• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Virus › Restore .imsorry files (Remove Im Sorry virus)

Restore .imsorry files (Remove Im Sorry virus)

Myantispyware team June 1, 2017     No Comment    

If your photos, documents and music does not open normally, their names modified or .imsorry added at the end of their name then your computer is infected with a new ransomware infection from a family of file-encrypting ransomware. Once started, it have encrypted all photos, documents and music stored on a personal computer drives and attached network drives.

imsorry virus

It uses a strong encryption algorithm with long key. When the ransomware infection encrypts a file, it will add the .imsorry extension to each encrypted file. Once the virus finished enciphering of all files, it will create a file called “Read me for help thanks.txt” with tutorial on how to decrypt all photos, documents and music.

Table of contents

  1. What is Im Sorry virus
  2. How to decrypt imsorry files
  3. How to remove Im Sorry ransomware
    • How to automatically get rid of Im Sorry with Zemana Anti-malware
    • Run Malwarebytes to get rid of ransomware virus
    • Delete Im Sorry virus and malicious extensions with KVRT
  4. How to restore imsorry files
    • Use ShadowExplorer to recover imsorry files
    • Run PhotoRec to restore imsorry files
  5. How to prevent your PC system from becoming infected by Im Sorry ransomware?
    • Use CryptoPrevent to protect your personal computer from Im Sorry ransomware infection
  6. How does your personal computer get infected with Im Sorry ransomware
  7. To sum up

The Im Sorry ransomware infection offers to make a payment in Bitcoins to get a key to decrypt photos, documents and music. Important to know, currently not possible to decrypt the .imsorry files encrypted by the ransomware virus without the private key and decrypt program. If you choose to pay the ransom, there is no 100% guarantee that you can restore all documents, photos and music! If you do not want to pay for a decryption key, then you have a chance to recover encrypted personal files.

Use the step-by-step guide below to get rid of the ransomware infection itself and try to recover encrypted photos, documents and music.

What is Im Sorry

Im Sorry is a variant of crypto viruses (malware that encrypt personal files and demand a ransom). It affects all current versions of MS Windows OS such as Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10. This ransomware infection uses a strong encryption algorithm with 2048-bit key to eliminate the possibility of brute force a key that will allow to decrypt encrypted files.

When the ransomware infects a computer, it uses system directories to store own files. To run automatically whenever you turn on your computer, Im Sorry ransomware virus creates a registry entry in Windows: sections HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce.

Immediately after the launch, the ransomware scans all available drives, including network and cloud storage, to determine which files will be encrypted. The virus uses the file name extension, as a method to define a group of files that will be subjected to encrypting. Encrypted almost all types of files, including common as:

.wpa, .jpeg, .wp, .wmv, .zabw, .rim, .ntl, .wpd, .wcf, .rtf, .rar, .xmind, .big, .vfs0, .csv, .xbdoc, .wsh, .y, .wmo, .d3dbsp, .r3d, .avi, .xld, .0, .xyp, .kdb, .der, .wp7, .xlsm, .raf, .orf, .arch00, .txt, .bay, .odb, .wps, .wm, .wbz, .xlsx, .hvpl, .cdr, .wmd, .ztmp, .w3x, .mrwref, .snx, .ods, .docm, .iwd, .eps, .wbmp, .t13, .hplg, .rgss3a, .dxg, .accdb, .zif, .wav, .x3d, .gho, .wpd, .bc7, .xbplate, .pdf, .lbf, .desc, .sr2, .mov, .qic, .wp4, .kdc, .wot, .erf, .xll, .das, .fsh, .1st, .ncf, .epk, .syncdb, .map, .js, .wbk, .itm, .mpqge, .webp, .css, .odc, .gdb, .xdl, .rw2, .wri, .pptm, .asset, .xx, .dazip, .pptx, .svg, .bkp, .wp6, .menu, .bik, .py, .docx, .bar, .litemod, .xyw, .crw, .cr2, .xxx, .cas, .mlx, .xf, .xdb, .xml, .dmp, .zip, .mcmeta, .wp5, .cer, .jpe, .m4a, .ws, .sidd, .psd, .tor, .m3u, .zip, .ltx, .yml, .dwg, .raw, .iwi, .2bp, .odp, .ff, .xlk, .xwp, .zdb, .vdf, .vpk, .pdd, .wdb, .mdbackup, .sie, .ppt, .mddata, .arw, .xpm, .ibank, .wpl, .psk, .wn, .qdf, .bc6, .p7b, .fpk, .zdc, .doc, .wbm, .srf, .sav, .itl, .x, .dbf, .bsa, .sis, .xls, .3fr, .nrw, .jpg, .mp4, .sb, .sidn, .indd, .ai, .xlsb, .x3f, .yal, .odt, .wpg, .wbc, .db0, .dng, .sum, .sql, .ptx, .cfr, .dba, .mef, .pst, .wpe, .png, .sid, wallet, .t12, .hkdb, .xmmap, .wma, .dcr, .vpp_pc, .wotreplay, .lvl, .webdoc

