• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

.Dutan file extension ransomware virus (Restore, Decrypt .dutan files)

Myantispyware team May 5, 2019    

This week, experienced security researchers has received reports of yet another ransomware named ‘.Dutan ransomware‘. This ransomware spreads via spam emails and malware files and appends the .dutan file extension to encrypted files. This blog post will provide you a brief summary of information related to this ransomware and how to recover (decrypt) encrypted files for free.

Files encrypted by .dutan ransomware

Files encrypted by .dutan ransomware

The Dutan ransomware is a malicious software which created in order to encrypt photos, documents and music. It hijack a whole PC or its data and demand a ransom in order to unlock (decrypt) them. The developers of the Dutan ransomware have a strong financial motive to infect as many personal computers as possible. The files that will be encrypted include the following file extensions:

.wav, .wp7, .flv, .d3dbsp, .jpeg, .itdb, .dwg, .xpm, .dba, .wpd, .wpg, .ai, .xml, .big, .hplg, .p12, .p7c, .epk, .t12, .txt, .das, .mdb, .xlsx, .mdbackup, .bay, .cas, .wgz, .raw, .bik, .ws, .xx, .apk, .wp5, .psd, .t13, .m4a, .wbz, .forge, .vpk, .xy3, .yml, .xwp, .upk, .pptx, .wsc, .wma, .odc, .bc7, .zip, .rwl, .xlsm, .kdc, .map, .xbdoc, .xdb, .xyw, .blob, .der, .m3u, .wpt, .xlsx, .hkx, .rgss3a, .sidd, .mcmeta, .r3d, .ptx, .arw, .avi, .cdr, .pak, .wn, .esm, wallet, .sie, .pdd, .srw, .zdb, .wm, .tax, .xar, .mdf, .xxx, .odp, .iwd, .wb2, .wbmp, .bkf, .gdb, .bc6, .rtf, .sav, .srf, .itm, .ppt, .rim, .sis, .wpl, .pem, .bkp, .webp, .wcf, .menu, .lrf, .wire, .zip, .pkpass, .wp, .zdc, .svg, .fos, .xlgc, .indd, .webdoc, .m2, .ibank, .xlsb, .icxs, .wbc, .mrwref, .wps, .py, .tor, .ltx, .vdf, .xld, .dbf, .odt, .x3d, .arch00, .7z, .bsa, .pdf, .wpa, .zi, .sr2, .re4, .kf, .wmv, .csv, .cer, .z3d, .wsh, .syncdb, .xmmap, .wot, .dng, .ff, .ntl, .layout, .litemod, .wpe, .cfr, .xf, .sb, .xyp, .w3x, .wmv, .3dm, .wpw, .pfx, .wmo, .snx, .itl, .zif, .pptm, .dmp, .accdb, .erf, .mddata, .wdp, .xls, .rofl, .jpg, .2bp, .wbd, .wdb, .jpe, .1st, .sid, .kdb, .xll, .x3f, .js, .eps, .xbplate, .ybk, .wpb, .xdl, .rb, .wsd, .crw, .mlx, .xlk, .p7b, .qdf, .y, .mp4, .lbf, .wpd, .iwi, .wma, .zabw, .mov, .x3f, .fpk, .hkdb, .doc, .rar, .psk

When encrypting a file it will add the .dutan extension to each encrypted file name to identify that the file has been encrypted. For example, a file called image.bmp would be encrypted and renamed to image.bmp.dutan.

When the encryption process is complete, the malicious software leaves a ransom instructions called ‘_readme.txt’ with instructions on how to purchase a private key to decrypt all personal files. An example of the ransom demanding message is:

ATTENTION!
 
