Home / Spyware Help / Eq Ransomware Removal Guide

Eq Ransomware Removal Guide

by 0 Comments

Do you know what Eq Ransomware is?

Eq Ransomware is a dangerous computer infection that will not let you go unless you pay the ransom fee. Of course, computer security experts say that paying the ransom only encourages cybercriminals to carry on with their malevolent deeds. In fact, the thing that you need to focus on right now is removing Eq Ransomware from your system. Although it is not that complicated to delete this infection on your own, you can always invest in a legitimate security tool that will do the job for you, especially if you do not feel confident about it.

What do we know about Eq Ransomware? Based on the tests that we have conducted in our lab, we can assume that this ransomware targets only several operating systems. At least we couldn’t get the infection to work on Windows 10, while our Windows 7 environment got infected properly. Of course, we cannot guarantee that there is only version spreading around, so it is quite possible that some version of this program doesn’t work on Windows 10, but there is a new version on its way that will encrypt files on Windows 10, just fine. Either way, it is important to not underestimate this infection.

Eq Ransomware clearly doesn’t want you to retrieve your files because when it enters your computer, it deletes the Shadow Volume copies (provided you have had them enabled). Shadow Volume copies allow you to restore the files that have been lost, and Eq Ransomware makes sure that you no longer have not copies because it cannot afford your having ways to get your files back. After all, this infection needs you to purchase the decryption key, so it needs to make you think that paying these criminals is the only way to retrieve your data.Eq Ransomware Removal GuideEq Ransomware screenshot
Scroll down for full removal instructions

Like most of the ransomware programs, Eq Ransomware also adds an appendix to all the encrypted files. You will see that the icon of the affected files and the filename has been changed. Also, we have found that the appendix changes according to the operating system that you use. For example, on Windows 10 (which didn’t work properly for us), the appendix was ‘.gsg,’ while on Windows 7, all the filenames got the appendix ‘.fuck.’ Either way, if the files do get encrypted, it is easy to see that because the system can no longer read them. What’s more, Eq Ransomware encrypts the entire disk that it landed on, and other HDD partitions.

Once the encryption is complete, this program also drops a ransom note. The ransom note filename is ‘readme_back_files.htm.’ The ransom note says the following:

YOUR PERSONAL ID:
[alphanumeric ID]
YOUR FILES ARE ENCRYPTED!
TO DECRYPT, FOLLOW THE INSTRUCTIONS BELOW.

To recover data you need decryptor.

To get the decryptor you should:
Send 1 encrypted test image or text file or document to supportonl@cock.li ||| supportonl@airmail.cc
<…>
We will give you the decrypted file and assign the price for decryption all files

As you can obviously tell from the ransom note that no definite price on the decryption has been settled, and so the criminals might as well pull whichever ransom amount, they prefer. In fact, it is very unlikely that they would issue the decryption key in the first place. But this program was released a while ago, and so there could be a public decryption tool available. Do not hesitate to run a web search on that one. The bottom line is that you should never contact these criminals, and you must remove Eq Ransomware right now.

If you happen to have a system backup, you can actually delete the encrypted files and don’t bother with the decryption tool at all. Simply transfer the healthy copies back into your computer. Just don’t forget to acquire a reliable antispyware tool to protect your PC from harm, and do everything you can to avoid similar infections in the future. That includes avoiding spam email and the attachments that come with it. If you must open some attached file that arrived with an unexpected email, do not hesitate to scan it with a security tool before opening it. For all its worth, by doing it, you might protect your PC from a ransomware infection.

How to Remove Eq Ransomware

  1. Press Ctrl+Shift+Esc and Task Manager will open.
  2. Open Process and highlight suspicious processes.
  3. Click End Process and close Task Manager.
  4. Delete recently downloaded files from your Desktop.
  5. Open your Downloads folder and remove the most recently downloaded files.
  6. Press Win+R and type %TEMP%. Click OK.
  7. Remove the most recently downloaded files from the directory.
  8. Press Win+R again and type regedit. Click OK.
  9. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  10. On the right pane, right-click and delete the HD AUDIO value.
  11. Exit Registry Editor and scan your computer with SpyHunter.

In non-techie terms:

Eq Ransomware is a dangerous computer infection, but you probably know that already. Now you have to scramble to retrieve your files and remove Eq Ransomware from your computer. Although it is not hard to terminate this infection, it might take some time before you restore the encrypted files. If decryption is not possible, you might have to start building your data library anew. Do not feel discouraged by it, and invest in your cyber security right now.