc, .ws, .xxx, .wbmp, .x, .big, .mlx, .cer, .ysp, .cdr, .bkf, .mp4, .zdb, .qic, .lvl, .pfx, .hplg, .0, .1st
Once a file is encrypted, its extension changed to .good. Next, the ransomware virus drops a file named ‘RETURN FILES.txt’. This file contain an information on how to decrypt all encrypted documents, photos and music. You can see an one of the variants of the ransom demanding message below:
All your data is encrypted! for return write to mail: Onecrypt@aol.com
|Type||Ransomware, Filecoder, Crypto virus, File locker|
|Encrypted files extension||.good|
|Ransom note||RETURN FILES.txt|
|Ransom amount||$300-$1000 in Bitcoins|
|Detection Names||Avast – Win32:RansomX-gen [Ransom], BitDefender – Trojan.Ransom.Crysis.E, ESET-NOD32 – A Variant Of Win32/Filecoder.Crysis.P, Kaspersky – Trojan-Ransom.Win32.Crusis.to|
|Removal||To remove Onecrypt@aol.com ransomware use the removal guide|
|Decryption||To decrypt Onecrypt@aol.com ransomware use the steps|
Unfortunately, at this time, victims of the Onecrypt@aol.com ransomware virus cannot decrypt encrypted personal files without the actual encryption key. But you can follow our guide below to search for and remove Onecrypt@aol.com ransomware from your PC system as well as restore encrypted personal files for free.
- How to remove Onecrypt@aol.com ransomware virus
- How to decrypt .good files
- How to restore .good files
- How to protect your system from Onecrypt@aol.com ransomware?
- To sum up
How to remove Onecrypt@aol.com ransomware virus
Malware removal utilities are pretty effective when you think your computer is infected by ransomware. Below we will discover best tools which can identify and remove Onecrypt@aol.com ransomware from your PC.
Use Zemana Anti-malware to remove Onecrypt@aol.com ransomware virus
We recommend you to use the Zemana Anti-malware which are completely clean your machine of this ransomware virus. Moreover, the utility will allow you to remove potentially unwanted apps, malware, trojans and adware that your PC system may be infected too.
- Visit the page linked below to download Zemana. Save it on your MS Windows desktop or in any other place.
Author: Zemana Ltd
Category: Security tools
Update: February 14, 2019
- At the download page, click on the Download button. Your web-browser will open the “Save as” prompt. Please save it onto your Windows desktop.
- After downloading is done, please close all software and open windows on your PC system. Next, launch a file named Zemana.AntiMalware.Setup.
- This will launch the “Setup wizard” of Zemana Anti-Malware onto your computer. Follow the prompts and don’t make any changes to default settings.
- When the Setup wizard has finished installing, the Zemana Free will start and open the main window.
- Further, click the “Scan” button to perform a system scan with this tool for the Onecrypt@aol.com ransomware virus, other malicious software, worms and trojans. During the scan Zemana AntiMalware will locate threats exist on your personal computer.
- When the scanning is done, Zemana Free will open you the results.
- Review the results once the tool has done the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click the “Next” button. The tool will remove Onecrypt@aol.com ransomware, other kinds of potential threats like malicious software and trojans and move items to the program’s quarantine. When the cleaning process is done, you may be prompted to restart the PC.
- Close the Zemana Anti-Malware (ZAM) and continue with the next step.
Run MalwareBytes Free to remove Onecrypt@aol.com ransomware
Delete Onecrypt@aol.com ransomware manually is difficult and often the ransomware virus is not fully removed. Therefore, we suggest you to use the MalwareBytes Anti Malware which are fully clean your system. Moreover, this free program will help you to remove malware, PUPs, toolbars and adware that your PC can be infected too.
- Installing the MalwareBytes Anti Malware is simple. First you’ll need to download MalwareBytes Anti Malware (MBAM) by clicking on the link below. Save it to your Desktop.
Category: Security tools
Update: February 5, 2019
- At the download page, click on the Download button. Your web browser will show the “Save as” dialog box. Please save it onto your Windows desktop.
- Once the downloading process is complete, please close all apps and open windows on your computer. Double-click on the icon that’s called mb3-setup.
- This will open the “Setup wizard” of MalwareBytes Anti-Malware (MBAM) onto your PC. Follow the prompts and don’t make any changes to default settings.
- When the Setup wizard has finished installing, the MalwareBytes AntiMalware (MBAM) will launch and open the main window.
