• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Virus › .Reco file extension. How to remove virus. Restore .reco files.

.Reco file extension. How to remove virus. Restore .reco files.

Myantispyware team October 6, 2019     No Comment    

Suddenly .reco extension was added at the end of the file names, your files stopped opening in associated programs and their icons became blank. If you encounter these problems, then your files have been encrypted, and your computer has become a victim of ransomware. Use our guide below to remove Reco and restore access to your files without having to pay ransom.

reco file extension

Files encrypted with .reco file extension’

What the ransomware does. It encrypts files, after it changes their extension to ‘reco’. That is, if a file with the name image.jpg was encrypted, then it will receive the name image.jpg.reco. The ransomware can encrypt almost all files, it only passes files that are needed for the Windows OS to work. The following file types can be encrypted:

.rwl, .wma, .db0, .esm, .wmv, .wdb, .sis, .xlsx, .p12, .ws, .iwi, .x3f, .xxx, .wn, .3fr, .xld, .itl, .odt, .z, .bc6, .mov, .arw, .dba, .wbc, .ybk, .epk, .pfx, .slm, .zif, .hkx, .xyp, .sr2, .py, .ods, .rb, .zip, .avi, .bik, .ntl, .kf, .wav, .psd, .xyw, .odm, .wmd, .orf, .xlsx, .zdb, .bkp, .wp, .0, .xll, .x3d, .lbf, .xar, .wpg, .cdr, .vpp_pc, .wsc, .eps, .pdd, .zabw, .mpqge, .qdf, .dng, .dmp, .bkf, .xdl, .vcf, .arch00, .psk, .wpw, .r3d, .webp, .svg, .x, .itm, .xlsb, .itdb, .wb2, .ptx, .webdoc, .qic, .wp7, .wri, .yal, .xbplate, .dwg, .dbf, .3ds, .xmmap, .wp6, .raf, .sql, .zw, .gdb, .t12, .upk, .cas, .x3f, .vpk, .ztmp, .wsh, .wbz, .sidd, .cr2, .bay, .raw, .lvl, .txt, .7z, .docx, .wgz, .xbdoc, .lrf, .wsd, .wmf, .wcf, .sav, .wbd, .wotreplay, .m4a, .sum, .wps, .xpm, .fsh, .ysp, .cfr, .wm, .kdb, .sid, .srw, .rtf, .mp4, .3dm, .erf, wallet, .xls, .rar, .wpa, .xy3, .wps, .yml, .mddata, .t13, .bc7, .css, .snx, .tor, .xls, .xmind, .jpe, .big, .w3x, .pak, .1st, .odb, .2bp, .wpd, .pkpass, .ai, .apk, .wma, .wbm, .sidn, .p7c, .srf, .wot, .wpt, .doc, .xlk, .hvpl, .jpeg, .pptm, .pst, .wmv, .1, .fpk, .layout, .rofl, .wpb, .rgss3a, .wpd, .d3dbsp, .forge, .xf, .flv, .syncdb, .nrw, .mdb, .m3u, .ppt, .mdbackup, .gho, .mrwref, .odc, .wmo, .accdb, .bar, .zi, .indd, .hplg, .pptx, .js, .ff, .litemod, .pef, .odp, .cer, .png, .p7b, .m2, .pdf, .rim, .ltx, .sb, .mdf, .vdf, .blob, .wbmp, .zdc, .sie, .der, .jpg, .y, .das, .xlsm, .vfs0, .wire, .menu, .xlsm, .re4, .wp5, .zip, .xml, .xx, .mef, .z3d, .map, .fos, .ncf, .icxs, .mcmeta, .asset, .rw2, .dxg, .tax, .iwd, .dcr, .pem, .wp4, .ibank, .kdc, .crw, .xlgc, .crt, .desc, .wdp, .csv, .bsa, .mlx

Reco ransomware uses a very strong encryption mode and a long unique key. Therefore, it is impossible to decrypt files without a key. Even if you remove the new extension, it will not change anything. These files will remain encrypted. In each directory where there are encrypted files, the ransomware creates a file containing the ransom request. In the case of Reco, this file is called ‘_readme.txt’, its contents are given below.

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-iBpEhjntw2
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
gerentosrestore@firemail.cc

This file contains a message from Reco creators, in which they say that the only way to decrypt the files is to pay them a ransom of $980. Although the attackers do not leave a description of the payment method, this way is known. Most often, they require the victim to transfer the agreed amount anonymously using electronic money – bitcoins.