Don't worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-1aTCryfzhK
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

 

Threat Summary

Name .Dutan ransomware
Type Ransomware, Filecoder, Crypto virus, File locker
Contact Emails gorentos@bitmessage.ch, vengisto@firemail.cc
Ransom note _readme.txt
Symptoms
  • Encrypted photos, documents and music
  • Windows Explorer displays a blank icon for the file type
  • Files called like ‘READ-ME’, ‘_open me’, _DECRYPT YOUR FILES’ or ‘_Your files have been encrypted” in every folder with an encrypted file
  • Ransom demanding message on your desktop
Removal To remove .Dutan ransomware use the removal guide
Decryption To decrypt .Dutan ransomware use the steps

 

Therefore it’s very important to follow the step-by-step guide below sooner. The steps will assist you to get rid of .Dutan ransomware. What is more, the guidance below will help you recover (decrypt) encrypted personal files for free.

Quick links

  1. How to remove .Dutan ransomware
  2. How to decrypt .dutan files
  3. Use STOPDecrypter to decrypt .dutan files
  4. How to restore .dutan files
  5. How to protect your personal computer from .Dutan ransomware virus?
  6. To sum up

How to remove .Dutan ransomware

Manual removal does not always help to completely remove the .Dutan ransomware virus, as it is not easy to identify and remove components of ransomware virus and all malicious files from hard disk. Therefore, it is recommended that you run malicious software removal utility to completely delete .Dutan ransomware virus off your personal computer. Several free malicious software removal utilities are currently available that may be used against the ransomware virus. The optimum method would be to use Zemana Anti-malware, Malwarebytes Free and Kaspersky Virus Removal Tool.



Remove .Dutan ransomware with Zemana Anti-malware

We advise using the Zemana Anti-malware that are completely clean your computer of the ransomware. The utility is an advanced malicious software removal application created by (c) Zemana lab. It’s able to help you get rid of worms, ransomware, adware software, malicious software, trojans, and other security threats from your PC for free.

Please go to the link below to download Zemana Free. Save it to your Desktop so that you can access the file easily.

Zemana AntiMalware
Zemana AntiMalware
165041 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

After the download is done, close all software and windows on your computer. Double-click the install file called Zemana.AntiMalware.Setup. If the “User Account Control” prompt pops up as on the image below, click the “Yes” button.

Zemana Anti-Malware uac

It will open the “Setup wizard” that will help you setup Zemana Anti-Malware (ZAM) on your PC system. Follow the prompts and don’t make any changes to default settings.

Zemana Anti-Malware Setup Wizard

Once installation is finished successfully, Zemana Free will automatically start and you can see its main screen as shown on the image below.

Now press the “Scan” button . Zemana AntiMalware utility will begin scanning the whole computer to find out the .Dutan ransomware virus and other security threats. This process can take quite a while, so please be patient. While the Zemana Free tool is scanning, you can see how many objects it has identified as being affected by malicious software.

Zemana find .Dutan ransomware and other malicious software and potentially unwanted apps

After the system scan is finished, Zemana Anti Malware (ZAM) will display you the results. Review the scan results and then click “Next” button. The Zemana Free will remove .Dutan ransomware and other security threats and add threats to the Quarantine. After the cleaning process is finished, you may be prompted to restart the personal computer.

Remove Dutan ransomware virus with MalwareBytes Anti Malware

If you are having problems with the Dutan ransomware virus removal, then download MalwareBytes Anti Malware (MBAM). It is free for home use, and scans for and removes various unwanted apps that attacks your system or degrades machine performance. MalwareBytes can remove ransomware as well as malware, including worms and trojans.

Visit the page linked below to download the latest version of MalwareBytes Free for Windows. Save it directly to your Windows Desktop.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
327268 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

When the download is finished, close all applications and windows on your computer. Double-click the install file called mb3-setup. If the “User Account Control” dialog box pops up as displayed in the figure below, click the “Yes” button.

MalwareBytes AntiMalware (MBAM) for Windows uac dialog box

It will open the “Setup wizard” that will help you setup MalwareBytes AntiMalware (MBAM) on your machine. Follow the prompts and do not make any changes to default settings.

