Link to home
Start Free TrialLog in
Avatar of Jenny White
Jenny White

asked on

How to remove Aesir virus?

Hello! I'm new here and I want to ask you a question about this nasty .aesir extension virus or ransomware. My sons laptop is hardly infected with that scum and I don't know what to do... I've read Bleeping Computer article (http://www.bleepingcomputer.com/news/security/locky-ransomware-now-using-the-aesir-extension-for-encrypted-files/)and they sate that
Unfortunately, at this time there is still no way to decrypt the Locky Ransomware.
but in the other hand I've found this guide in Google (http://soft2secure.com/knowledgebase/aesir-file-virus)that promote tool that (as they say) will help me to get rid of this infection. So I want to ask you where is the truth? Can this tool help me to resolve my problem?
Thank you for reply!
Avatar of Russ Suter
Russ Suter
Some of these ransomware programs have been cracked, most have not. You can use the ID Ransomware online tool to help you determine if your variant has been cracked. If it has then you're one of the lucky ones and should be able to recover most of your files.

https://id-ransomware.malwarehunterteam.com/index.php

Otherwise your only options are to restore from backups or pay the ransom and pray (never a good choice). Removal is generally fairly straightforward but I don't risk it in these circumstances. I'd just reformat and start over.
Avatar of Tyler Brooks
Tyler Brooks
Flag of Canada image
That tool only claims to be able to remove the malware it doesn't actually claim to be able to decrypt the files. Unfortunately it's unlikely that you can decrypt any of the files you've lost, you may be able to right click on the folders which contain the encrypted files and select restore previous versions. This will let you know if there are any saved versions of the folder which predate the ransonware infection, unfortunately many computers don't have versioning turned on and some ransomware corrupts them as part of its run, so this may not solve the issue. At that point you can recover them from a backup if you have one but there isn't much you can do.

As far as removing the virus, I've found malwarebytes can often remove the infections but honestly you are better off checking to see if you can recover the files, then backing them up and factory restoring the system. This is about the only way to be certain that the infection is gone.
Avatar of awawada
awawada
It is still really not possible to decrypt files encrypted by the Locky Ransomware. Do you have a valid backup?
Avatar of Tyler Brooks
Tyler Brooks
Flag of Canada image
This version of locky, using the .aesir extension, is brand new. As far as I'm aware no ones managed to decrypt even the older versions so it's highly unlikely anyone has managed to get through this version.
Avatar of Thomas Zucker-Scharff
Thomas Zucker-Scharff
Flag of United States of America image
As far as I know the above experts are correct? You can't restore, and neither can any software.  I don't see it claiming to decrypt either.  You can check on the No More Ransom project website, Nomoreransom.org., to see if there is a decryptor.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.