Threat Summary

Name Reco ransomware
Type Crypto malware, File locker, Crypto virus, Filecoder, Ransomware
Encrypted files extension .reco
Ransom note _readme.txt
Contact gorentos@bitmessage.ch
Ransom amount $980, $490 in Bitcoins
Symptoms Your photos, documents and music now have a .reco file extension. Files called such as ‘_readme.txt’, or ‘_readme” in every folder with an encrypted file.
Distribution ways Malicious email attachments. Exploit kits (cybercriminals use ransomware virus packaged in an ‘exploit kit’ that can find a vulnerability in Browser, Adobe Flash Player, Microsoft Windows operating system, PDF reader). Social media, like web-based instant messaging programs. Torrent web sites.
Removal To remove Reco ransomware use the removal guide
Decryption To decrypt Reco ransomware use the steps

Quick links

  1. How to decrypt .reco files
  2. How to remove Reco ransomware
  3. How to restore .reco files
  4. How to protect your PC from Reco crypto virus?
  5. Finish words

How to decrypt .reco files

How to decrypt encrypted files – this is the question asked by everyone who is faced with the consequences of the Reco attack. Unfortunately, files cannot be decrypted at this time. Although Reco is a malware that is already the 170th version of one ransomware, security experts have not yet developed a decryptor that could help all the victims. But it is not all that bad. There are few options that can help you decrypt (restore) files:

Use Offline key to decrypt .reco files. As we already wrote, Reco uses a key to encrypt files. This key is unique, it cannot be cracked and you cannot use the key from another computer. Typically, Reco uses an online key that it receives from a control server, but in some cases, if this server is unavailable, the virus uses the so-called offline key. So, if in your case an offline key was used, then there is a chance that after a while it will be found, and then you will decrypt your files.

How to determine which key Reco used to encrypt files. First of all, you can look at the PersonaID that is given in the ‘_readme.txt’ file (ransom note).

reco PersonaID

PersonaID is highlighted here

Another way, look on disk ‘C’ for ‘SystemID/PersonaID.txt’ file. This is a file in which Reco stores the PersonaIDs used for encryption.

If there is an ID ending in ‘t1’, then you are lucky, your files are encrypted using an offline key, and when security experts find this key, you can decrypt .reco files.

If your PersonaID does not end with ‘t1’, then Reco used an online key. In this case, you only have one option left, to use tools that are created to recover data. In some cases, this method helps to recover some or even all encrypted files. We will talk about this method below.

Update: good news! A few days ago a free decryptor was released. Below I provide a link where you will find detailed information on where to download it and how to use it to decrypt .reco files.

STOP Djvu Ransomware Decryptor – Free way to decrypt encrypted files

How to remove Reco ransomware

Before you try to decrypt or restore .reco files, you need to check your computer for malware, find and remove ransomware. To remove Reco, we recommend that you use several malware removal tools. Be sure to check the computer with more than one tool, the reason is the same, you need to be sure that Reco is removed.




Run Zemana Anti-Malware (ZAM) to remove Reco ransomware

The first thing we recommend you start with is to use a malware removal tools that is called Zemana Anti-Malware. The reason is simple, this tool is small, has a fast and powerful scanner and is easy to use. It will help you find and remove Reco for free.

Visit the page linked below to download the latest version of Zemana Free for Windows. Save it directly to your Windows Desktop.

Zemana AntiMalware
Zemana AntiMalware
159543 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

When downloading is finished, run it and follow the prompts. Once installed, the Zemana will try to update itself and when this procedure is complete, press the “Scan” button to perform a system scan for Reco ransomware, other malware, worms and trojans.

Zemana Anti-Malware detect Reco ransomware virus, other kinds of potential threats such as malicious software and trojans

This procedure may take quite a while, so please be patient. While the utility is checking, you may see how many objects and files has already scanned. Make sure all items have ‘checkmark’ and press “Next” button.

Zemana AntiMalware scan is finished

The Zemana Free will start to uninstall Reco crypto malware and other security threats.

Run MalwareBytes to delete Reco ransomware virus

Another option is to use a malware removal tool called MalwareBytes. This tool is designed to detect and remove various types of malware, including ransomware such as Reco. And of course, all found threats, this tool will delete for free.

MalwareBytes Anti-Malware (MBAM) for Microsoft Windows, scan for crypto virus is done

  1. Download MalwareBytes Free on your MS Windows Desktop from the link below.
    Malwarebytes Anti-malware
    Malwarebytes Anti-malware
    317658 downloads
    Author: Malwarebytes
    Category: Security tools
    Update: April 15, 2020
  2. When downloading is complete, close all programs and windows on your PC system. Open a directory in which you saved it. Double-click on the icon that’s named mb3-setup.
  3. Further, press Next button and follow the prompts.
  4. Once installation is complete, press the “Scan Now” button . MalwareBytes AntiMalware program will scan through the whole system for Reco virus and other security threats. While the MalwareBytes Free program is scanning, you can see how many objects it has identified as threat.
  5. When MalwareBytes Anti Malware (MBAM) is done scanning your machine, MalwareBytes Anti-Malware (MBAM) will display a scan report. Make sure all threats have ‘checkmark’ and click “Quarantine Selected”. Once disinfection is complete, you can be prompted to reboot your system.

The following video offers a few simple steps on how to uninstall hijackers, adware software and other malicious software with MalwareBytes AntiMalware.

Run Kaspersky virus removal tool to remove Reco

The last option, but which we recommend to use, is to check the computer using Kaspersky virus removal tool (KVRT). Although this tool is in third place on our list, you should definitely use it. The reason is simple, KVRT uses one of the most powerful anti-virus engines.

