Updated: All_Your_Documents Ransomware Virus (Removal Steps and Protection Updates)

The All_Your_Documents Ransomware is a new malware threat which is of unknown origin and features a slightly different behaviour, continue reading our removal guide to learn more.

All_Your_Documents Ransomware Description

The All_Your_Documents Ransomware is a new malware strain of unknown origin. At the time of writing this article the in-depth security analysis was not yet complete, so we have only limited information available about it’s technical details.

The difference between this virus and other similar threats is that it encrypts all target user files in a single archive file named All_Your_Documents.rar.

The ransomware crafts the following ransom note after the encryption process has been complete:

ATTENTION! AUFMERKSAMEIT! ATTENTION! ATENCION! ATTENZIONE!

TO GET BACK YOUR FILES READ CAREFULLY!
UM IHRE DATEIEN ZURUCK, BITTE SORGFALTIG LESEN!
POUR RECUPERER VOS FICHIERS, S’IL VOUS PLAIT LIRE ATTENTIVEMENT!
PARA OBTENER LOS ARCHIVOS DE NUEVO, POR FAVOR, LEA CON CUIDADO!
PER OTTENERE IL VOSTRO FILES INDIETRO, SI PREGA DI LEGGERE ATTENTAMENTE!

##############################################

Where did you all your files?

Your documents on all drives (photos, videos, docs, etc.)
have been moved to password – protected WinRAR archives.

This archives is located in the root of each disk, in folder
“All_Your_documents” and file name is “All-Your_Documents.rar”.

Full path on all drives:

Drive:\\All_Your_Documents\All_Your_Documents.rar

——————————————————

To open .rar. archive, you need to install WinRAR.
To open .rar archive, CAREFULLY follow these steps:

1) If you do not have WinRAR archiver – donwnload and install it:

Link: http://www.rarlab.com/rar/wrar540.exe

Note: you will need WinRAR version 5.00 or higher.
Now you can view the contents of the .rar archive,
but to extract the files you will need the password.

2) To get the password of RAR archive, download and install TOR browser:

Link: https://www.torproject.org/download/download-easy.html on

3) Open TOR browser, and put this address in browser address bar:

Link: http://klbibg1rxtdmpmr7i.onion/user/

Note: link can only be opened in a TOR browser. Opening page can
take a long time. Please try again in a few minutes in case of error,
close and open your TOR browser and try again.

4) Copy and paste text located below into text-box on this page and click button.

[redacted]

##########################
###########################
###################

Upon infection with the payload the included script connects to the remote C&C server and downloads the virus executable. Depending on the predefined configuration of individual samples the ransomware may be dropped in one of the following folders:

• %Local%
• %Roaming%
• %SystemDrive%
• %LocalRow%

The encryption engine targets the most widely used data files which include the following – Microsoft Office documents, PDF files, databases, music, photos, videos, configuration files, archives and etc.

Some of the updated strains of the All_Your_Documents ransomware have been identified to use JavaScript, Windows Script Host and VBScript to execute their attack.

The following files are associted with the infection:

• All_Your_Documents All Your Files in Archive!.txt – The ransomware note.
• All_Your_Documents.rar – The encrypted archive itself.
• All_Your_Documents(:).lnk – A shortcut which leads to the virus infection.

In addition the virus may mask as one of the following files:

svchost.exe, {random name}.js,{random name}.exe _tmp.dat, rar.exe, wrar.exe, wrar.tmp.exe,
tmp{random}.exe, out.wsf, SysHost64.wsf

The following target file type extensions are affected by the encryption engine:

