Doctor@freelinuxmail.org is severely nasty ransomware which has recently victimized lots of PC users and got huge benefit illegally all over the world. Usually, this pest can be downloaded via malicious drive-by-download scripts from corrupted porn and shareware / freeware websites, installed through spam email attachments, media downloads and social networks or executed by other threats on system. As soon as Doctor@freelinuxmail.org successfully lurks into your PC, it will automatically launch itself once the Windows starts up, then it damages your programs by running lots of dangerous and unstoppable tasks in the background. After that, it uses codes to infects all your file such as media files (images, music, videos, docs, txts, etc). The ransomware is also believed to attack Windows backup and delete the File History. And file recovery software may not help much.
Before we decrypt any files we must get rid of the ransomware. To do so just follow these steps:
To remove Doctor@freelinuxmail.org, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing can cause your PC to be permanently damaged.
Avoid this by using this professional Doctor@freelinuxmail.org Scanner and Remover
The first thing you must do is Reveal All Hidden Files and Folders.
- Do not skip this. Doctor@freelinuxmail.org may have hidden some of its files.
Hold the Start Key and R – copy + paste the following and click OK:
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
Type msconfig in the search field and hit enter. A window will pop-up:
Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.
Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.
Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.
Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.
Type each of the following in the Windows Search Field:
Now lets decrypt Your Files
Fortunately for all our sake, Kaspersky have kindly provided the users with a free decryptor. It is called RakhniDecryptor and you can download it from Kaspersky’s virus fighting utilities page.
Here is how to decode your files using RakhniDecryptor:
Step 1: Download and start the RakhniDecryptor.exe:
Step 2: Click on the “Start Scan” button. It will open a window from which you can select a file to decrypt.
Step 3: Look for files that are more important to you first and select them to start the decryption process. This is because it may take some time. A good strategy is to attempt decrypting files that are smaller in size. This is because if the files have the same password other larger files can be automatically decrypted by the tool using the same password.
Step 4: Set your computer’s settings to prevent it from automatically shutting down. Here is how to stop your PC from shutting down.
1) Press +R and then type “powercfg.cpl”.
2) After the power plan window has opened go to Change plan settings for your current power plan.
3) After you are there, set everything to “Never” from the drop-down menus and then “Apply” it.
4) Close the Change plan settings Window and reopen it. Everything should look saved to “Never“. After this is done click on the blue highlighted text saying “Change advanced power settings”.
5) Check the Hard Disk option and if there are remaining times, switch them to never by clicking on the highlighted text like the picture above shows.
Finally, click on Apply and close it and you are done. Make sure your computer is plugged in the AC and the Power Plan with the changed settings is active. Decryption may take from several hours to several days, it really depends.