MalwareBytes for Windows set up wizard

Once install is finished successfully, click Finish button. MalwareBytes Anti-Malware will automatically start and you can see its main screen like below.

MalwareBytes for MS Windows

Now click the “Scan Now” button . MalwareBytes AntiMalware (MBAM) utility will start scanning the whole computer to find out the Dutan ransomware related files, folders and registry keys. Depending on your computer, the scan can take anywhere from a few minutes to close to an hour. While the tool is scanning, you can see how many objects and files has already scanned.

MalwareBytes AntiMalware (MBAM) for Windows detect the Dutan ransomware related files, folders and registry keys

After MalwareBytes Anti-Malware has finished scanning your PC, MalwareBytes Free will display a list of detected items. Once you have selected what you wish to delete from your computer press “Quarantine Selected” button. The MalwareBytes Anti Malware (MBAM) will remove Dutan ransomware related files, folders and registry keys and move threats to the program’s quarantine. When that process is finished, you may be prompted to restart the PC system.

MalwareBytes Anti-Malware for Microsoft Windows reboot prompt

We suggest you look at the following video, which completely explains the procedure of using the MalwareBytes Anti Malware (MBAM) to get rid of adware, browser hijacker and other malware.

Remove .Dutan ransomware with KVRT

KVRT is a free removal tool that may be downloaded and use to delete ransomwares, adware, malicious software, worms, trojans and other threats from your PC. You may run this utility to search for threats even if you have an antivirus or any other security program.

Download Kaspersky virus removal tool (KVRT) from the link below.

Kaspersky virus removal tool
Kaspersky virus removal tool
129295 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

Once the download is finished, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is finished, you’ll see the Kaspersky virus removal tool screen as shown on the screen below.

KVRT main window

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to locate .Dutan ransomware virus and other malware. This process may take quite a while, so please be patient. While the KVRT tool is checking, you can see how many objects it has identified as being infected by malicious software.

Kaspersky virus removal tool scanning

Once KVRT has finished scanning your computer, KVRT will show a screen that contains a list of malware that has been found as on the image below.

KVRT scan report

You may delete items (move to Quarantine) by simply click on Continue to start a cleaning task.

How to decrypt .dutan files

The .Dutan ransomware encourages victim to contact it’s authors in order to decrypt all documents, photos and music. These persons will require to pay a ransom (usually demand for $490-$980 in Bitcoins).

Should you pay the ransom

We don’t recommend paying a ransom, as there is no guarantee that you will be able to decrypt your personal files. In addition, you must understand that paying money to the cyber criminals, you are encouraging them to create a new ransomware virus.

Files encrypted by ransomware

With some variants of Dutan ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.




Use STOPDecrypter to decrypt .dutan files

Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).

STOPDecrypter

STOPDecrypter

STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.dutan).

Please check the twitter post for more info.

How to restore .dutan files

In some cases, you can recover files encrypted by .Dutan ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted files.




Run ShadowExplorer to restore .dutan files

A free tool named ShadowExplorer is a simple solution to use the ‘Previous Versions’ feature of Microsoft Windows 10 (8, 7 , Vista). You can restore .dutan documents, photos and music encrypted by the .Dutan ransomware virus from Shadow Copies for free.

Please go to the link below to download the latest version of ShadowExplorer for Windows. Save it on your MS Windows desktop or in any other place.

ShadowExplorer
ShadowExplorer
439670 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

After the downloading process is done, extract the saved file to a directory on your system. This will create the necessary files as shown on the screen below.

ShadowExplorer folder

Launch the ShadowExplorerPortable program. Now choose the date (2) that you wish to recover from and the drive (1) you want to restore files (folders) from like below.

recover encrypted files with ShadowExplorer tool

On right panel navigate to the file (folder) you wish to recover. Right-click to the file or folder and click the Export button as on the image below.

