TeslaCrypt 4.1b Removal Instructions – Methods To Get Rid Of TeslaCrypt 4.1b

 

What is New in TeslaCrypt 4.1b

Just few months ago, computer world had faced furious impacts of TeslaCrypt 4.0 ransomware. Many victims are steal suffering from file encryption and data loss and now the vicious software authors have released new version TeslaCrypt 4.1b with some modification. In the new version of TeslaCrypt Following changes has been noticed :

  • Size of encrypted files are changed to 252 from 264
  • Registry value name is now hostslert[6random chareactors]
  • Data files related to program are renamed to %MyDocuments%\desctop._ini

The ransom note released by TeslaCrypt 4.1b is also slightly changed. However, the ransomware program does not change file types to prompt victims for file encryption and payment of ransom amount. The new version of this ransomware releases following ransom note on the compromised computer after file encryption :

  • -!RecOveR!-[random_chars]++.Png,
  • -!RecOveR!-[random_chars]++.Htm,
  • -!RecOveR!-[random_chars]++.Txt.

These ransom note contains more specific instructions for every individual who got this malware on their computer and facing file encryption by TeslaCrypt 4.1b. The ransomware program uses personal homepage on different hosted payment gateway. There are two new payment gateway hosts has been located as y4bxj.adozeuds.com and p23cb.bobodawn.at.

Likewise its previous version, TeaslaCrypt 4.1b also does not encrypt system files but makes new registry entries and files on the infected computers. These changes made by this malware helps to launch itself with every start-up and perform all its malignant operation on the victims computer. New registry entries are as follows :

 
  • HKCU\Software\[victim_id]
  • HKCU\Software\[victim_id]\data
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[random]
  • C:\Windows\SYSTEM32\CMD.EXE /C START %UserProfile%\Documents\[random].exe

And files created by TeaslaCrypt 4.1b are :

  • %UserProfile%\Documents\[random].exe
  • %UserProfile%\Documents\-!recover!-!file!-.txt
  • %UserProfile%\Documents\desctop._ini
  • %UserProfile%\Desktop\-!RecOveR!-[random_chars]++.Txt
  • %UserProfile%\Desktop\-!RecOveR!-[random_chars]++.Htm
  • %UserProfile%\Desktop\-!RecOveR!-[random_chars]++.Png

There is no any new methods are employed by TeaslaCrypt 4.1b ransomware to infiltrate into any online computer. The infection may arrive on a targeted online computer by opening of Spam email which pretends like an email message with some interesting file attachment from someone you know. While opening of such tricky file attachment activate this ransomware program on your computer. It is perhaps get installation on your computer with bundled freeware or shareware. It is using the same file encryption AES 256 and RSA – 4096 for file encryption. So not much technical addition has been found in the newer version TeaslaCrypt 4.1b. Security experts recommendation for victims of this ransomware is very same, that is, remove TeaslaCrypt 4.1b ransomware as soon as possible to prevent more file encryption and get back encrypted files with help of data recovery application.

rmv-notice

What To Do If Your PC Get Infected By TeslaCrypt 4.1b

The ransomware infection has been mainly designed with the purpose to scare users and trick their money. It take your files on hostage and demand ransom to return your important data. But now the question is what you can do when your system got infected by TeslaCrypt 4.1b virus? Here are some option that you can use to get rid of this nasty infection.

Don’t Panic – Well the first thing is Don’t panic and then completely check out your system for any working files. If you got any working files then copy it to USB drive.

Pay Ransom – Other option is you can pay the ransom and wait to get your files back. (really a bad option)

Use Backup – Clean you entire system files, remove the infection completely from your PC and restore your files with any backup.

Remove Infection – You can also delete TeslaCrypt 4.1b virus using malware removal tool and remove all the infected files. You can later recover all your data by using any data recovery tool. (In case you don’t have backup of your files.) – Recommended Method.

Reinstall Windows – The last option is reinstall your Windows OS. It will completely remove all your data as well as infection. You will get a completely new infection free PC.

How To Remove TeslaCrypt 4.1b Virus From Your PC

Step 1Boot your computer in Safe mode.

Step 2 – Remove the infected registry entry files.

  • Click Windows Flag and R button together.

Win+R

  • Type “regedit” and click OK button

Type-regedit-to-open-registry

  • Find and delete following entries.

HKEY_LOCAL_MACHINESOFTWAREsupWPM

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWpm

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Default_Page_URL”

HKEY_LOCAL_Machine\Software\Classes\[TeslaCrypt 4.1b]

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\[TeslaCrypt 4.1b]

Step 3 – Remove From msconfig

  • Click Windows + R buttons simultaneously.

Win+R

  • Type msconfig and press Enter

TypemsconfigintotheRunBox

  • Go to Startup tab and uncheck all entries from unknown manufacturer.

msconfig_startup

Step 4 – Restart your computer normally.

Check your computer now. If the virus has gone then you can start using your computer. If the infection still remains then head to the next step.

Step 5 – System Restore

  • Insert Windows installation disk to CD drive and restart your PC.
  • While system startup, keep pressing F8 or F12 key to get boot options.
  • Now select the boot from CD drive option to start your computer.
  • Then after you will get the System Recovery Option on your screen.
  • Select the System Restore option from the list.
  • Choose a nearest system restore point when your PC was not infected.
  • Now follow the option on your screen to Restore your computer.

If the above manual methods didn’t removed TeslaCrypt 4.1b virus then you have only option to remove infection using a malware removal tool. It is last and the only option that can easily and safely remove this nasty threat from your computer.

freescan1

Having some alarming questions in your mind? Get your doubt cleared from our experienced tech support experts. Just go to the Ask Your Question section, fill in the details and your question. Our expert team will give you detailed reply about your query.

footer-1

Skip to toolbar