• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

.ROGER file extension. Remove virus. Restore, Decrypt .ROGER files.

Myantispyware team January 31, 2020    

ROGER file extension

.ROGER file extension is a file extension that is used by a malware belonging to the Crysis/Dharma ransomware family to mark files that have been encrypted. Ransomware is a form of malware created by criminals that restricts access to the victim’s files by encrypting them and demands a ransom for a pair of key-decryptor, necessary for decrypting files. Files encrypted with .ROGER extension become useless, their contents cannot be read without the key that the criminals have. Today there are several variants of the ROGER virus, they are distinguished by the email address that victims must use to contact criminals.

Files encrypted with .ROGER extension

Files encrypted with .ROGER extension

ROGER virus

ROGER virus is one of the variants of Dharma/Crysis ransomware. Like other variants, it encrypts all files on the computer and then demands a ransom for decryption. This virus encrypts files using a strong encryption method, which eliminates the possibility of finding a key in any way. For each victim, ROGER ransomware uses a unique key. It has the ability to encrypt files of any type, regardless of what is in them. Thus, the following common file types can be easily encrypted:

.qdf, .blob, .hkdb, .p12, .pem, .sidd, .iwd, .lbf, .zi, .indd, .sum, .db0, .zdc, .csv, .gho, .xwp, .cas, .wm, .crt, .ntl, .bkp, .pkpass, .wpt, .bsa, .psk, .wpl, .dazip, .3dm, .xml, .gdb, .pptm, .ibank, .kf, .webp, .xf, .xmmap, .wmv, .sql, .m4a, wallet, .wsd, .d3dbsp, .z3d, .bik, .xbdoc, .vpk, .litemod, .odm, .ff, .rofl, .bc6, .xlsb, .js, .mrwref, .wire, .bay, .wot, .wsh, .kdb, .epk, .w3x, .iwi, .x3d, .wsc, .wp, .wpd, .der, .wb2, .dcr, .wbk, .wpb, .rw2, .css, .xlgc, .xmind, .ppt, .raf, .crw, .cer, .vdf, .jpg, .svg, .odc, .apk, .odt, .sb, .xlsx, .raw, .xbplate, .wpd, .wpw, .mdf, .slm, .1st, .fsh, .rb, .rgss3a, .t12, .vtf, .dba, .x3f, .das, .pfx, .xar, .rar, .0, .xyp, .ztmp, .docx, .mdb, .flv, .sid, .xy3, .pef, .doc, .odb, .mddata, .sie, .bc7, .re4, .xlsm, .wbc, .xlsm, .map, .m2, .1, .menu, .zif, .asset, .mef, .mov, .jpe, .tor, .xlk, .xlsx, .xls, .mdbackup, .mpqge, .wri, .rtf, .srw, .odp, .wdb, .xll, .pdf, .m3u, .vpp_pc, .mcmeta, .mlx, .jpeg, .wmo, .tax, .rwl, .layout, .ybk, .wp5, .wp7, .yml, .dbf, .7z, .xdl, .hkx, .forge, .wps, .xyw, .ods, .wp6, .zip, .txt, .p7c, .yal, .lrf, .xdb, .wpg, .big, .avi, .xx, .eps, .bkf, .kdc, .y, .wpe, .wn, .ysp, .qic, .upk, .icxs, .ncf, .xxx, .mp4, .wcf, .psd, .dxg, .vcf, .fos, .syncdb, .x, .wma, .xld

Each file that has been encrypted will be renamed. This means the following. If the file was called ‘document.docx’, then after encryption, it will be named ‘document.docx.id-[USER-ID].[EMAIL-ADDRESS].ROGER’. ROGER ransomware can encrypt files located on any disks connected to the computer. Therefore, files located in network attached storage and external devices can also be encrypted. If you change the name of the encrypted file, just delete the appended extension, then nothing will change. The file will remain encrypted, and as before, this file will not be possible to open in the program with which it is associated.

