How to Remove Reco Virus (+File Recovery)

How to Remove Reco Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
*Redacted for security reasons*
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

–

Reserve e-mail address to contact us:

–

Our Telegram account:
–

Reco is a variant of the notorious STOP (DJVU) threat. It’s a malicious ransomware that throws you into a whirl of trouble. The tool uses slyness to slither into your system. Then, spreads its corruption throughout. Reco uses strong encryption algorithms to lock your data. And, then, proceeds to extort you for its release. It targets everything, you have on your PC. Document, archives, music, videos, photos. Nothing escapes its reach. The infection attaches the ‘reco‘ extension at the end of each file, to solidify its hold over it. If you have a picture called ‘sunrise.jpg,‘ it becomes ‘sunrise.jpg.reco.’ And, once that happens, it’s unusable. You can no longer access it, and the only way to change that, is to pay up. The ransomware leaves you a ransom note. It’s a “_readme.txt” file. You can find it on your Desktop, and its contents are pretty standard. It clues you into your predicament, and gives you instructions to follow. Supposedly, if you comply, you regain control over your data. The note claims that if you pay the ransom, you’ll receive the decryption key, you need. Then, once you apply it, your files are free. That may seem all fine and dandy, but don’t buy it. The ransom note tells you what you want to hear. Understand that you’re dealing with cyber criminals. Extortionists, who stole control of your data, and now want to profit off of you. Don’t allow that! Pay them nothing. Don’t contact them. Don’t reach out in any way. Compliance is NOT the way to go.

How did I get infected with?

Ransomware threats use slyness to slither into your system. And, so does the Reco one. It turns to the old but gold invasive methods. And, does its best to slip by you, unnoticed. The usual antics include the following. Pretending to be a fake system or program update. Like, Adobe Flash Player or Java. Hiding behind corrupted sites, torrents or freeware. And, of course, they can turn to spam emails. Say, you get one that appears to come from a well-known company. A company, like PayPal, DHL or Amazon. Then, when you open it, it demands you click a link, or download an attachment. Supposedly, to verify your information, or confirm a purchase. If you do follow its instructions, you’ll regret it. That’s how you end up with infections, like Reco on your PC. Always know what you agree to, or allow into your system. Vigilance goes a long way. Take the time to do your due diligence, and don’t give into naivety, haste and distraction. Even a little extra attention can save you a ton of troubles. Remember that caution keeps threats, like Reco, out. And, the lack thereof invites them in. Make the right decision.

Why is Reco dangerous?

Reco tries to incentivize you into paying. The note, it leaves you, offers you a discount. It states that the requested ransom is $980. But, continues with “Discount 50% available if you contact us first 72 hours.” Don’t fall for that. Think about your options. If you do pay the ransom, at a discounted or not price, what happens next? You transfer the sum, and then you wait, right? You wait to receive the decryption key, you got promised. But what if it doesn’t come? What if these people choose not to send it? That’s a valid possibility. Or, they send a key that proves useless? And, even if you get the right one, it’s no cause for celebration. Here’s the thing. You pay a ransom for the decryption key that removes the encryption. You don’t pay to remove the infection that encrypted everything. That means, Reco remains on your computer, ready to strike again. What’s to stop it from locking your data a mere minute after you unlock it? The extortionists, behind Reco, have quite a few ways to double-cross you. Don’t let them profit off your fear and gullibility. Don’t pay them a dime. Don’t waste your time, energy and resources, dealing with them. Don’t comply. It’s a tough call to make, but it’s the right one.

Reco Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Reco Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Reco encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Reco encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.