Once a file is encrypted, its extension changed to .imsorry. Next, the virus creates a file named “Read me for help thanks.txt”. This file contain guidance on how to decrypt all encrypted documents, photos and music. An example of the guidance is:

Hello, I hate to inform you but your files have been encrypted.
To get them back you must pay me a small fee.
Instructions are buy btc then pay me then i’ll simply give you, your encryption key.
Step 1.
Make a account here
hxxps://blockchain.info/wallet/#/signup
Step 2.
Buy bitcoin
Use one of the trade centers below to recieve bitcoin to pay me off
hxxps://www.coinbase.com/
hxxps://localbitcoins.com/register/
Step 3.
Send the payment of 500 USD to the BTC address below
then i’ll give you the key.
Places you can read about bitcoin
hxxps://blog.newegg.com/the-fastest-way-to-get-started-with-bitcoin/
hxxps://bitcoin.org/en/getting-started
You have 3 weeks to pay else i might delete the key or i might just give you the key idk
Be sure you put your btc address in the box below as this is how i track payments.
if you f* around i’ll delete your key.
Once again,Sorry.

The Im Sorry ransomware infection actively uses scare tactics by giving the victim a brief description of the encryption algorithm and showing a threatening message on the desktop. It is trying to force the user of the infected computer, do not hesitate to pay a ransom, in an attempt to recover their personal files.

How to decrypt imsorry files

Currently there is no available method to decrypt imsorry files. The ransomware repeatedly tells the victim that uses a strong encryption algorithm with big key. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a solution because of the big length of the key. Therefore, unfortunately, the only payment to the authors of the Im Sorry ransomware infection entire amount requested – the only method to try to get the decryption key and decrypt all your files.

There is absolutely no guarantee that after pay a ransom to the authors of the Im Sorry ransomware virus, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new virus.

How to remove Im Sorry ransomware infection

Before you run the procedure of recovering personal files which has been encrypted, make sure Im Sorry virus is not running. Firstly, you need to remove this ransomware virus permanently. Thankfully, there are several malicious software removal utilities which will effectively detect and remove Im Sorry ransomware virus and other crypto virus malicious software from your PC.




How to automatically get rid of Im Sorry with Zemana Anti-malware

We recommend you to run the Zemana Anti-malware which are completely clean your PC of this ransomware. Moreover, the utility will allow you to delete potentially unwanted applications, malware, toolbars and ‘ad supported’ software that your computer can be infected too.

Download Zemana anti malware on your system from the following link.

Zemana AntiMalware
Zemana AntiMalware
159513 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

When the download is done, close all applications and windows on your system. Open a directory in which you saved it. Double-click on the icon that’s named Zemana.AntiMalware.Setup as shown in the following example.

Zemana antimalware icon

When the install starts, you will see the “Setup wizard” which will allow you install Zemana anti malware on your computer.