ShadowExplorer recover .dutan files

And finally, specify a folder (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.

Restore .dutan files with PhotoRec

Before a file is encrypted, the .Dutan ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your photos, documents and music using file recover apps like PhotoRec.

Download PhotoRec by clicking on the following link. Save it on your Desktop.

PhotoRec
PhotoRec
221321 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

When downloading is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the screen below.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will show a screen as displayed below.

PhotoRec for windows

Choose a drive to recover as on the image below.

photorec choose drive

You will see a list of available partitions. Select a partition that holds encrypted personal files like below.

photorec select partition

Press File Formats button and specify file types to recover. You can to enable or disable the recovery of certain file types. When this is complete, press OK button.

PhotoRec file formats

Next, click Browse button to choose where recovered documents, photos and music should be written, then click Search.

photorec

Count of restored files is updated in real time. All restored personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.

When the recovery is done, click on Quit button. Next, open the directory where recovered photos, documents and music are stored. You will see a contents as shown below.

PhotoRec - result of recovery

All restored files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your restored files by extension and/or date/time.

How to protect your personal computer from .Dutan ransomware virus?

Most antivirus applications already have built-in protection system against the ransomware. Therefore, if your system does not have an antivirus program, make sure you install it. As an extra protection, use the HitmanPro.Alert.

Run HitmanPro.Alert to protect your system from .Dutan ransomware virus

HitmanPro.Alert is a small security tool. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.

Installing the HitmanPro Alert is simple. First you’ll need to download HitmanPro Alert on your Windows Desktop from the following link.

HitmanPro.Alert
HitmanPro.Alert
6879 downloads
Author: Sophos
Category: Security tools
Update: March 6, 2019

After downloading is complete, open the folder in which you saved it. You will see an icon like below.

HitmanPro.Alert file icon

Double click the HitmanPro.Alert desktop icon. Once the utility is opened, you will be displayed a window where you can choose a level of protection, as shown in the figure below.

HitmanPro.Alert install

Now click the Install button to activate the protection.

To sum up

Now your PC should be clean of the .Dutan ransomware virus. Remove Kaspersky virus removal tool and MalwareBytes Free. We suggest that you keep Zemana Free (to periodically scan your system for new malicious software). Probably you are running an older version of Java or Adobe Flash Player. This can be a security risk, so download and install the latest version right now.

If you are still having problems while trying to get rid of .Dutan ransomware virus from your personal computer, then ask for help here.

 

Virus

 Previous Post

.Sarut file extension ransomware virus (Restore, Decrypt .sarut files)

Next Post 

How to remove Cclastnews.com pop ups [Chrome, Firefox, IE, Edge]

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Split Max AC Reviews, Scam or Legit, Uncovering the Truth!
Nusayin Cooling Ace Review: Scam or Legit? What You Need to Know
Imwing Cooling Ace Reviews, Scam or Legit, Uncovering the Truth!
How to remove Amencest.co.in pop-up ads
scam alert
Don’t Get Tricked by GEROLAX.com: The Bitcoin Promo Code Scam

Follow Us

Search

Useful Guides

remove chrome extension
How to remove Chrome extensions installed by enterprise policy
How to reset Internet Explorer settings to default
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
How to reset Google Chrome settings to default
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)

Recent Guides

Files encrypted by .sarut ransomware
.Sarut file extension ransomware virus (Restore, Decrypt .sarut files)
Tyrethernot.info
How to remove Tyrethernot.info pop-ups [Chrome, Firefox, IE, Edge]
Checkknowfriends.info
How to remove Checkknowfriends.info pop-ups [Chrome, Firefox, IE, Edge]
Boydiviivided.com
How to remove Boydiviivided.com pop-ups [Chrome, Firefox, IE, Edge]
Downhindingref.info
How to remove Downhindingref.info pop-ups [Chrome, Firefox, IE, Edge]

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.