ROGER ransomnote

ROGER ransom note pop-up

The text presented in this pop-up:

YOUR FILES ARE ENCRYPTED
Don’t worry,you can return all your files!
If you want to restore them, follow this link:email LeeBob78@aol.com YOUR ID 5469E974
If you have not been answered via the link within 12 hours, write to jabber mfrank@xmpp.jp or e-mail:NoahDavis88@protonmail.com

Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Currently, there are several variants of the ROGER ransomware, which differ in the extension appended to the encrypted files:

  • .[decrypt@files.mn].ROGER
  • .[mr_shox@protonmail.com].ROGER
  • .[FrankMiller888@aol.com].ROGER
  • .[NoahDavis88@protonmail.com].ROGER
  • .[cryptfiles@protonmail.com].ROGER
  • .[cryptfiles@goal.si].ROGER
  • .[backdata.company@aol.com].ROGER
  • .[recoverysql@protonmail.com].ROGER
  • .[anna.kurtz@protonmail.com].ROGER
  • .[admin@spacedatas.com].ROGER
  • .[wang.chang888@tutanota.com].ROGER
  • .[admin@datastex.club].ROGER
  • .[LeeBob78@aol.com].ROGER

Perhaps you found on your computer or its desktop a new file called ‘FILES ENCRYPTED.txt’, which for some reason is not encrypted. An example of such a file is given below.

ROGER ransom note

ROGER virus – ransom note

This file is very important, in addition to containing a ransom demand mesage, it also contains information that allows you to contact intruders. According to the message, the victim is invited to contact the attackers using the given email address. In response, the authors of the virus will give a Bitcoin address to which the ransom must be transferred. Of course, you should understand that there is no guarantee that the attackers, after receiving the ransom, will provide you with the key necessary to decrypt your files. In addition, by paying the ransom, you will push attackers to create a new ransomware.

The contents of the FILES ENCRYPTED.txt file:

all your data has been locked us
You want to return?
write email LeeBob78@aol.com or NoahDavis88@protonmail.com

Threat Summary

Name ROGER
Type Crypto malware, File locker, Crypto virus, Filecoder, Ransomware
Encrypted files extension .id-[USER-ID].[EMAIL-ADDRESS].ROGER
Ransom note FILES ENCRYPTED.txt
Contact (email address) decrypt@files.mn, FrankMiller888@aol.com, NoahDavis88@protonmail.com, cryptfiles@protonmail.com, cryptfiles@goal.si, backdata.company@aol.com, recoverysql@protonmail.com, anna.kurtz@protonmail.com, admin@spacedatas.com, wang.chang888@tutanota.com, admin@datastex.club, LeeBob78@aol.com, NoahDavis88@protonmail.com
Ransom amount $500-$1500 in Bitcoins
Detection Names Trojan.Ransom.Crysis.E, Trojan.Win32.Crusis.tqMs, Win32:RansomX-gen [Ransom], AI:Packer.D3B9457E1E, W32.RansomeDNZ.Trojan, Win.Trojan.Dharma-6668198-0, TrojWare.Win32.Crysis.D@6sd9xy, Trojan.Encoder.3953, A Variant Of Win32/Filecoder.Crysis.P, W32/Wadhrama.B, W32/Crysis.W!tr.ransom, Win32.Trojan-Ransom.VirusEncoder.A, Trojan.Crypren.ic, Ransom.Crysis, Troj/Criakl-G, Trojan-Ransom.Win32.Crusis.to
Symptoms Documents, photos and music won’t open. Your documents, photos and music have different extension appended at the end of the file name. Your file directories contain a ‘ransom note’ file that is usually a .html, .jpg or .txt file. Ransom note in a pop-up window with cybercriminal’s ransom demand and instructions.
Distribution ways Spam or phishing emails that are designed to get people to open an attachment or click on a link. Drive-by downloading (when a user unknowingly visits an infected web-page and then malicious software is installed without the user’s knowledge). Social media posts (they can be used to mislead users to download malicious software with a built-in ransomware downloader or click a suspicious link). USB flash drive and other removable media.
Removal ROGER virus removal guide

 

How to remove ROGER ransomware, Restore .ROGER files

If your files have been encrypted with ‘.ROGER’ extension, then first of all you need to remove ROGER ransomware and be 100% sure that there is no active ransomware on your computer, and then proceed to restore the files. Both the ransomware removal process and the file recovery process will take a lot of time, so do not believe the magical instructions that say that this can be done very quickly. We definitely recommend, even if for some reason one of the methods proposed below did not suit you, try another one and try all of them. Perhaps one of them will help you. Feel free to ask questions in the special section on our website or in the comments below. And the last, before proceeding with the instructions, we advise you to read it thoroughly carefully, and then print or open it on a tablet or smartphone to have it always at hand.