Zemana AntiMalware SetupWizard

Once install is finished, you will see window as shown on the image below.

Now click the “Scan” button . This will start scanning the whole system to find out Im Sorry virus and other trojans and dangerous software. A scan can take anywhere from 10 to 30 minutes, depending on the count of files on your computer and the speed of your system. During the scan it’ll detect all threats exist on your PC system.

Zemana AntiMalware find Im Sorry ransomware

Once the system scan is done, a list of all threats detected is produced. In order to delete all threats, simply press “Next” button.

Zemana AntiMalware scan is finished

The Zemana Anti-malware will start removing Im Sorry ransomware virus related files, folders and registry keys.

Use Malwarebytes to delete ransomware infection

You can delete Im Sorry ransomware virus automatically with a help of Malwarebytes Free. We suggest this free malware removal tool because it can easily remove ransomwares, adware, PUPs and toolbars with all their components such as files, folders and registry entries.

Download Malwarebytes on your Microsoft Windows Desktop by clicking on the link below.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
317590 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

After downloading is complete, close all programs and windows on your personal computer. Open a directory in which you saved it. Double-click on the icon that’s named mb3-setup as displayed below.

malwarebytes setup icon

When the installation starts, you will see the “Setup wizard” that will help you install Malwarebytes on your personal computer.

setup malwarebytes

Once installation is complete, you will see window as on the image below.

malwarebytes windows10

Now click the “Scan Now” button . This tool will now begin scanning your PC system for the Im Sorry ransomware virus and other trojans and harmful applications. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your PC system and the speed of your computer. While the application is checking, you can see number of objects it has identified as threat.

malwarebytes win10 scan for Im Sorry ransomware virus

When the system scan is finished, it’ll display a list of detected items. Review the scan results and then press “Quarantine Selected” button.

malwarebytes win10 threat scan finished

The Malwarebytes will start removing Im Sorry ransomware virus related files, folders, registry keys. Once disinfection is finished, you may be prompted to restart your PC.

The following video explains step by step instructions on how to delete virus and other malware with Malwarebytes Anti-malware.

Remove Im Sorry ransomware and malicious extensions with KVRT

If MalwareBytes antimalware or Zemana anti malware cannot delete this ransomware virus, then we advises to run the KVRT. KVRT is a free removal utility for ransomwares, ‘ad supported’ software, potentially unwanted software and toolbars.

Download Kaspersky virus removal tool (KVRT) by clicking on the following link. Save it on your Microsoft Windows desktop or in any other place.

Kaspersky virus removal tool
Kaspersky virus removal tool
123862 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

Once the downloading process is done, double-click on the KVRT icon. Once initialization process is done, you will see the KVRT screen like below.

KVRT main window

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button to perform a system scan for the Im Sorry ransomware infection and other trojans and harmful software. A system scan may take anywhere from 5 to 30 minutes, depending on your system.

KVRT scanning

Once the scan is finished, you can check all threats detected on your computer as shown in the figure below.

KVRT scan report

Review the report and then press on Continue to start a cleaning process.

How to restore imsorry files

In some cases, you can restore files encrypted by Im Sorry ransomware virus. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted photos, documents and music.




Use ShadowExplorer to recover imsorry files

Download ShadowExplorer by clicking on the following link. Save it on your Windows desktop.

ShadowExplorer
ShadowExplorer
419063 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

Once downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown in the following example.

ShadowExplorer folder

Double click ShadowExplorerPortable to run it. You will see the a window as displayed on the screen below.

ShadowExplorer

In top left corner, choose a Drive where encrypted files are stored and a latest restore point as displayed in the figure below (1 – drive, 2 – restore point).

ShadowExplorer

On right panel look for a file that you want to recover, right click to it and select Export as displayed on the screen below.

ShadowExplorer recover file

Run PhotoRec to restore imsorry files

Download PhotoRec from the link below and save it directly to your Microsoft Windows Desktop.