Download Kaspersky virus removal tool (KVRT) on your computer by clicking on the following link.

Kaspersky virus removal tool
Kaspersky virus removal tool
123934 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

Once the downloading process is complete, double-click on the KVRT icon. Once initialization process is complete, you will see the Kaspersky virus removal tool screen as shown in the following example.

KVRT main window

Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next press Start scan button . KVRT tool will start scanning the whole PC system to find out Reco malware and other known infections. A scan can take anywhere from 10 to 30 minutes, depending on the number of files on your machine and the speed of your computer. While the KVRT utility is checking, you can see how many objects it has identified as being infected by malicious software.

Kaspersky virus removal tool scanning

When KVRT is done scanning your machine, Kaspersky virus removal tool will open a screen which contains a list of malware that has been detected like below.

KVRT scan report

Make sure to check mark the items that are unsafe and then click on Continue to begin a cleaning procedure.

How to restore .reco files

If you were unable to decrypt .reco files, or Reco used an online key to encrypt them, then today there is only one option that may help you recover encrypted files – use programs created to recover deleted or lost data. We recommend using ShadowExplorer and PhotoRec. Although of course you can try other programs. The main advantages of ShadowExplorer and PhotoRec are that these programs were tested by us and other experts in situations where it was necessary to recover data after a ransomware attack, and secondly, these programs are free.

What else we want to add, be sure to verify that Reco has been deleted before proceeding with the recovery of encrypted files.




Restore .reco encrypted files using Shadow Explorer

If automated backup (System Restore) is enabled, then you can use it to recover all encrypted files to previous versions.

ShadowExplorer can be downloaded from the following link. Save it to your Desktop so that you can access the file easily.

ShadowExplorer
ShadowExplorer
419193 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

When the download is done, extract the downloaded file to a folder on your computer. This will create the necessary files as displayed below.

ShadowExplorer folder

Start the ShadowExplorerPortable program. Now select the date (2) that you want to recover from and the drive (1) you wish to recover files (folders) from as displayed in the figure below.

restore encrypted files with ShadowExplorer utility

On right panel navigate to the file (folder) you wish to restore. Right-click to the file or folder and click the Export button like below.

ShadowExplorer restore .reco files

And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.

Use PhotoRec to recover .reco files

The last, but most often helpful way to recover files is to use a free program called PhotoRec. This program can help you because it uses one feature of the Windows OS. When you delete any file, it is not deleted completely, the OS simply marks it as deleted. This program searches for such files and restores them. In the same way, PhotoRec can help you recover encrypted files.

Download PhotoRec on your Microsoft Windows Desktop by clicking on the link below.

PhotoRec
PhotoRec
208969 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

Once downloading is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as on the image below.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for Windows. It’ll show a screen as shown on the screen below.

PhotoRec for windows

Select a drive to recover like below.

photorec select drive

You will see a list of available partitions. Choose a partition that holds encrypted personal files as shown in the figure below.

photorec select partition

Press File Formats button and choose file types to recover. You can to enable or disable the restore of certain file types. When this is finished, press OK button.

PhotoRec file formats

Next, click Browse button to select where restored photos, documents and music should be written, then click Search.

photorec

Count of recovered files is updated in real time. All recovered personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the restore process is not finished.

When the restore is complete, click on Quit button. Next, open the directory where recovered photos, documents and music are stored. You will see a contents such as the one below.

PhotoRec - result of recovery

All recovered photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your restored files by extension and/or date/time.

Finish words

We hope this instruction helped you understand what Reco is, how to remove it and, most importantly, how to restore or decrypt .reco files. As we already said, if new ways to decrypt files appear, we will immediately inform about them. Therefore, I recommend subscribing to our Facebook page or bookmarking this article.

If you have questions or comments, write to us below.

 

Virus

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Whiteforwardlines.com Click Allow Scam
Whiteforwardlines.com Virus Removal Guide
Gouddin.com Click Allow Scam
Gouddin.com Virus Removal Guide
Buetlly.com website
Buetlly.com Review: Is This Online Store a Scam?
Tavav.shop online store
Tavav.shop Review: Is This Online Store Safe to Shop From?
Doparnelychme.com Click Allow Scam
Doparnelychme.com Virus Removal Guide

Follow Us

Search

Useful Guides

Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
This setting is enforced by your administrator (Removal guide)
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)

Recent Posts

duba.com
How to remove Duba.com [Chrome, Firefox, IE, Edge]
Power App
How to remove Power App [Virus removal guide]
1C1ehibCgeuLwF4VbSAzoDapDLbKtjivbP Bitcoin Email Scam
1C1ehibCgeuLwF4VbSAzoDapDLbKtjivbP Bitcoin Email Scam
Downtibutca.pro
How to remove Downtibutca.pro pop-ups (Virus removal guide)
Kincoratne.pro
How to remove Kincoratne.pro pop-ups (Virus removal guide)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.