  1. How to remove ROGER ransomware
  2. How to decrypt .ROGER files
  3. How to restore .ROGER files
  4. How to protect your computer from ROGER crypto malware

How to remove ROGER ransomware

First you need to remove the ROGER ransomware autostart entries before decrypting and recovering encrypted files. Another option is to perform a full scan of the computer using antivirus software capable of detecting and removing ransomware infection.




It is very important to scan the computer for malware, as security researchers found that spyware could be installed on the infected computer along with the ROGER ransomware. Spyware is a very dangerous security threat as it is designed to steal the user’s personal information such as passwords, logins, contact details, etc. If you have any difficulty removing the ransomware, then let us know in the comments, we will try to help you.

To remove ROGER ransomware, use the steps listed below:

  • Kill ROGER ransomware
  • Disable ROGER ransomware Start-Up
  • Scan computer for malware

Kill ROGER ransomware

Press CTRL, ALT, DEL keys together.

remove ransomnote - task manager

Click Task Manager. Select the “Processes” tab, look for something suspicious that is the ROGER ransomware then right-click it and select “End Task” or “End Process” option.

ROGER virus removal 1

A process is particularly suspicious: it is taking up a lot of memory (despite the fact that you closed all of your programs, its name is not familiar to you (if you are in doubt, you can always check the program by doing a search for its name in Google, Yahoo or Bing).

Disable ROGER ransomware Start-Up

Select the “Start-Up” tab, look for something similar to the one shown in the example below, right click to it and select Disable.

ROGER virus removal 2

Close Task Manager.

Scan computer for malware

Zemana Anti-Malware highly recommended, because it can detect security threats such ransomware, other malicious software and trojans which most ‘classic’ antivirus software fail to pick up on. Moreover, if you have any ROGER removal problems which cannot be fixed by this utility automatically, then Zemana provides 24X7 online assistance from the highly experienced support staff.
 

Zemana Anti Malware remove ROGER crypto virus related folders,files and registry keys
 

  1. First, please go to the following link, then click the ‘Download’ button in order to download the latest version of Zemana.
    Zemana AntiMalware
    Zemana AntiMalware
    165069 downloads
    Author: Zemana Ltd
    Category: Security tools
    Update: July 16, 2019
  2. At the download page, click on the Download button. Your browser will open the “Save as” dialog box. Please save it onto your Windows desktop.
  3. Once the downloading process is complete, please close all applications and open windows on your computer. Next, run a file named Zemana.AntiMalware.Setup.
  4. This will start the “Setup wizard” of Zemana onto your system. Follow the prompts and don’t make any changes to default settings.
  5. When the Setup wizard has finished installing, the Zemana Free will launch and display the main window.
  6. Further, click the “Scan” button to perform a system scan for the ROGER ransomware, other kinds of potential threats like malicious software and trojans. This process can take some time, so please be patient. While the Zemana utility is checking, you may see count of objects it has identified as being affected by malware.
  7. When Zemana is done scanning your computer, Zemana Anti Malware (ZAM) will show a screen that contains a list of malware that has been found.
  8. Next, you need to press the “Next” button. The tool will remove ROGER crypto malware and other security threats and add threats to the Quarantine. Once the task is finished, you may be prompted to reboot the personal computer.
  9. Close the Zemana Anti-Malware (ZAM) and continue with the next step.

If you’re having problems with the ROGER ransomware virus removal, then download MalwareBytes Anti-Malware (MBAM). It is free for home use, and searches for and deletes various malicious software that attacks your machine or degrades personal computer performance. MalwareBytes Free can remove spyware, adware, worms as well as other malware, including ransomware and trojans.

Visit the page linked below to download the latest version of MalwareBytes Anti-Malware for MS Windows. Save it on your Microsoft Windows desktop or in any other place.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
327294 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

After the download is done, close all software and windows on your PC. Double-click the install file named mb3-setup. If the “User Account Control” dialog box pops up as displayed in the following example, click the “Yes” button.

