Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


My files are encrypted with aimmkvi

Posted on 2015-02-04
Medium Priority
Last Modified: 2015-02-06

My young nephew downloaded a game and whilst installing the game my Desktop (windows 7 x64 bits) got infected with bit-loggers. I presume the game which my nephew downloaded has bit-logger along side with it.

I downloaded and purchased spyhunter to get rid of the Bit-Logger / Spyware. Spyhunter completed the scan and was able to get rid of the bit - loggers executable files. However, the problem i am facing now is that all my files, including pictures, word documents, etc are encrypted and i cannot open them anymore. Their extension files are prefixed with .aimmkvi

Upon the completion of scanning my pc with Spyhunter, I have also downloaded trojan killer, super anti-professional softwares to scan my pc and was able to get rid of all the junks and spyware. However that did not get my files back to their original extensions (ie Pictures) - rather they remain as .aimmkvi

This is very frustrating and I am requesting if any of you have ever come across this problem and how to troubleshoot it.

Question by:Bakaka
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
LVL 24

Expert Comment

ID: 40590368
Sorry to say that once your files are encrypted with this type of "ransomware" you have little choice but to pay the person that infected your machine in order to get the decryption key.

Your only other option is to restore from backups if you have any.
LVL 88

Expert Comment

ID: 40590582
As mentioned above, just restore your files from your last good backup.

If all your backups have also been encrypted, and you haven't yet been given the instructions for how to pay the ransom, chances are that your files still have a previous version. Right click your file, select properties, and the previous versions tab. Now check if you can use an older version.
LVL 29

Expert Comment

by:Dr. Klahn
ID: 40591279
Which brings up the side issue:  Never leave a drive with backups on it connected to the system after doing a backup, or it will be encrypted along with everything else when the system is infected.
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

LVL 88

Expert Comment

ID: 40591321
The disks you backup to should of course always be removed from the system, but more for other reasons. Backups should always be stored away from the PC, actually as far away as possible, in case something happens to the location the PC is in. But not necessarily because the backups can be encrypted. Those ransomware viruses in the wild today encrypt common data files, like doc, pdf, bmp, zip files etc. But most backup software use large container files into which the backups are packed into, so the contents aren't directly accessible to the encryption tool, and I also haven't yet heard of the files created by the backup tool being encrypted by those viruses (although those files might be included in future variants).

Of course on the other hand if you don't use a proper backup tool, but rather the very basic ones which don't really do much more than copy data to the other disk or into zip files, then of course it does apply. Cloud storage like DropBox can also be affected that way, so don't regard that as a backup.

Author Comment

ID: 40591802
Thanks guys for the comment. As most of you said that i should replace with my old backups. The trick is i dont think i have a backup in place but i will find out more. I also see that this kind of problem cannot be fixed but rather pay the bit-logger company for the decryption of the files. How can we fight and stop these kinds of problem if it happens again for others. I am sure there is a way to fix this issue.
LVL 88

Expert Comment

ID: 40591879
The easiest and simplest fix for almost all PC problems is to have good backups (and not just one backup to one media, but several to different media, which you rotate).

Besides that, have a good antivirus utility on your system. I use the free version of Panda antivirus and am very satisfied with it. But as no AV tool is 100% fool-proof, there are further things that should be done.

1. Always have UAC enabled on Windows PC's.
2. Never use user Accounts with Admin rights for day to day use. Only use the admin accounts when absolutely necessary, for example when upgrading Java runtime, which doesn't work via UAC.
3. Keep your OS and other software updated by applying the patches published (via Windowsupdates for example).
4. Use common sense while browsing or emailing. Don't click on links or attachments you don't trust, etc.
5. When others are allowed to use your PC, enable the "Guest" account, which can't do much harm, or give them another account which isn't used by you. If they install anything do it for them.
6. When installing software, always use the advanced options where you can disable any additional and unwanted crapware and toolbars that wants to be installed too.
7. You could also setup a 2nd "throwaway" OS via VirtualBox for example, on which you can test things, or that your guests can use.

Author Comment

ID: 40592805
Thanks Rindi,

I am aware of the backup now. However, what is the way to decrypt my files back? is there a way to decrypt them back other than establishing a good backup in place?
LVL 88

Accepted Solution

rindi earned 1500 total points
ID: 40593137
There is no way of decrypting without the key. Paying the ransom to the crooks and hoping for the correct key to be sent is out of the Question and should never even be considered.

The only chance is when you notice before the encryption has finished (it can take some time for all target files to get encrypted). Then it can sometimes be possible to use the previous version trick I mentioned earlier, or search the disk for a temporary location to which the original files have been copied to, as some of those viruses copy the originals to a temporary location before encrypting them, and only deletes those after it is finished, along with shadow copies and previous versions.
LVL 24

Expert Comment

ID: 40593182
Don't pay the ransom, there's no guarantee that you'll get the decryption key so it'll just be a waste of your own money.

Without any forms of backups (be it a copy of your files or from Previous Versions) you're pretty much out of luck.

Author Closing Comment

ID: 40595275
Thanks Rindi for your comment. I will try those hints.

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Worried about if Apple can protect your documents, photos, and everything else that gets stored in iCloud? Read on to find out what Apple really uses to make things secure.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question