CryptoDefense Virus Removal Guide

CryptoDefense Virus is a malicious, dangerous infection which has managed to infect more than 20,000 operating systems between the months of February and April. The clandestine threat is considered to be a ransomware because it can corrupt the operating system and then ask you to pay a ransom fee in return. Unlike other popular ransomware from the Police Virus family, this devious infection does not hide its true goal. Instead of trying to fool you into thinking that you need to pay money for some legal purposes, this threat bluntly informs you that if you do not pay the requested fee, the encrypted files will be lost for good. Unfortunately, this intimidating request is not a joke, and it is possible that the encrypted .doc, .xls, .ppt, .cdr, .jpg, and other files will be lost if you do not take any measures right away. Please continue reading to learn how to remove CryptoDefense Virus and decrypt your personal files.

Can you pinpoint the moment when the clandestine ransomware entered the operating system? As our malware researchers have found out, the infection usually enters the system via corrupted spam email attachments. It is essential to keep away from any suspicious emails sent by unfamiliar senders. In fact, handling legitimate looking email attachments sent by your friends and colleagues with caution is encouraged as well. Schemers may use different scams to corrupt authentic email accounts and then use them to perform mass spam email attacks. All in all, if you discover a suspicious attachment, think before clicking on it. If you are not cautious, CryptoDefense Virus, CryptorBit Virus or Cryptolocker (has over 250,000 victims) could be infiltrated onto the computer without any of your notice. Needless to say, getting these threats deleted from the system is not an easy task.

Once CryptoDefense Virus is activated on the computer, the infection can encrypt multiple files onto the system. In the folders of these encrypted files, you are meant to find How_Decrypt.url, How_Decrypt.txt and How_Decrypt.html. If you click these, you will be presented with the ransom demand. Here is an excerpt from the message which you should ignore without further hesitation.

All files including videos, photos and documents on your computer and encrypted by CryptoDefense Software.
Encryption was produced using a unique key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.
The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet. The server will destroy the key after a month. After that, nobody and never will be able to restore files.

You will be asked to register for a Bitcoin wallet to make the payment of 500 USD/EUR. As researchers have found out, cyber crooks can use the anonymous Tor network to collect the payments which is why the ransomware is still active. It is brought to the attention that if you fail to pay the requested sum before the given deadline is met, you would then be asked to pay 1000 USD/EUR. As a matter of fact, paying the requested fine is completely unnecessary.

As it is disclosed in the presented excerpt above, in order to decrypt the files all you need to do is use the RSA key. Do you know how to get it? Our malware researchers have discovered that this key could be found under %TEMP% or %Program Data%, and in some cases you could locate it under AppData\Roaming\Microsoft\Crypto\RSA. The key is presented as .cert, .crt, .pfx, and similar files. Unfortunately, computer users often decrypt the files and before they can back them up – CryptoDefense Virus attacks again. Due to this, we recommend that you install an authentic malware removal tool and only then decrypt the files using the instructions below. Most importantly, do not ignore the infection because your personal files could be lost.

Remove CryptoDefense Virus

1. Launch a browser.
2. Type http://www.411-spyware.com/download-sph into the address bar. Tap Enter.
3. Now follow the provided instructions to download the installer of a reliable malware remover.
4. Run the downloaded installer and install an authentic tool which will delete CryptoDefense Virus.
5. Using the application scan the computer and click Fix Threats to delete the discovered malware.

Decrypt the files

1. Find the certificate key under %TEMP%, %Program Data%, or AppData\Roaming\Microsoft\Crypto\RSA .
2. Double-click the certificate key (.cert, .crt, .pfx file) and all the files should be decrypted in no time.

If you cannot locate the certificate key and you use Windows Vista/7/8 – use these instructions.

1. Open the Control Panel via the Start menu on your operating system.
2. Click User Accounts and Family Safety and select User Accounts.
3. Move to the menu on the left and click Manage your file encryption certificates.
4. In the Encrypting File System window click Next.
5. Select Use this certificate.
6. Under Certificate details select the detected certificate key.
7. Click Select certificate and then Next.
8. Select Backup the certificate and key later and click Next.
9. Now select All logical drives and click Next.