MalwareBytes for MS Windows uac dialog box

It will open the “Setup wizard” which will help you install MalwareBytes Anti Malware (MBAM) on your personal computer. Follow the prompts and do not make any changes to default settings.

MalwareBytes Free for MS Windows set up wizard

Once install is done successfully, click Finish button. MalwareBytes AntiMalware will automatically start and you can see its main screen as shown below.

MalwareBytes Anti Malware (MBAM) for Windows

Now press the “Scan Now” button to perform a system scan with this utility for the ROGER ransomware virus related folders,files and registry keys. A system scan can take anywhere from 5 to 30 minutes, depending on your personal computer. While the MalwareBytes Anti-Malware is checking, you can see count of objects it has identified either as being malicious software.

MalwareBytes AntiMalware for Windows search for ROGER ransomware virus, other malware, worms and trojans

When finished, the results are displayed in the scan report. Make sure all threats have ‘checkmark’ and click “Quarantine Selected” button. The MalwareBytes Anti-Malware (MBAM) will delete ROGER crypto malware related folders,files and registry keys and move items to the program’s quarantine. After the process is done, you may be prompted to restart the personal computer.

MalwareBytes Free for Microsoft Windows reboot dialog box

In order to be 100% sure that the computer no longer has the ROGER crypto malware, we recommend using the Kaspersky virus removal tool (KVRT). It is free and easy to use. It can detect and remove ROGER ransomware and other malware. KVRT is powerful enough to find and uninstall malicious registry entries and files that are hidden on the system.

Download Kaspersky virus removal tool (KVRT) on your Windows Desktop by clicking on the link below.

Kaspersky virus removal tool
Kaspersky virus removal tool
129304 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

Once the download is done, double-click on the KVRT icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen like below.

Kaspersky virus removal tool main window

Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next click Start scan button to perform a system scan with this utility for the ROGER crypto malware and other trojans and harmful programs. This process can take quite a while, so please be patient. While the Kaspersky virus removal tool tool is scanning, you can see how many objects it has identified as being infected by malicious software.

KVRT scanning

After that process is finished, Kaspersky virus removal tool will show a list of detected threats as shown below.

KVRT scan report

You may delete threats (move to Quarantine) by simply click on Continue to begin a cleaning task.

How to decrypt .ROGER files

All files with the ‘.ROGER’ extension are encrypted. Their contents cannot be unlocked simply by removing this extension or completely changing the filename. Unfortunately, today there is no way to decrypt files encrypted with ROGER virus, because to decrypt them you need a unique key, and this key is in the hands of criminals.

Should you pay the ransom

Never pay the ransom! Some users, wishing to recover access to blocked documents, photos and music, pay the ransom amount of money to cyber frauds. However, it is important to remember before performing this action that you are interacting with unscrupulous and dishonest people, and the probability that after transferring money they will not provide you with a decryption key to decrypt the encrypted files or increase the amount of ransom is high enough.

Files encrypted by ransomware

Fortunately, there are several alternative methods that do not require the use of a key and therefore allow you to restore the contents of encrypted files. Try to recover the encrypted files using free tools listed below.

How to restore .ROGER files

As we said above, today you cannot decrypt .ROGER files. Fortunately, there are several simple ways that in some cases can help restore the contents of encrypted files without decryption. Each of these methods does not require a decryptor and a unique key, which is in the hands of criminals. The only thing we strongly recommend that you perform (if you have not already done so) is to perform a full scan of the computer. You must be 100% sure that ROGER virus has been removed. To find and remove ransomware, use the free malware removal tools.




Recover .ROGER files with ShadowExplorer

An alternative is to restore personal files from their Shadow Copies. The Shadow Volume Copies are copies of files and folders that MS Windows 10 (8, 7 and Vista) automatically saved as part of system protection. This feature is fantastic at rescuing photos, documents and music that were encrypted by ROGER ransomware virus. The tutorial below will give you all the details.

Download ShadowExplorer from the link below.

ShadowExplorer
ShadowExplorer
439682 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

After downloading is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder like below.

