Remove Ecovector (Vegclass) Ransomware

How to Remove Ecovector Ransomware?

Reader recently start to report the following message being displayed when they boot their computer:

Attention!!! To restore information email technical support send 3 encrypted files Econvector3(@) or Eco_vector(@)

You’ve managed to get stuck with one of the most virulent types of infections online. To say the least, you’ve been quite unlucky. And you now have to take action as soon as possible. Ecovector (Vegclass) Ransomware belongs to the nasty Troldesh family. Other infamous members of this family include JohnyCryptor, Green_Ray and Mahasaraswati. As you could imagine, these are all equally malicious so coming across any of them surely guarantees you a bad time. Ecovector (Vegclass) uses the AES encrypting algorithm and RSA-2048 encrypting key in order to lock your data. Just like all ransomware-type programs out there, this one is impressively effective. We’ve noticed a constantly increasing number of ransomware infections on the Web. Do you want to know why? Because these parasites aim directly at your bank account. By encrypting all your personal data and taking it hostage, the virus confuses you. Furthermore, it gets you to panic. Once you give into anxiety (which many people do because such sudden modifications are nerve-wracking), you become easy prey. This is where the ransom note comes in handy. While encrypting your data, Ecovector (Vegclass) also creates numerous How to decrypt your files.txt and changes your desktop wallpaper. Now you’re seeing hackers’ payment instructions practically all the time. According to the ransom messages, you have to pay a certain sum of money in Bitcoins. Once you complete the payment, you’re supposed to receive a decryption key – a unique combination of symbols which should allow you to regain access to your infected data. It goes without saying this is a lie. Ransomware is nothing but a stealthy attempt for a cyber fraud. Even if you do follow hackers’ instruction, you may still not receive anything in exchange. What’s even worse is that you cannot open, work with or even view the files Ecovector (Vegclass) has encrypted. You’ll notice that your locked files now have some weird file extension – .Vegclass(@), or .{ecovector3(@)}.xtbl. The computer is unable to recognize this new file format so, logically, you’re unable to use your private information. Remember, you have to ignore all of hackers’ fake promises and empty threats. Stay away from the email addresses they provide you and do not give them your money! Are you wiling to support their malicious business? No? Then don’t let cyber criminals blackmail you. Get rid of the parasite instead.

How did I get infected with?

Spam email-attachments and spam messages are among the most commonly used infiltration techniques at the moment. Yes, they are also the oldest tricks in the books but as you can see, hackers don’t have a reason to give them up anytime soon. Ransomware often gets disguised as a legitimate email, for example, a job application. However, if you click the corrupted email, you automatically infect your machine. That’s all it takes. Parasites also travel the Web via questionable freeware/shareware bundles, illegitimate websites and dangerous third-party pop-up ads. Ecovector (Vegclass) might have invaded your PC with the help of a Trojan horse. Obviously, hackers have many efficient virus distribution methods to choose from. A rule of thumb – don’t underestimate their immense creativity when it comes to spreading malware online. Stay away from anything suspicious online and always put your cyber safety first. You won’t regret being cautious because this is the only way to prevent virus installation. Keep in mind that the Web is infested with malware so make no mistake.

Remove Ecovector

Why is Ecovector dangerous?

Ecovector (Vegclass) is a typical ransomware virus. It takes advantage of your haste and worry in order to extort money from you. As we already mentioned, the virus encrypts a huge variety of file formats including .mp3, mp4, .jpg, .jpeg, .txt, .xls, .docx, etc. No matter how aggressive the parasite is, don’t even consider contacting hackers. If you do use the emails this pest forces on you, you will only learn that decrypting your files will cost 3 Bitcoin. For those of you who aren’t familiar with online currently, that equals 1742 USD. Not paying the ransom immediately makes the sum 5 Bitcoin (about 2900 USD). Would you really pay 2900 USD to unlock your pictures and music? The Ecovector (Vegclass) infection might even block your anti-virus program thus making your cyber situation even worse. That is why our advise is to uninstall this pest ASAP; in the meantime, ignore hackers’ attempts  to defraud you. To delete Ecovector (Vegclass) ransomware manually, please follow the detailed removal guide you’ll find down below.

Ecovector Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Ecovector Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.


  • Locate any suspicious processes associated with Ecovector encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Ecovector encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment