0
()

Issue

  • Your ESET product detected a Win32/Filecoder.AE infection
  • Decrypt specific variants of your files using the decoder.exe tool
  • Your personal files have become encrypted
  • Users are told they have to send information or a certain amount of money via Onpay.ru payment service
  • You receive the following message on your computer:

Solution

Important!
In order to run the decoder, you have to manually find two files (config.cfg and account.cfg) created as a side effect of this malware.
  1. Download the decryptor tool and save the file to your Desktop.

    ESETFilecoderAEcleaner.zip

  2. Unzip the file and copy decoder.exe to your Desktop.
  3. Ensure that you have copied config.cfg and account.cfg to your Desktop.
  4. Create a new folder on your Desktop and name it Encrypted. Copy (do not move) the encrypted files you want to decrypt to this folder.
  5. Click Start → All Programs → Accessories, right-click Command prompt and then select Run as administrator from the context menu.
    • Windows 8 / 8.1 / 10 users: press the Windows key + to search for applications, type Command prompt into the Search field, right-click Command prompt and then select Run as administrator from the context menu.
  6. Type the command cd %userprofile%\Desktop (do not replace “userprofile” with your username; type the command exactly as shown) and then press Enter.
  7. Type decoder.exe Encrypted and press Enter to scan the folder drive.
  8. The decryptor tool has run successfully when the “Decoding 100%” or “Done” message is displayed.

Figure 1-2

decoder_log.txt

Open decoder_log.txt on your Desktop if you need to troubleshoot execution of the cleaner.

  1. If decryption was successful, type decoder.exe C: to decrypt all infected files on your C drive. To scan a different location, replace C: with the applicable path.

Need Assistance in North America?

If you are a North American ESET customer and need assistance, visit helpus.eset.com to chat with a live technician, view product documentation or schedule a consultation with an ESET Home Advisor.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

(Visited 7 times, 1 visits today)
Discover More help  [KB7750] Deploy the ESET Management Agent to a macOS or Linux client using Agent Live Installer (8.x)