ShadowExplorer folder

Run the ShadowExplorer utility and then choose the disk (1) and the date (2) that you want to restore the shadow copy of file(s) encrypted by the ROGER crypto virus as shown in the following example.

ShadowExplorer restore files encrypted by the ROGER ransomware

Now navigate to the file or folder that you want to recover. When ready right-click on it and click ‘Export’ button as shown on the screen below.

ShadowExplorer restore file

This video step-by-step guide will demonstrate How to recover encrypted files using Shadow Explorer.

Run PhotoRec to restore .ROGER files

Before a file is encrypted, the ROGER ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your photos, documents and music using file recover apps like PhotoRec.

Download PhotoRec on your MS Windows Desktop from the following link.

PhotoRec
PhotoRec
221332 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

After the download is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as on the image below.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for Windows. It will show a screen as shown in the following example.

PhotoRec for windows

Choose a drive to recover as shown below.

photorec select drive

You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as on the image below.

photorec select partition

Click File Formats button and specify file types to restore. You can to enable or disable the recovery of certain file types. When this is finished, click OK button.

PhotoRec file formats

Next, click Browse button to choose where recovered documents, photos and music should be written, then press Search. We strongly recommend that you save the recovered files to an external drive.

recover .ROGER files

Count of restored files is updated in real time. All restored photos, documents and music are written in a folder that you have chosen on the previous step. You can to access the files even if the restore process is not finished.

When the recovery is finished, click on Quit button. Next, open the directory where restored documents, photos and music are stored. All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories.

list of recovered .ROGER files

If you are looking for a specific file, then you can to sort your recovered files by extension, size and/or date/time.

This video step-by-step guide will demonstrate How to recover encrypted files using PhotoRec.

How to protect your computer from ROGER crypto malware?

Most antivirus software already have built-in protection system against the ransomware. Therefore, if your PC does not have an antivirus program, make sure you install it. As an extra protection, run the HitmanPro.Alert. All-in-all, HitmanPro.Alert is a fantastic utility to protect your system from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Microsoft Windows OS from Microsoft Windows XP to Windows 10.

Click the following link to download HitmanPro.Alert. Save it to your Desktop.

HitmanPro.Alert
HitmanPro.Alert
6880 downloads
Author: Sophos
Category: Security tools
Update: March 6, 2019

Once the downloading process is complete, open the directory in which you saved it. You will see an icon like below.

HitmanPro.Alert file icon

Double click the HitmanPro Alert desktop icon. After the tool is started, you’ll be shown a window where you can select a level of protection, as shown on the image below.

HitmanPro.Alert install

Now click the Install button to activate the protection.

Finish words

This guide was created to help all victims of ROGER ransomware virus. We tried to give answers to the following questions: how to remove ransomware; how to recover .ROGER files. We hope that the information presented in this manual has helped you.

If you have questions, then write to us, leaving a comment below. If you need more help with ROGER related issues, go to here.

 

Ransomware

 Previous Post

How to remove Backrocklondon.com pop-ups (Virus removal guide)

Next Post 

Your AntiVirus Subscription Might Have Expired POP-UP SCAM (Virus removal guide)

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Anchomoross.com Virus Removal Guide
scam alert
Fake or Real? You Visited Some Hacked Websites With Exploit Email Scam Explained
scam alert
Spotify Can’t Process Your Payment Scam Alert: A Phishing Email to Avoid
IFMAGIC GLP-1 Pro Weight Loss Oral Solution Review, Scam or Legit? What You Need to Know
LilCooler Portable AC Review, Scam or Legit? What You Need to Know

Follow Us

Search

Useful Guides

DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
remove android virus
How to remove virus from Android phone
adwcleaner
AdwCleaner – Review, How to use, Comments
This setting is enforced by your administrator (Removal guide)

Recent Guides

Backrocklondon.com
How to remove Backrocklondon.com pop-ups (Virus removal guide)
Kolerprivals.pro
How to remove Kolerprivals.pro pop-ups (Virus removal guide)
Sectinginmee.pro
How to remove Sectinginmee.pro pop-ups (Virus removal guide)
Streampro.club
How to remove Streampro.club pop-ups (Virus removal guide)
antivirus-expired.info
How to remove Antivirus-expired.info pop-ups (Virus removal guide)

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.