How to Remove HAIZ File Virus

How to Remove HAIZ Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

All your files have been encrypted due to a security problem with your PC.
To restore all your files, you need a decryption.
If you want to restore them, write us to the e-mail haizenberg@aol.com.
Or you can write us to the e-mail makbigfast@india.com.
In a letter to send Your personal ID (see In the beginning of this document).
You have to pay for decryption in Bitcoins.
The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
In the letter, you will receive instructions to decrypt your files!

There’s a new ransomware plague, making waves online. Users have come to calling it the HAIZ infection. That’s short from haizenberg@aol.com, which is the email address, you’re given. You find it in the ransom note, the tool leaves for you. You get asked to contact the cyber kidnappers via that address. First off, do NOT! Don’t reach out to these people. And, above all don’t pay the ransom, they demand. It’s a mistake to play by their rules. They will not. Yes, they set up the game and the rules, but don’t think they’ll follow them. These are malicious cyber criminals. They WILL double-cross you. Anything, they promise, is a lie. The people, behind the HAIZ threat, have designed it with a specific purpose. To make money off of you. To exploit your fright and naivety. HAIZ invades your PC with slyness and, once inside, corrupts your files. It seizes control of everything, you keep on the premises of your system. Pictures, music, documents, videos. All falls under the infection’s grip. Once it locks everything, it leaves you a ransom note. It’s pretty standard. The essence is: Pay us Bitcoin money or lose your data. The infection requests you transfer a sum that can range from $500 to $1000, or more. After you send them the amount, they will, supposedly, give you a decryption key. Once you apply it, your files get unlocked. You see the cracks in the plan, don’t you? You rely on cyber criminals to keep their word. They’re not the reliable type. What’s more, their reliability is the least of your concerns. There’s far worse dangers that await if you comply with their demands. The fear of losing all the data, you’ve accumulated, is a strong motivator to comply. That’s what these people prey on. But don’t do it. Don’t pay them. Don’t contact them. As harsh as it sounds, accept the loss. Ransomware tools rig the game in their favor. You cannot win. So, don’t try. Accept defeat, and move on. Discard your data.

How did I get infected with?

HAIZ turns to the usual tricks to invade. More often than not, it uses freeware. That’s, arguably, the easiest entry point. Why? Well, most users aren’t as attentive as they should be during such installs. They rush and throw caution to the wind. Instead of getting to know the terms and conditions, they just say YES. In their efforts ‘to get over with it,’ they end up with more than they bargained for. Not knowing what you agree to allow into your system, has consequences. It’s a gamble that almost always results in infections sneaking in undetected. Do NOT rely on luck. Choose due diligence over chance. Otherwise, you WILL regret it. Other sneaky methods, include corrupted links or sites. Hitching a ride with spam email attachments. Or, pretending to be a fake system or program update. Like, Java or Adobe Flash Player. Remember to ALWAYS be vigilant. Don’t discard the importance of due diligence. It goes a long way.

Why is HAIZ dangerous?

Here’s why you must NOT pay the HAIZ people. Apart from the risk that they can double-cross you, there’s another severe one. And, it’s a given. There’s no doubt about it. If you pay up, it WILL occur. Let’s get into it. When you transfer the sum, you leave private information. You provide your personal and financial details. You leave them, where these cyber criminals can find them. These malicious data kidnappers get a hold of your private life. Then, once they do, they can use it as they see fit. Do you think it’s wise to leave extortionists to steal your privacy? To give them the means to exploit it in their favor? Do you think of even a single scenario that ends well for you? Don’t be naive. Do yourself a favor, and don’t take the unnecessary risk! It’s better to lose your files than your privacy, wouldn’t you agree?

HAIZ Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover HAIZ Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with HAIZ encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate HAIZ encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.