How to Remove Meds File Virus

How to Remove Meds Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-ZFjRnJfc9f
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
gorentos@bitmessage.ch

Reserve e-mail address to contact us:
gerentoshelp@firemail.cc

Your personal ID:


Meds
is a variant of the notorious STOP (DJVU) ransomware. The malicious infection intrudes on your PC, via deception and finesse. Then, strikes and spreads its clutches throughout. Meds uses special algorithms to lock your files. And, after it applies its encryption, proceeds to extort you for money. To solidify its grip over your files, it attaches the ‘.meds‘ extension. Nothing escapes its reach. Pictures, archives, documents, videos, music. Everything falls under the ransomware’s grasp. If you have a photo, called ‘no.jpg,‘ it turns into ‘no.jpg.meds.‘ Once that happens, it becomes inaccessible. You can try moving it, or renaming it, but it’s futile. The only way your files become usable again is via payment. The Meds threat demands a ransom for your files’ release. It leaves a ransom note, for you to find, on your Desktop. As well as, in each folder that contains affected files. The note clues you into your current predicament. And, offers instructions on what’s expected of you. It’s called “_readme.txt.” It tries to frighten you into compliance. Don’t oblige. The note claims that, upon paying the ransom, you’ll get the key you need. The decryption key, which after you apply, frees your files. Supposedly, the amount is $980. But, if you pay up during the “first 72 hours, the price for you is $490.” Pay nothing. Don’t send these data kidnappers money. Don’t contact them. Don’t reach out in any way. Make the tough, but right, call and don’t pay the ransom. It’s, ultimately, for the best. Compliance is NOT the way to go.

How did I get infected with?

The Meds threat uses trickery to slither into your system. Infection, like it, tend to turn to the old but gold ways to invade. That includes the usual antics. Pretending to be a bogus system or program update. Like, a bogus Java or Adobe Flash Player. Hiding behind corrupted links, sites, or torrents. And, of course, using freeware and spam emails. These methods may seem prolific, but can you spot the common denominator? Each one cannot prove successful, without a key ingredient, only you provide. That’s carelessness. The Meds ransomware menace needs your carelessness. It preys on it. It relies on you to rush, and skip doing any due diligence. To avoid reading terms and conditions, but agree to everything in blind faith. To give into naivety, and leave your fate to chance. To throw caution to the wind, in favor of luck. Don’t oblige. Don’t ease the infection’s infiltration. Next time, you receive an email that urges you to click an email, or download an attachment, be way. Don’t blindly follow instructions, but take the time to be thorough. Make sure to avoid any unpleasant surprises. Even a little extra attention can save you a whirl of grievances.

Remove Meds

Why is Meds dangerous?

The Meds menace forces you into a conundrum. After it strikes, it leaves you to make a tough decision. To comply, or not. Let’s examine both options, shall we? If you choose compliance, what do you suppose unfolds? Well, you pay the ransom, and wait to get the key, right? The key, that was promised to you, by the extortionists? What if they don’t give you one? Or, what if they give you one, that doesn’t work? Sure, they promise to provide you with the decryption key, you need. But, don’t forget, you’re dealing with malicious cyber criminals. They are hardly people, worth your trust. Even if they do send you the right key, what next? You apply it, decrypt your data, and? The ransom pays for the key that removes the encryption. Not the infection. The Meds threat still remains on your PC, ready to strike again. And, what if it does, mere moments after you apply the key after payment? That’s an actual possibility that can unfold. You need to weigh the risks, and consider that compliance has no positive outcome. Don’t waste money, energy and time, playing to the tune of cyber kidnappers. Place your trust in backups and cloud storage. They won’t falter, like strangers with malicious intentions.

Meds Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Meds Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Meds encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Meds encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment