Restore .sVn files – Remove README_FOR_SAVE FILES virus

The SVN ransomware infection offers to make a payment in Bitcoins to get a key to decrypt documents, photos and music. Important to know, currently not possible to decrypt the .sVn files encrypted by the virus without the private key and decrypt application. If you choose to pay the ransom, there is no 100% guarantee that you can recover all documents, photos and music! If you do not want to pay for a decryption key, then you have a chance to recover encrypted photos, documents and music.

Use the step-by-step guide below to remove the ransomware infection itself and try to recover encrypted documents, photos and music.

What is SVN ransomware

SVN ransomware is a variant of crypto viruses (malware that encrypt personal files and demand a ransom). It affects all current versions of Microsoft Windows operating systems such as Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10. This ransomware uses very strong hybrid encryption with a large key to eliminate the possibility of brute force a key that will allow to decrypt encrypted photos, documents and music.

When the virus infects a computer, it uses system directories to store own files. To run automatically whenever you turn on your computer, SVN virus creates a registry entry in Windows: sections HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run, HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ RunOnce.

Immediately after the launch, the ransomware scans all available drives, including network and cloud storage, to determine which files will be encrypted. The virus uses the file name extension, as a method to define a group of files that will be subjected to encrypting. Encrypted almost all types of files, including common as:

.erf, .1, .dng, .wpg, .wb2, .xls, .xll, .iwd, .cer, .re4, .kdc, .rtf, .wri, .eps, .mdbackup, .rofl, .wpl, .bc7, .gho, .srw, .txt, .wcf, .odc, .odb, .wmf, .bkf, .cfr, .crt, .xxx, .yal, .srf, .rgss3a, .wbk, .avi, .xlsb, .sb, .sid, .wsc, .sis, .p12, .wps, .lvl, .desc, .wpe, .dwg, .zabw, .dazip, .kdb, .crw, .bkp, .ybk, .ods, .xx, .mdb, .vdf, .tax, .sql, .xbplate, .7z, .ysp, .cas, .rb, .lbf, .fsh, .ztmp, .cdr, .orf, .arw, .mp4, .2bp, .pef, .bsa, .rw2, .t13, .wma, .bik, .webp, .ltx, .wp, .doc, .mcmeta, .y, .z, .xml, .wps, .xdb, .jpg, .jpeg, .das, .vcf, .zif, .hplg, .zi, .1st, .csv, .xlsx, .der, .fos, .odt, .dmp, .3ds, .itdb, .3dm, .hvpl, .forge, .t12, .mov, .x, .wot, .itl, .pem, .js, .xls, .ntl, .x3f, .xf, .wbc, .dxg, .blob, .syncdb, .svg, .x3d, .pptm, .mrwref, .ff, .pptx, .itm, .bc6, .css, .xmind, .xlsx, .wp5, .wpd, .wire, .upk, .zdb, .xlk, .pak, .jpe, .mef, .big, .z3d, .xld, .xy3, .psk, .wdp, .sav, .odp, .accdb, .d3dbsp, .psd, .nrw, .menu, .wp7, .ws, .wp4, .qic, .sidd, .wsd, .wmv, .esm, .litemod, .slm, .pdd, .rim, .wdb, .wm, .gdb, .dcr, .odm, .vtf, .lrf, .raw, .py, .rwl, .sum, .bar, .wpa, .m2, .mdf, .wpt, .cr2, .indd, .wbd, .zdc, .kf, .flv, .r3d, .tor

Once a file is encrypted, its extension modified to .sVn. Next, the ransomware creates a file called “!!!!README_FOR_SAVE FILES.txt”. This file contain tutorial on how to decrypt all encrypted personal files. An example of the guidance is:

Your decrypt ID: ***

Files are encrypted! To decrypt flies you need to obtain the private key.
The only copy of the private key, which will allow you to decrypt your files, is located
on a secret server in the Internet.

Use this Link: http://rktazuzi7hbln7sy.tor2web.cf

If the link does not work:

1. You must install Tor Browser:
https://www.torproject.org/download/download-easy.html.en
2. After instalation, run the Tor Browser and enter address:
http://rktazuzi7hbln7sy.onion/

Follow the instruction on the website.