- Further, press the “Scan Now” button . MalwareBytes Anti-Malware program will scan through the whole PC system for the Onecrypt@aol.com ransomware, other malware, worms and trojans. When a malware, adware or potentially unwanted apps are detected, the number of the security threats will change accordingly.
- After the scan get finished, you may check all threats detected on your PC.
- Make sure all threats have ‘checkmark’ and click the “Quarantine Selected” button. After that process is complete, you may be prompted to reboot the PC.
- Close the AntiMalware and continue with the next step.
Video instruction, which reveals in detail the steps above.
Scan and free your computer of ransomware virus with KVRT
KVRT is a free removal tool which can scan your computer for a wide range of security threats like the Onecrypt@aol.com ransomware virus, trojans, potentially unwanted programs as well as other malicious software. It will perform a deep scan of your personal computer including hard drives and Microsoft Windows registry. After a malware is found, it will allow you to get rid of all detected threats from your personal computer by a simple click.
Download Kaspersky virus removal tool (KVRT) on your PC by clicking on the following link.
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the downloading process is finished, double-click on the KVRT icon. Once initialization process is finished, you will see the Kaspersky virus removal tool screen as shown on the screen below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to locate Onecrypt@aol.com ransomware virus and other malicious software. A system scan can take anywhere from 5 to 30 minutes, depending on your system. When a malware, adware software or trojans are detected, the number of the security threats will change accordingly.
After the system scan is finished, Kaspersky virus removal tool will open a list of found items as on the image below.
Next, you need to click on Continue to begin a cleaning task.
How to decrypt .good files
The Onecrypt@aol.com ransomware virus encourages to make a payment in Bitcoins to get a key to decrypt files. Important to know, currently not possible to decrypt .good files without the private key and decrypt program.
We do not recommend paying a ransom, as there is no guarantee that you will be able to decrypt your documents, photos and music. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware virus.
With some variants of this ransomware, it’s possible to use Windows Shadow Copies or file restore utilities to recover photos, documents and music that have been encrypted by Onecrypt@aol.com ransomware virus. You can use the free tools listed below in the article.
How to restore .good files
In some cases, you can recover files encrypted by Onecrypt@aol.com ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted photos, documents and music.
Run ShadowExplorer to recover .good files
In some cases, you have a chance to recover your personal files that were encrypted by the Onecrypt@aol.com ransomware. This is possible due to the use of the utility named ShadowExplorer. It is a free application which developed to obtain ‘shadow copies’ of files.
Installing the ShadowExplorer is simple. First you’ll need to download ShadowExplorer on your machine from the link below.
Category: Security tools
Update: February 27, 2018
When the download is done, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as on the image below.
Launch the ShadowExplorer utility and then select the disk (1) and the date (2) that you wish to recover the shadow copy of file(s) encrypted by the Onecrypt@aol.com ransomware as shown on the screen below.
Now navigate to the file or folder that you want to restore. When ready right-click on it and click ‘Export’ button like below.
Recover .good files with PhotoRec
Before a file is encrypted, the Onecrypt@aol.com ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your personal files using file recover programs like PhotoRec.
Download PhotoRec on your MS Windows Desktop by clicking on the following link.
Category: Security tools
Update: March 1, 2018
When the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the image below.
Double click on qphotorec_win to run PhotoRec for Windows. It’ll show a screen as shown in the figure below.
Select a drive to recover as displayed in the following example.
You will see a list of available partitions. Select a partition that holds encrypted personal files as shown in the following example.
Click File Formats button and select file types to recover. You can to enable or disable the recovery of certain file types. When this is complete, press OK button.
Next, press Browse button to select where restored files should be written, then click Search.
Count of restored files is updated in real time. All restored documents, photos and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the recovery is finished, click on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as displayed in the figure below.
All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your system from Onecrypt@aol.com ransomware?
Most antivirus software already have built-in protection system against the ransomware virus. Therefore, if your PC system does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Use HitmanPro.Alert to protect your PC from Onecrypt@aol.com ransomware
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Visit the page linked below to download the latest version of HitmanPro.Alert for Windows. Save it on your Desktop.
Category: Security tools
Update: March 6, 2019
When downloading is finished, open the folder in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. After the utility is started, you will be displayed a window where you can select a level of protection, as shown in the following example.
Now click the Install button to activate the protection.
To sum up
After completing the steps outlined above, your system should be free from Onecrypt@aol.com ransomware and other malicious software. Your personal computer will no longer encrypt your photos, documents and music. Unfortunately, if the guide does not help you, then you have caught a new ransomware virus, and then the best way – ask for help here.