My files are encrypted with aimmkvi

Posted on 2015-02-04
Last Modified: 2015-02-06

My young nephew downloaded a game and whilst installing the game my Desktop (windows 7 x64 bits) got infected with bit-loggers. I presume the game which my nephew downloaded has bit-logger along side with it.

I downloaded and purchased spyhunter to get rid of the Bit-Logger / Spyware. Spyhunter completed the scan and was able to get rid of the bit - loggers executable files. However, the problem i am facing now is that all my files, including pictures, word documents, etc are encrypted and i cannot open them anymore. Their extension files are prefixed with .aimmkvi

Upon the completion of scanning my pc with Spyhunter, I have also downloaded trojan killer, super anti-professional softwares to scan my pc and was able to get rid of all the junks and spyware. However that did not get my files back to their original extensions (ie Pictures) - rather they remain as .aimmkvi

This is very frustrating and I am requesting if any of you have ever come across this problem and how to troubleshoot it.

Question by:Bakaka
  • 4
  • 3
  • 2
  • +1
LVL 24

Expert Comment

ID: 40590368
Sorry to say that once your files are encrypted with this type of "ransomware" you have little choice but to pay the person that infected your machine in order to get the decryption key.

Your only other option is to restore from backups if you have any.
LVL 87

Expert Comment

ID: 40590582
As mentioned above, just restore your files from your last good backup.

If all your backups have also been encrypted, and you haven't yet been given the instructions for how to pay the ransom, chances are that your files still have a previous version. Right click your file, select properties, and the previous versions tab. Now check if you can use an older version.
LVL 23

Expert Comment

by:Dr. Klahn
ID: 40591279
Which brings up the side issue:  Never leave a drive with backups on it connected to the system after doing a backup, or it will be encrypted along with everything else when the system is infected.
LVL 87

Expert Comment

ID: 40591321
The disks you backup to should of course always be removed from the system, but more for other reasons. Backups should always be stored away from the PC, actually as far away as possible, in case something happens to the location the PC is in. But not necessarily because the backups can be encrypted. Those ransomware viruses in the wild today encrypt common data files, like doc, pdf, bmp, zip files etc. But most backup software use large container files into which the backups are packed into, so the contents aren't directly accessible to the encryption tool, and I also haven't yet heard of the files created by the backup tool being encrypted by those viruses (although those files might be included in future variants).

Of course on the other hand if you don't use a proper backup tool, but rather the very basic ones which don't really do much more than copy data to the other disk or into zip files, then of course it does apply. Cloud storage like DropBox can also be affected that way, so don't regard that as a backup.

Author Comment

ID: 40591802
Thanks guys for the comment. As most of you said that i should replace with my old backups. The trick is i dont think i have a backup in place but i will find out more. I also see that this kind of problem cannot be fixed but rather pay the bit-logger company for the decryption of the files. How can we fight and stop these kinds of problem if it happens again for others. I am sure there is a way to fix this issue.
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

LVL 87

Expert Comment

ID: 40591879
The easiest and simplest fix for almost all PC problems is to have good backups (and not just one backup to one media, but several to different media, which you rotate).

Besides that, have a good antivirus utility on your system. I use the free version of Panda antivirus and am very satisfied with it. But as no AV tool is 100% fool-proof, there are further things that should be done.

1. Always have UAC enabled on Windows PC's.
2. Never use user Accounts with Admin rights for day to day use. Only use the admin accounts when absolutely necessary, for example when upgrading Java runtime, which doesn't work via UAC.
3. Keep your OS and other software updated by applying the patches published (via Windowsupdates for example).
4. Use common sense while browsing or emailing. Don't click on links or attachments you don't trust, etc.
5. When others are allowed to use your PC, enable the "Guest" account, which can't do much harm, or give them another account which isn't used by you. If they install anything do it for them.
6. When installing software, always use the advanced options where you can disable any additional and unwanted crapware and toolbars that wants to be installed too.
7. You could also setup a 2nd "throwaway" OS via VirtualBox for example, on which you can test things, or that your guests can use.

Author Comment

ID: 40592805
Thanks Rindi,

I am aware of the backup now. However, what is the way to decrypt my files back? is there a way to decrypt them back other than establishing a good backup in place?
LVL 87

Accepted Solution

rindi earned 500 total points
ID: 40593137
There is no way of decrypting without the key. Paying the ransom to the crooks and hoping for the correct key to be sent is out of the Question and should never even be considered.

The only chance is when you notice before the encryption has finished (it can take some time for all target files to get encrypted). Then it can sometimes be possible to use the previous version trick I mentioned earlier, or search the disk for a temporary location to which the original files have been copied to, as some of those viruses copy the originals to a temporary location before encrypting them, and only deletes those after it is finished, along with shadow copies and previous versions.
LVL 24

Expert Comment

ID: 40593182
Don't pay the ransom, there's no guarantee that you'll get the decryption key so it'll just be a waste of your own money.

Without any forms of backups (be it a copy of your files or from Previous Versions) you're pretty much out of luck.

Author Closing Comment

ID: 40595275
Thanks Rindi for your comment. I will try those hints.

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now