My files are encrypted with aimmkvi


My young nephew downloaded a game and whilst installing the game my Desktop (windows 7 x64 bits) got infected with bit-loggers. I presume the game which my nephew downloaded has bit-logger along side with it.

I downloaded and purchased spyhunter to get rid of the Bit-Logger / Spyware. Spyhunter completed the scan and was able to get rid of the bit - loggers executable files. However, the problem i am facing now is that all my files, including pictures, word documents, etc are encrypted and i cannot open them anymore. Their extension files are prefixed with .aimmkvi

Upon the completion of scanning my pc with Spyhunter, I have also downloaded trojan killer, super anti-professional softwares to scan my pc and was able to get rid of all the junks and spyware. However that did not get my files back to their original extensions (ie Pictures) - rather they remain as .aimmkvi

This is very frustrating and I am requesting if any of you have ever come across this problem and how to troubleshoot it.

Who is Participating?

Improve company productivity with a Business Account.Sign Up

rindiConnect With a Mentor Commented:
There is no way of decrypting without the key. Paying the ransom to the crooks and hoping for the correct key to be sent is out of the Question and should never even be considered.

The only chance is when you notice before the encryption has finished (it can take some time for all target files to get encrypted). Then it can sometimes be possible to use the previous version trick I mentioned earlier, or search the disk for a temporary location to which the original files have been copied to, as some of those viruses copy the originals to a temporary location before encrypting them, and only deletes those after it is finished, along with shadow copies and previous versions.
VB ITSSpecialist ConsultantCommented:
Sorry to say that once your files are encrypted with this type of "ransomware" you have little choice but to pay the person that infected your machine in order to get the decryption key.

Your only other option is to restore from backups if you have any.
As mentioned above, just restore your files from your last good backup.

If all your backups have also been encrypted, and you haven't yet been given the instructions for how to pay the ransom, chances are that your files still have a previous version. Right click your file, select properties, and the previous versions tab. Now check if you can use an older version.
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Dr. KlahnPrincipal Software EngineerCommented:
Which brings up the side issue:  Never leave a drive with backups on it connected to the system after doing a backup, or it will be encrypted along with everything else when the system is infected.
The disks you backup to should of course always be removed from the system, but more for other reasons. Backups should always be stored away from the PC, actually as far away as possible, in case something happens to the location the PC is in. But not necessarily because the backups can be encrypted. Those ransomware viruses in the wild today encrypt common data files, like doc, pdf, bmp, zip files etc. But most backup software use large container files into which the backups are packed into, so the contents aren't directly accessible to the encryption tool, and I also haven't yet heard of the files created by the backup tool being encrypted by those viruses (although those files might be included in future variants).

Of course on the other hand if you don't use a proper backup tool, but rather the very basic ones which don't really do much more than copy data to the other disk or into zip files, then of course it does apply. Cloud storage like DropBox can also be affected that way, so don't regard that as a backup.
BakakaAuthor Commented:
Thanks guys for the comment. As most of you said that i should replace with my old backups. The trick is i dont think i have a backup in place but i will find out more. I also see that this kind of problem cannot be fixed but rather pay the bit-logger company for the decryption of the files. How can we fight and stop these kinds of problem if it happens again for others. I am sure there is a way to fix this issue.
The easiest and simplest fix for almost all PC problems is to have good backups (and not just one backup to one media, but several to different media, which you rotate).

Besides that, have a good antivirus utility on your system. I use the free version of Panda antivirus and am very satisfied with it. But as no AV tool is 100% fool-proof, there are further things that should be done.

1. Always have UAC enabled on Windows PC's.
2. Never use user Accounts with Admin rights for day to day use. Only use the admin accounts when absolutely necessary, for example when upgrading Java runtime, which doesn't work via UAC.
3. Keep your OS and other software updated by applying the patches published (via Windowsupdates for example).
4. Use common sense while browsing or emailing. Don't click on links or attachments you don't trust, etc.
5. When others are allowed to use your PC, enable the "Guest" account, which can't do much harm, or give them another account which isn't used by you. If they install anything do it for them.
6. When installing software, always use the advanced options where you can disable any additional and unwanted crapware and toolbars that wants to be installed too.
7. You could also setup a 2nd "throwaway" OS via VirtualBox for example, on which you can test things, or that your guests can use.
BakakaAuthor Commented:
Thanks Rindi,

I am aware of the backup now. However, what is the way to decrypt my files back? is there a way to decrypt them back other than establishing a good backup in place?
VB ITSSpecialist ConsultantCommented:
Don't pay the ransom, there's no guarantee that you'll get the decryption key so it'll just be a waste of your own money.

Without any forms of backups (be it a copy of your files or from Previous Versions) you're pretty much out of luck.
BakakaAuthor Commented:
Thanks Rindi for your comment. I will try those hints.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.