Remove R5A File Extension Malware

How to Remove R5A File Extension Ransomware?

“You only have 96 hours to make a payment. If you do not send money within provided time, private key will be destroyed and all your files will be lost.” This nasty ransom message only means one thing. Ransomware. Yes, you’ve somehow managed to stumble across one of the most problematic types of PC infections out there and your computer is now seriously compromised. Ransomware-type parasites are particularly troublesome, very resourceful and extremely harmful. However, there’s absolutely no need to panic. That’s what hackers want. Losing you nerve might cost you a hefty sum of money because crooks will try their best to blackmail you; it goes without saying that you should never allow it. Keep calm and uninstall the parasite. You’ve gotten infected with a relatively new member of the ransomware family. Unfortunately, that means you’re in for trouble. The virus that’s currently harassing you is called 7ev3n and it works the exact same way all other ransomware infections do. Once it gets successfully installed, 7ev3n performs a thorough scan on your computer searching for private files. The parasite searches for data with specific extensions such as  .jpg, .jpeg, .png .mp3, .zip, .odp, .rar, .mp4, .txt, .doc, .docx, .pdf and then encrypts it. As you can clearly see, that means the virus infects an enormous percentage of your music, pictures, videos, documents, presentations, etc. Using a strong encrypting algorithm, the parasite adds a malicious R5A file extension to your data. That’s it. Once you see this extension, you should know that your information is no longer accessible. Your computer cannot recognize the new file format which replaced the old ones so most of your personal data is now unreadable. That makes the information stored on your PC practically useless. As if that wasn’t enough, the parasite also begins to modify some system settings thus messing with your computer even further. It installs various files and disables numerous keyboard keys. Then the virus starts playing mind games with you. It displays a disturbing warning message whose one purpose is to steal your money. Hackers demand an impressively vast sum of money (about 4980 USD!!) in bitcoins. This ransom should be in exchange for a decryption key – a unique combination of symbols which should allow you to regain access to your infected files. Obviously, this is an attempt for a fraud as paying the money guarantees you nothing. In the worst case scenario you will end up with your PC still compromised, your files still unreadable and your money gone. Does that sound like a fun experience to you? No?

How did I get infected with?

Hackers are quite inventive when it comes to spreading their parasites online. That means you have to constantly keep an eye out for potential threats when surfing the Web. Make sure you avoid clicking spam messages or spam email-attachments or the various third-party advertisements you may stumble across. Remember, those web links are incredibly unreliable and could lead you straight to malware. This way, before you even know it, you might install a rich bouquet of infections on board thus causing yourself immense damage. Also, keep in mind that freeware and shareware bundles offer hackers a particularly convenient infiltration method. To protect your PC, never rush the installation. Take your time to read the Terms and Conditions or the EULA (End User License Agreement). It really is time-consuming but caution can save you lots of trouble in the long run. Don’t overlooks the numerous cyber dangers out there and don’t allow crooks to fool you. Install legitimate programs only, avoid suspicious-looking web links and always remember that it should be your number one priority online to prevent virus installation.

Why is this dangerous?

As mentioned already, seeing the random R5A file extension means your data is now unreadable. The parasite’s aggressive manipulations begin the very moment your PC gets infected so it will not take you too long to realize you’re dealing with ransomware. After the program gets activated, it modifies most of your personal files and denies you access to your valuable information. Then the infection even has the impudence to attempt to CHARGE you for the privilege to use your own files. How aggravating is that? Ransomware poses a direct threat to your bank account. Therefore, if you make the rookie mistake to follow hackers’ instructions, you will inevitably lose money. What’s even worse, you might receive absolutely nothing in exchange. Even though you’re being constantly bombarded with the 7ev3n’s nasty ransom note, simply ignore it. This is yet another part of cyber crooks’ illegal scheme and you DO NOT have to play by their rules. Unfortunately, you cannot recover your infected files so make sure you keep a backup copy of your important data in the future. To delete the virus manually, please follow the detailed removal instructions that you will find down below.

R5A File Extension Removal Instructions

STEP 1: Start Your Computer into Safe Mode with Networking

• Make sure you do not have any floppy disks, CDs, and DVDs inserted in your computer
• Restart the computer
  
• When you see a table, start tapping the F8 key every second until you enter the Advanced Boot Options

• in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type iexplore www.virusresearch.org/download-en

• Internet Explorer will open and a professional scanner will prompt to be downloaded
• Run the installer
• Follow the instruction and use the professional malware removal tool to detect the files of the virus.
• After performing a full scan you will be asked to register the software. You can do that or perform a manual removal.

Remove R5A file extension malware Manually

Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously

Locate the process of the Ransomware. Have in mind that this is usually a random generated file.

Before you kill the process, type the name on a text document for later reference.

Navigate to your %appdata%/roaming folder and delete the system.exe executable.

 

Open your Windows Registry Editor and navigate to

HKCU\Software\Microsoft\Windows\CurrentVersion\Run:system.exe

and

HKLM\Software\Microsoft\Windows\CurrentVersion\Run:system.exe

delete the name system.exe

it also modifies your windows shell to system.exe instead of explorer.exe you need to revert it back.

HKLM/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/Shell:system.exe

It is always a good idea to use a reputable anti-malware program after manual removal, to prevent this from happening again.