Remove Payransom@qq.com Ransomware (+File Recovery)

How to Remove Payransom@qq.com Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail

Write this ID in the title of your message
In case of no answer in 24 hours write us to these e-mails:

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

There’s a new ransomware, going around the web. It belongs to the Dharma family of threats. And, users have come to calling it Payransom@qq.com. It gets its name, because that’s how it encrypts your data. Payransom@qq.com is part of the extension, it adds, at the end of each file. As soon as the ransomware invades, it acts up. The tool uses AES-265 and RSA encryption method to lock every file, you have. Documents, pictures, music, videos, archives. All, that you keep on your computer, gets locked. Say, you have a file named ‘yes.’ After the ransomware gets done with it, it becomes yes.[payransom@qq.com].AUDIT. The extension solidifies the ransomware’s grip. And, renders your files unreachable. After it completes the encryption process, the tool leaves you a ransom note. It’s a FILES ENCRYPTED.txt file that contains its demands. The note explains your predicament, and lists the infection’s requests. In a nutshell, if you wish to free the locked data, you have to pay up. The ransom amount tends to vary, but it’s anything between 500 and 1000 US Dollars. Sometimes, it’s even more. The ransom has to get paid in Bitcoin. You even get a deadline. And, supposedly, after you transfer the money, you’ll get a decryption key. The cyber extortionists promise to send you the proper key. And, after you apply it, you unlock your data. Here’s the thing, though. Can you trust the promises of cyber criminals? Ask yourself that question, before you do anything at all. Can you believe that these strangers will keep their word? Don’t fool yourself. They will not. These are unknown individuals with malicious intentions. They want your money, and don’t care about keeping their promises. Don’t fall for their lies. The best thing you can do, is to forsake your files. Accept that they’re lost to you. Yes, it’s tough, but the alternative furthers your grievances. Don’t contact these people. Don’t pay them. Say goodbye to your files, and move on. Place your faith in backups and not cyber criminals.

How did I get infected with?

The ransomware has an array of tricks to use, and invade your PC. Each one rests on your carelessness. Here’s the thing. The tool needs you to be careless enough not to spot it. If you don’t catch it in the act of attempting invasion, you can’t stop it from doing so. The infection has come up with a myriad of methods to use, and slip by you, unnoticed. It’s up to you, to be careful enough to prevent its success. Don’t rush. Don’t skip doing due diligence. Remember the importance of attention. Take your time, and be thorough. There are many methods the infection can resort to. Corrupted torrents and links, fake updates, freeware. However, the most common one, includes the use of spam emails. Let’s explain. Say, you receive an email that claims to be from Amazon or Paypal. Or, some other well-known, legitimate company. If you read it, you’ll see it contains an attachment or a link. And, it urges you to click on the provided link, or download the attachment. If you do, you’re setting yourself up for trouble. Don’t discard the importance of vigilance. Don’t rush, or give into naivety. Don’t choose carelessness over caution. One leads to threats, like the Payransom@qq.com one. The other helps to keep them out.

Why is Payransom@qq.com dangerous?

Understand that ransomware infections are horrendous opponents. They’re rigged the game against you from the start. And, did so, in a way that, no matter what, you can’t win. Think about it. After the ransomware strikes, you have a few options of how to proceed. Let’s examine them. If you pay them the ransom, you have to wait for the key. The one, they promised to send you. What if they don’t? They got your money, so why bother keeping their word? You might get left without a key, with less money, and still-encrypted data. That’s hardly desirable. But, even if they send the key, don’t rejoice yet. It can be the wrong key, and still do nothing for your locked files. And, eve if it’s the right one, and it works, you’re not in the clear yet. Think about it. You paid to remove a symptom of an infection. Not the infection itself. The ransomware that encrypted your data remains. What’s to stop it from striking once more? It can be a day after you free your files, an hour, or a minute? You have ZERO guarantees! Let that sink in. The best course of action to take, is to forsake your files. It’s a tough decision to make, but it’s the right one. Don’t let your fate rest on the promises of cyber criminals. You’ll get disappointed.

Payransom@qq.com Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Payransom@qq.com Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Payransom@qq.com encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Payransom@qq.com encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.