Home / Spyware Help / BDKR Ransomware Removal Guide

BDKR Ransomware Removal Guide

by 0 Comments

Do you know what BDKR Ransomware is?

Files do not get encrypted and renamed for no reason. If you cannot open your files and they are marked with an ID and .BDKR combination, BDKR Ransomware must have infiltrated your computer successfully. It is known to be a serious malicious application, so its entrance is never a pleasant experience. This threat locks files on affected computers right away and then drops a file with a message. One of the ransom notes is also set to open automatically when the computer is powered on by creating a value in the Run registry key pointing to the ransom note (it is a simple .txt file). It is not the only modification BDKR Ransomware applies to affected computers. It also creates a value in the same Run registry key in order to continue working after a PC reboot or a shutdown. We cannot promise that it will be easy to remove this infection, but we know for sure that it cannot stay active no matter how hard it is to disable it. If it stays, you will not only see its ransom note opened on your screen automatically after you restart your computer but might also find more files encrypted. Needless to say, BDKR Ransomware will not ask your permission to encrypt your new files. It will not stop doing that even if you agree to transfer Bitcoin to its developer. You will have to delete this infection yourself fully if you do not want to experience any new problems directly associated with its presence.

The entrance of BDKR Ransomware will only bring you problems since it will mercilessly lock your personal files (e.g. documents, music, videos, and many more). All encrypted files are marked by attaching the unique ID and the extension .BDKR. Of course, it will also not take long to realize that none of these files can be opened as well. Do not waste your time reading the message the file How To Restore Files.txt contains because it contains lies (that your files have been affected by a virus) and demands money from users only. Users are told that they need to contact big_decryptor@aol.com and pay for the decryptor in Bitcoin if they wish to unlock those encrypted files. Cyber criminals promise to decrypt 2-3 files for free in advance to show users that they can do that. Even if you get several files decrypted, it does not mean that you will receive the decryptor after transferring the ransom. Some versions of the ransomware infection (LockCrypt Ransomware) BDKR Ransomware is based on are already decryptable, so it is very likely that specialists will find a way how to crack the encryption it uses too in the near future. A free decryptor might be developed soon, so do not delete those encrypted files from your PC. Needless to say, the ransomware infection must still be removed completely.BDKR Ransomware Removal GuideBDKR Ransomware screenshot
Scroll down for full removal instructions

Even though BDKR Ransomware might be distributed masqueraded as useful software and thus users can, theoretically, download it themselves, it is usually spread via spam emails, specialists say. Users receive emails that contain malicious attachments, or they might find a link inside an email received. Never click on suspicious links emails contain because you might initiate the malware download with the single click. Speaking about the modus operandi of BDKR Ransomware, this infection will copy itself to %WINDIR% once launched. Also, it creates a point of execution (a value in the Run registry key) so that a victim could not disable it by restarting his/her computer. It is quite sophisticated malware, but we can assure you that even more sophisticated threats exist. They often use various evasion techniques in order to slither onto computers undetected, so it might be extremely difficult to prevent them from entering the system. Luckily, antimalware tools come to the rescue.

Below you will find instructions that will help you to delete BDKR Ransomware. Please eliminate this infection ASAP because it will stay active on your computer and might cause you a lot of trouble if you decide to take no action.

Delete BDKR Ransomware

  1. Open Task Manager (tap Ctrl+Shift+Esc).
  2. Open Processes.
  3. Kill two processes: the random name process and searchfiles.exe.
  4. Close Task Manager and open Registry Editor (tap Win+R, type regedit, and click OK).
  5. Move to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  6. Delete the searchfiles value pointing to %WINDIR%\searchfiles.exe and the unlock value pointing to C:\How To Restore Files.txt.
  7. Close Registry Editor and open Windows Explorer (tap Win+E).
  8. Type %WINDIR% in the Explorer’s URL bar and tap Enter.
  9. Remove searchfiles.exe.
  10. Erase all suspicious files you have downloaded recently.
  11. Empty Recycle Bin.

In non-techie terms:

BDKR Ransomware is a new infection detected by our specialists. Once executed, it makes modifications on the affected computer and then encrypts personal files. Users can purchase the decryptor to unlock their files with from cyber criminals, but we would recommend dismissing the idea of sending money to malware developers immediately because you might not get anything from them in exchange. Simply remove BDKR Ransomware and wait till free decryptor is released or use a backup to retrieve affected files.