PhotoRec
PhotoRec
208905 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

Once downloading is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as on the image below.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for MS Windows. It’ll show a screen as displayed below.

PhotoRec for windows

Choose a drive to recover as on the image below.

photorec choose drive

You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as shown below.

photorec choose partition

Click File Formats button and choose file types to restore. You can to enable or disable the restore of certain file types. When this is complete, click OK button.

PhotoRec file formats

Next, click Browse button to choose where restored photos, documents and music should be written, then click Search.

photorec

Count of restored files is updated in real time. All restored personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.

When the restore is done, click on Quit button. Next, open the directory where recovered documents, photos and music are stored. You will see a contents like below.

PhotoRec - result of recovery

All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.

How to prevent your machine from becoming infected by Im Sorry virus?

Most antivirus programs already have built-in protection system against the ransomware. Therefore, if your PC system does not have an antivirus program, make sure you install it. As an extra protection, use the CryptoPrevent.

Run CryptoPrevent to protect your computer from Im Sorry virus

Download CryptoPrevent by clicking on the following link. Save it on your MS Windows desktop or in any other place.

www.foolishit.com/download/cryptoprevent/

Run it and follow the setup wizard. Once the installation is complete, you’ll be displayed a window where you can select a level of protection, as displayed in the following example.

CryptoPrevent

Now press the Apply button to activate the protection.

How does your computer get infected with Im Sorry ransomware

The Im Sorry ransomware virus is distributed through the use of spam emails. Below is an email that is infected with a ransomware virus like Im Sorry ransomware.

imsorry virus spam

Once this attachment has been opened, this ransomware virus will be launched automatically as you do not even notice that. The Im Sorry virus will begin the encryption procedure. When this task is finished, it will open the usual ransom instructions like above on Read me for help thanks.txt.

To sum up

Once you have done the steps shown above, your system should be clean from Im Sorry virus and other malware. Your PC system will no longer encrypt your personal files. Unfortunately, if the step by step guide does not help you, then you have caught a new variant of virus, and then the best way – ask for help.

  1. Download HijackThis by clicking on the link below and save it to your Desktop.
    HijackThis
    HijackThis download
    4164 downloads
    Version: 2.0.5
    Author: OpenSource
    Category: Security tools
    Update: November 7, 2015
  2. Double-click on the HijackThis icon. Next press “Do a system scan only” button.
  3. When this tool has finished scanning, the scan button will read “Save log”, click it. Save this log to your desktop.
  4. Create a Myantispyware account here. Once you’ve registered, check your e-mail for a confirmation link, and confirm your account. After that, login.
  5. Copy and paste the contents of the HijackThis log into your post. If you are posting for the first time, please start a new thread by using the “New Topic” button in the Spyware Removal forum. When posting your HJT log, try to give us some details about your problems, so we can try to help you more accurately.
  6. Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the Im Sorry virus.

 

Virus

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Doparnelychme.com Click Allow Scam
Doparnelychme.com Virus Removal Guide
Flixtagger.com Flix Tagger
Flixtagger.com Review: Is This Netflix Tagger Opportunity Legitimate?
Link For Captcha virus Click Allow Scam
Link For Captcha Virus (removal guide)
MetaMask Email Scam
Metamask Email Scam: What You Need to Know to Stay Safe Online
Basicstester.com Amazon Product Tester
Basicstester.com Review: Is It a Scam or Legit Way to Become an Amazon Product Tester

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
This setting is enforced by your administrator (Removal guide)

Recent Posts

UnTabs adware
How to remove UnTabs ads (Virus removal guide)
freediscounts.info
How to remove Freediscounts.info pop ups [Chrome, Firefox, IE, Edge]
lovesearchweb.com
How to remove Lovesearchweb.com [Chrome, Firefox, IE, Edge]
Adoresearch.com
How to remove Adoresearch.com [Chrome, Firefox, IE, Edge]
mysupersearch.net
How to remove Mysupersearch.net [Chrome, Firefox, IE, Edge]

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.