Your decrypt ID: ***

The SVN ransomware actively uses scare tactics by giving the victim a brief description of the encryption algorithm and showing a threatening message on the desktop. It is trying to force the user of the infected personal computer, do not hesitate to pay a ransom, in an attempt to restore their photos, documents and music.

How to decrypt sVn files

Currently there is no available method to decrypt sVn files. The ransomware infection repeatedly tells the victim that uses a strong encryption algorithm with 2048-bit key. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a solution because of the big length of the key. Therefore, unfortunately, the only payment to the authors of the SVN ransomware entire amount requested – the only way to try to get the decryption key and decrypt all your files.

There is absolutely no guarantee that after pay a ransom to the makers of the SVN virus, they will provide the necessary key to decrypt your files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware infection.

How to remove SVN ransomware

In order to remove SVN ransomware from your system, you need to stop all ransomware infection processes and delete its associated files including Windows registry entries. If any ransomware infection components are left on the system, the ransomware infection can reinstall itself the next time the system boots up. Usually ransomwares uses random name consist of characters and numbers that makes a manual removal procedure very difficult. We advise you to use a free ransomware virus removal tools which will allow get rid of SVN ransomware from your computer. Below you can found a few popular malware removers that detects various ransomware.

Use Zemana Anti-malware to remove ransomware

We suggest using the Zemana Anti-malware. You can download and install Zemana Anti-malware to scan for and delete SVN virus from your computer. When installed and updated, the malicious software remover will automatically scan and detect all threats exist on the computer.

1. Please download Zemana antimalware by clicking on the following link. Save it on your Microsoft Windows desktop.
   
   

   Zemana AntiMalware
   164995 downloads
   Author: Zemana Ltd
   Category: Security tools
   Update: July 16, 2019
   
2. At the download page, click on the Download button. Your browser will display the “Save as” dialog box. Please save it onto your Windows desktop.
3. Once downloading is complete, please close all software and open windows on your PC system. Next, run a file named Zemana.AntiMalware.Setup.
4. This will launch the “Setup wizard” of Zemana anti-malware onto your computer. Follow the prompts and do not make any changes to default settings.
5. When the Setup wizard has finished installing, the anti-malware will launch and open the main window.
6. Further, click the “Scan” button to perform a system scan for the SVN ransomware and other known infections. Depending on your PC, the scan can take anywhere from a few minutes to close to an hour. While the tool is checking, you can see how many objects it has identified either as being malicious software.
7. When this tool has finished scanning, it’ll show a list of detected items.
8. In order to remove all items, simply press the “Next” button to begin cleaning your PC system. Once the process is finished, you may be prompted to reboot the PC.
9. Close the Zemana Anti-Malware and continue with the next step.

How to automatically remove SVN virus with Malwarebytes

You can get rid of SVN ransomware virus automatically with a help of Malwarebytes Free. We suggest this free malware removal tool because it can easily delete ransomwares, adware, potentially unwanted applications and toolbars with all their components such as files, folders and registry entries.

Download Malwarebytes Free on your system by clicking on the link below.

Once the downloading process is finished, run it and follow the prompts. Once installed, the Malwarebytes will try to update itself and when this task is finished, press the “Scan Now” button to perform a system scan for the SVN ransomware virus and other trojans and dangerous software. A system scan can take anywhere from 5 to 30 minutes, depending on your system. While the tool is checking, you can see how many objects it has identified either as being malware. When you are ready, click “Quarantine Selected” button.

The Malwarebytes is a free program that you can use to get rid of all detected folders, files, services, registry entries and so on. To learn more about this malware removal tool, we recommend you to read and follow the step by step tutorial or the video guide below.

If the problem with SVN virus is still remained

KVRT is a free removal utility that can be downloaded and run to remove ransomwares, adware, malicious software, PUPs, toolbars and other threats from your computer. You can use this utility to detect threats even if you have an antivirus or any other security program.

Download Kaspersky virus removal tool (KVRT) by clicking on the following link and save it to your Desktop.

