Mysafesavings virus is a new ransomware that is spread through email. It encrypts your data and then demands a ransom to provide the key to decrypt it. It mainly targets computers with Microsoft Windows 7 or 8 operating systems. It can be detected by running a complete system scan with a robust system.
How My Safe savings affects Computer?
After successfully infiltrating into the target computer, it will encrypt all of your files, then demand some ransom money in return for file decryption service. This virus will encode personal documents like documents, images (photos), videos, audios, and other important files on the infected PC.
When this ransomware hits the victim’s machine, it drops ransom named “How To Get Your Files Back.rtf” on desktop, which contains all the details of how victims can get back their files and payment info. It is usually being distributed through the attachment in an email. The sender generally uses the name of popular services like PayPal, UPS, FedEx to fool users, so they click on its malicious links.
Once it is successfully installed into the PC, it will scan the whole system. It also encrypts essential documents, including pdf, txt, docx, jpeg, png. It uses a robust encryption algorithm, AES-256.
Once encrypted, you won’t open your file without having a decryption key needed for decrypting data. Ransomware shows the message on the affected computer screen that demands a ransom fee of around $499 to $799 within the given time. Otherwise, you’ll lose access to your files permanently.
Unlike other ransomware, it doesn’t block access to certain websites or encrypts Windows operating system files. Ransomware also creates a file in the user’s profile folder named “HOW_TO_DECRYPT_MYSAFESAVINGS.” The documents contain all the information related to demanded ransom and contact details. It also includes the email address of attackers through which victims can contact them if they have any queries regarding decryption or payment process. The victim can send an email along with your ID, User-ID, the total amount to email@example.com. They will respond with a link for creating a Bitcoin wallet and further details.
How to uninstall MySafesavings from Windows 7?
If you have been a victim of this ransomware infection, then don’t panic and pay any ransom amount. Mysafesavings is an auto-running virus that will encrypt all kinds of files. This includes documents, images, or any critical data without your knowledge once it successfully enters into PC with stealth mode. It doesn’t delete original files from the system. Instead, it creates a separate file with different extensions like .encrypted, .decrypted along with its signature file (.HOW_TO_DECRYPT_MYSAFESAVINGS).
Here are some manual steps to uninstall My Safe savings from your Windows 7 computer.
First, Restart your PC in safe mode by clicking F8 during booting (for few times) until the boot menu appears. Select the safe mode option using the arrow key and press enter key. Now change the default directory where all users’ application data is stored from C:\Users\%username% to some other folder by typing this command in Run box “regsvr32 /u %windir%\system32\shdocvw.dll”.
After that, go to C:\Windows\System32 and delete the HOW_TO_DECRYPT_MYSAFESAVINGS file using Recycle Bin or any other method you are comfortable with. You can also type the following command in Command Prompt window: del /s /q C:\windows\system32 \ How To Get Your Files Back. rtf
del / s / q “%appdata %”
How to Remove MySafesavings virus Automatically
This ransomware virus has been categorized as very dangerous. So its removal process should be performed carefully not to harm any critical system files or data. You can use antivirus software to remove it from your PC. If you don’t have any, then try this manual guide to delete MySafesavings.
This ransomware virus doesn’t add an extension or modify original files; instead, it creates encrypted ones. So using an antivirus program, you won’t be able to access encrypted files after complete scanning of the system. Hence, manual steps are highly recommended by experts. These steps may damage your machine’s original file or directory. Hence back up all essential data before proceeding with the following steps.
You can use backup or system restore utility to backup registry values and delete values added by the MySafesavings virus. To do so, follow these steps:
1) Restart your Computer in safe mode by continuously pressing the F8 key during the booting process.
2) Once the Windows Operating System loads, go to Start > Run and enter ” regedit. ” It will open Registry Editor.
3) Find out all entries related to the MySafesavings virus and delete them from Registry. Search for the following entries using the above method:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\<random>.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\<random>.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\<random>.exe
4) Restore default registry values by deleting all added entries. To restore these, follow these steps:
a) Go to Start > Run and enter ” regedit. ” It will open Registry Editor.
b) From here, go to the Edit menu and click on the Export option. It will save the backup file at the location specified in the Save in box. By default, this location is C:\Documents and Settings<username>\My Documents folder.
c) Now move back to the Registry Editor window and click on the Import option present under the File menu. Select your previously saved backup file using the Browse button present next to the Open button. Confirm changes you have made into Registry.