“All your documents” Virus File Removal

How to Remove “All your documents” Ransomware?

There is a new ransomware infection out there. It’s called “All your documents“ which is an incredibly accurate name. It does encrypt all your documents. However, the ransomware also locks music, photos, videos, presentations and all other files you have. That’s how this type of infection works. Ransomware has a very simple reason to encrypt your private data. You see, this is nothing but an attempt for a cyber scam. Check out today’s article to learn how exactly file-encrypting programs cause you damage. Also, you will find a detailed manual removal guide down below. The “All your documents” virus gets activated immediately after installation. It performs a scan of your computer. Ultimately, the parasite finds “all your documents”. In addition, this infection locates your other file formats as well. You know what the next step is, don’t you? Encryption. Ransomware programs seek your personal data in order to lock it. This particular parasite is no exception. By using a complicated encrypting algorithm, the virus modifies your files. It turns all your precious information into gibberish. That is it. You’re no longer able to view or use any of your files. Needless to say, you probably have some important data stored on your machine. Ransomware denies you access to all of it. We strongly recommend that you keep backups of your files in case some similar infection gets to you. File-encrypting programs target your data. Hence, if you protect your data, hackers cannot blackmail you. As soon as the encryption process is complete, you will notice that your files have changed format. That’s how you can tell they are inaccessible. Ransomware adds a malicious extension to the target files. The cipher it utilizes allows it to hold your once free files hostage. Then hackers ask for money. Unlike other kinds of malware where crooks use subtle approaches, ransomware is straightforward. It directly demands money from you in exchange for a decryption tool. Do you see the scam already? Hackers rely on your anxiety and worry. They promise a unique decryptor which, on theory, will restore your locked files. On practice, though, hackers just want to steal your money. Restrain yourself from paying ANYTHING and keep your Bitcoins. Following hackers’ instructions would be a terrible, terrible idea.

How did I get infected with?

Ransomware infections usually travel the Web in spam emails. They get attached to random emails or messages in social media. If you’re curious enough to click any of them open, you let the virus loose. That’s how easy it is. Make sure you stay away from such questionable attachments. You never know if there’s a nasty cyber intruder hiding there. Instead of infecting your own machine, delete the spam email or message ASAP. Keep in mind that malware could be presented as something perfectly harmless. For example, an email from a shipping company or a job application. The only way to prevent virus infiltration is by paying attention. Don’t even for a minute forget that hackers constantly develop malware. You could install a whole bouquet of infections without even realizing it. Exploit kits and fake program updates are efficient tricks as well. Avoid illegitimate websites, unverified torrents, third-party pop-ups. Also, some parasites get attached to freeware and shareware bundles. When downloading bundled programs, check out what exactly you agree to install. Take your time instead of rushing the process. Skipping steps may seem reasonable but it exposes you to numerous threats. You can see for yourself how dangerous ransomware is. In the future, don’t allow such devious infections to harass you.

Why is “All your documents” dangerous?

Crooks are trying to make illegitimate profit. The problem is, you’re the one who has to pay. While encrypting your files, the virus drops .txt or .html files. It also alters your desktop wallpaper. That means you now see crooks’ instructions on a daily basis. As mentioned already, hackers want you to panic. They are messing with your personal data to trick you into paying a ransom. However, keep in mind paying guarantees you nothing. You may or may not regain access to your files. More often than not, hackers tend to ignore the victim’s attempts to free their information. In other words, you won’t receive a decryption key. You will only lose money and jeopardize your privacy. Ignore the parasite’s ransom notes. Please follow our removal guide and uninstall the intruder for good.

“All your documents” Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover “All your documents” Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with “All your documents” encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate “All your documents” encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.