Wednesday, November 18, 2015

How to Remove Helpme@freespeechmail.org Ransomware?

Hi,
I need help. I have MS ACCESS files on my PC, that are infected by ransomware helpme(at)freespeechmail.org
I dont have any backup. I try with kaspersky rakhnidecryptor but it doesnt recognize mdb files.
I cant use shadow explorer because i use win xp sp3 and it doesnt work on it.
Help if you can, please.


What is Helpme@freespeechmail.org?


Helpme@freespeechmail.org is ransomware that has ability to encrypt files (.txt, .pdf, .zip, .db, .doc, .jpg, etc.) on your computer. This ransowmare can get into your computer via different channels. If you open attachments or click links on spam emails, unzip sharing-files, click compromised hyperlinks or popups on compromised websites, you may put your computer into risk, leaving it infected with malware like helpme@freespeechmail.org ransowmare. Here are some messages from helpme@freespeechmail.org:

Hello
If you wish to get all your files back, you need to pay 3 BTC.
How to get bitcoins?

1. google bitcoin ATMs
2. google localbitcoins dot com
3. google: buy bitcoins
This is the only way to get your files back.
There’s no way to decrypt them without the original key.
The price is non-negotiable.
After paying 3 BTC and emailing the confirmation of payment you will be provided with a decoder.
If you don't trust me, you can email one of your files, I will decode it and send it back to you.
However, if the file you're requesting to decode is valuable, I will send you either a quote from it or a screenshot.
I apologize for any inconvenience caused.
Let me know if you want to proceed.
Thank you for cooperation.


Helpme@freespeechmail.org can affect all versions of Operating Systems including Windows XP, Windows Vista, Windows 7, Windows 8/8.1, and also Windows 10. Since it can scan and encrypt your files, it will expose some of your important personal data into high risk. Besides, this infection may drop some threats to your computer system and exploit your system vulnerability. You should remove it without any delay; otherwise, your computer may be entangled with more problems.

How to Remove Helpme@freespeechmail.org?


The following passages will provide some methods to remove Helpme@freespeechmail.org. Please keep reading to learn how to remove it and save your files.

Guide 1: Manually Remove Helpme@freespeechmail.org by Yourself
Guide 2: Automatically Remove Helpme@freespeechmail.org with SpyHunter

Guide 1: Manually Remove Helpme@freespeechmail.org by Yourself


Step 1. Restart your computer in Safe mode.

Keep tabbing F8 key before the Windows start-up logo appears until you get to Advanced Options, select Safe Mode, and hit ENTER.



Step 2. End up the trojan processes in Windows Task Manager.

Press Ctrl+Shift+Esc or Ctrl+Alt+Delete to open Windows Task Manager, find malicious processes and click End process.



Random.exe

Step 3. Navigate to Registry Editor and clean up all Helpme@freespeechmail.org registry entries.

Press Win+ R key at and same time to open Run Commend Box. Open Registry Editor by typing “regedit” in Runbox and clicking OK.



Look through the registry entries and find out all listed harmful items. Right click on them and terminate the related entries.



HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>" = "%AppData%\<random>.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "<random>" = "%AppData%\<random>.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"=1
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%AppData%\<random>.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe "Debugger"="svchost.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpUXSrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe

Step 4. Show hidden folders and files.

Windows XP

Start button > Control Panel > Appearance and Personalization > Folder Options > Show Hidden Files or Folders



Remove the checkmark from Hide extensions for known file types. And remove the checkmark from Hide protected operating system files (Recommended).

Windows 7 / Vista

Libraries > Folder Options > Tools > Show Hidden Files or Folders




Remove the checkmark from Hide extensions for known file types and Hide protected operating system files (Recommended)

Windows 8 /8.1

Windows Explorer > View > Hidden Items



Delete Helpme@freespeechmail.org Virus associated files.

%UserProfile%\Application Data\Microsoft\[random].exe
%System Root%\Samples
%User Profile%\Local Settings\Temp
%AppData%\<random>.exe
%CommonAppData%\<random>.exe
C:\Windows\Temp\<random>.exe
%temp%\<random>.exe
C:\Program Files\<random>
C:\ProgramData\[random numbers]\

Step 5. Remove leftover and speed up your PC.

You can download and install RegCure Pro to speed up and optimize your PC. It is packed with the tools you need to boost your PC's speed and performance.

  • Clean away Windows registry errors
  • Eject active viruses, spyware and other malware
  • Stop unneeded processes 
  • Delete startup items
  • Delete privacy files

Click the icon to download RegCure Pro.



Guide 2: Automatically Remove Helpme@freespeechmail.org with Powerful Removal Tool


SpyHunter is an adaptive real-time spyware detection and removal tool. It  can help you remove Helpme@freespeechmail.org and all the threats in your PC. It will never bundle with any programs and can get along with existing security programs without any conflicts. Please feel relieved about usage.

Click the download button below to get SpyHunter


After detecting all the threats in your system, you can click on “Fix Threats” to remove them.



Warm Reminder:

SpyHunter is a powerful anti-virus for inexperience computer user. It can help you remove all the detected threats automatically. So all you need to do is install it for immediate and ongoing protection.

No comments:

Post a Comment