Once the downloading process is done, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is done, you’ll see the Kaspersky virus removal tool screen as displayed in the figure below.

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button for scanning your computer for the SVN ransomware infection and other trojans and harmful software. This procedure can take some time, so please be patient. During the scan it will detect all threats exist on your machine.

When it has done scanning, it will display a list of found items as on the image below.

Next, you need to click on Continue to start a cleaning process.

How to restore sVn files

In some cases, you can restore files encrypted by SVN ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted files.

Use shadow copies to restore sVn files

If automated backup (System Restore) is enabled, then you can use it to recover all encrypted files to previous versions.

Download ShadowExplorer on your system from the following link. This utility is available for Windows Vista, Windows 7, Windows 8 and Windows 10.

Once downloading is complete, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and choose Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed on the screen below.

Start ShadowExplorerPortable. You will see the a window as displayed in the following example.

From the first drop down list you can select a drive that contains encrypted photos, documents and music, from the second drop down list you can select the date that you wish to restore from. 1 – drive, 2 – restore point, as on the image below.

Righ-click entire folder or any one encrypted file and choose Export, as on the image below.

It will open a dialog box that asking whether you’d like to restore a file or the contents of the folder to.

Recover sVn files with PhotoRec

Download PhotoRec on your Windows Desktop by clicking on the link below.

After downloading is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed in the following example.

Double click on qphotorec_win to run PhotoRec for MS Windows. It will open a screen as shown on the image below.

Choose a drive to recover as displayed in the figure below.

You will see a list of available partitions. Select a partition that holds encrypted files as displayed in the following example.

Press File Formats button and specify file types to recover. You can to enable or disable the restore of certain file types. When this is finished, click OK button.

Next, press Browse button to select where restored files should be written, then press Search.

Count of restored files is updated in real time. All recovered personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the restore process is not finished.

When the recovery is finished, click on Quit button. Next, open the directory where restored files are stored. You will see a contents as shown on the image below.

All recovered files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your recovered files by extension and/or date/time.

How to prevent your PC from becoming infected by SVN ransomware infection?

Most antivirus applications already have built-in protection system against the virus. Therefore, if your PC does not have an antivirus program, make sure you install it. As an extra protection, run the CryptoPrevent.

Use CryptoPrevent to protect your machine from SVN ransomware virus

Download CryptoPrevent from the link below and save it directly to your Microsoft Windows Desktop.

www.foolishit.com/download/cryptoprevent/

Run it and follow the setup wizard. Once the install is finished, you will be shown a window where you can choose a level of protection, as displayed in the figure below.

Now press the Apply button to activate the protection.

How does your PC get infected with SVN ransomware virus

The SVN virus is distributed through the use of spam emails. Below is an email that is infected with a ransomware virus like SVN ransomware virus.

Once this attachment has been opened, this ransomware will be started automatically as you do not even notice that. The SVN virus will start the encryption process. When this procedure is done, it’ll open the usual ransom instructions like above on !!!!README_FOR_SAVE FILES.txt.

To sum up

After completing the guidance shown above, your computer should be clean from SVN virus and other malware. Your computer will no longer encrypt your documents, photos and music. Unfortunately, if the tutorial does not help you, then you have caught a new variant of virus, and then the best way – ask for help.

1. Download HijackThis by clicking on the link below and save it to your Desktop.
   
   

   HijackThis download
   4985 downloads
   Version: 2.0.5
   Author: OpenSource
   Category: Security tools
   Update: November 7, 2015
   
2. Double-click on the HijackThis icon. Next click “Do a system scan only” button.
3. When it has complete scanning your computer, the scan button will read “Save log”, click it. Save this log to your desktop.
4. Create a Myantispyware account here. Once you’ve registered, check your e-mail for a confirmation link, and confirm your account. After that, login.
5. Copy and paste the contents of the HijackThis log into your post. If you are posting for the first time, please start a new thread by using the “New Topic” button in the Spyware Removal forum. When posting your HJT log, try to give us some details about your problems, so we can try to help you more accurately.
6. Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the SVN ransomware virus.