.$er, ._eml, .000, .001, .002, .113, .123c, .123d, .123dx, .1ph, .2d, .2mg, .360, .3d, .3d2, .3d4, .3da, .3dc,
.3df, .3dl, .3dm, .3dmf, .3dmk, .3don, .3dp, .3dr, .3ds, .3dt, .3dv, .3dw, .3dx, .3dxml, .3fr, .3g2, .3ga, .3gp, .3gp2,
.3gpp, .3gpp2, .3mm, .3p2, .4db, .4dd, .4dv, .4mp, .4th, .4ui, .60d, .6cm, .73b, .787, .7z, .7z.001, .7z.002, .8cm, .8pbs,
.8svx, .8xi, .9.png, .a00, .a01, .a02, .a2c, .a2m, .a3w, .a4m, .a4p, .a4w, .a52, .a5rpt, .a5w, .a65, .aa, .aa3, .aac,
.aam, .aao, .aax, .ab3, .abcd, .abdata, .abf, .abk, .abm, .abw, .abx, .aby, .ac3, .ac5, .ac6, .accdb, .accde, .accdr,
.acd-zip, .ace, .acm, .acp, .acr, .act, .adc, .adcp, .ade, .adf, .adp, .adts, .adz, .aep, .aepx, .aes, .aet, .aetx,
.af2, .af3, .afc, .afd, .aff, .afp, .afs, .aft, .afx, .agd, .aggr, .agi, .agp, .ai, .aic, .aif, .aifb, .aifc, .aiff,
.aim, .aimppl, .ain, .ais, .aiv, .ajp, .akp, .al, .alac, .alaw, .albm, .all, .alp, .als, .alz, .am4, .am5, .am6, .am7,
.amc, .amf, .amr, .ams, .amu, .amv, .amx, .amz, .an, .an8, .anh, .anim, .anm, .anme, .ans, .aob, .aof, .ap, .apd, .ape,
.aph, .apm, .apng, .aps, .apt, .apx, .apz, .arc, .ard, .arff, .arh, .ari, .aria, .ariax, .arj, .ark, .aro, .arr, .arsc,
.art, .artproj, .artwork, .arw, .as, .as2proj, .as3proj, .as4, .asat, .asc, .ascii, .ascs, .asd, .ase, .ashprj, .ashx,
.asm, .asnd, .asp, .aspx, .asw, .at3, .ate, .ati, .atl, .atm, .atr, .atrac, .au, .au3, .aud, .aup, .aut, .ava, .avchd,
.avhd, .avi, .avp, .awb, .awd, .awdb, .awm, .aww, .axx, .ay, .azf, .azs, .azw, .azw1, .azw3, .azw4, .azz, .b1, .b2a,
.b3d, .b4s, .b5i, .b64, .b6i, .ba, .bac, .bak, .bak~, .bak2, .bak3, .bakx, .band, .bap, .bas, .bay, .bb, .bbc, .bbcd,
.bcf, .bci, .bck, .bcl, .bcm, .bdb, .bdf, .bean, .bet, .bfa, .bfc, .bfx, .bgt, .bh, .bho, .bhx, .bib, .bidule, .bik,
.bim, .bix, .bk1, .bkc, .bkf, .bkk, .bkp, .bks, .bld, .blend, .blend1, .blend2, .blkrt, .bluej, .blz, .bm2, .bmc,
.bmf, .bmz, .bna, .bnp, .boc, .bok, .bonk, .boo, .book, .box, .bp3, .bpa, .bpb, .bpd, .bpdx, .bpf, .bpg, .bpk, .bpm,
.bpn, .bpnueb, .bpr, .bps, .bpw, .br3, .br4, .br5, .br6, .br7, .brain, .brd, .brf, .brk, .brl, .brn, .bro, .brw,
.bs2, .bs4, .bsd, .bsdl, .bsf, .bsk, .btd, .btf, .btif, .btoa, .bup, .bur, .bvd, .bvp, .bwf, .bwg, .bwi, .bws,
.bwt, .bww, .bz, .bz2, .bza, .bzabw, .bzip, .bzip2, .c, .c00, .c01, .c02, .c10, .c2d, .c3d, .c3z, .c4, .c4d,
.caf, .caff, .cal, .cals, .cam, .camm, .camproj, .camrec, .camv, .can, .cap, .caproj, .capx, .car, .cawr, .cbl,
.cbp, .cbr, .cbu, .cbz, .cc, .cca, .ccb, .ccd, .ccf, .cch, .ccr, .ccs, .cct, .cd, .cd2, .cd5, .cdb, .cdd, .cdda,
.cddx, .cdf, .cdg, .cdi, .cdm, .cdmm, .cdmt, .cdmtz, .cdmz, .cdo, .cdpx, .cdpz, .cdr, .cdt, .cdw, .cdz, .ce, .ceb,
.cedprj, .cef, .cel, .celtx, .cf2, .cfa, .cff, .cfs, .cg, .cg3, .cga, .cgm, .cgp, .ch3, .chef, .chg, .chml, .chn,
.cib, .cif, .cil, .cimg, .cin, .cit, .ck9, .ckd, .ckf, .ckp, .ckt, .cl2, .cl2arc, .cl2doc, .cl2lyt, .cl2tpl, .cl4,
.cl5, .class, .clb, .clg, .clk, .cls, .clx, .cm10, .cmap, .cmbl, .cmf, .cmmp, .cmod, .cmx, .cmz, .cna, .cnd, .cng,
.cnm, .cnv, .cob, .colz, .cov, .cp9, .cpb, .cpc, .cpd, .cpe, .cpf, .cpg, .cph, .cpio, .cpk, .cpmz, .cpp, .cpr,
.cps, .cpt, .cptx, .cpx, .cpy, .cr2, .crd, .crds, .crev, .crt, .crtr, .crtx, .crw, .crypted, .cryptra, .crz,
.cs, .csa, .csd, .csf, .csh, .csi, .cso, .csp, .csproj, .csr, .csx, .ct, .ctm, .cts, .ctv, .ctv3, .cu, .cub,
.cut, .cv5, .cvc, .cvg, .cvi, .cvs, .cvw, .cvx, .cwb, .cwk, .cwp, .cwt, .cwz, .cx3, .cxd, .cxf, .cxp, .cxt,
.cxx, .cyp, .cys, .czd, .czi, .czip, .czp, .d00, .d01, .d2v, .d3d, .d3v, .d64, .da2, .daa, .daf, .dal, .dam,
.dao, .dash, .dav, .dax, .daz, .db, .db1, .db3, .dba, .dbc, .dbd, .dbf, .dbk, .dbo, .dbpro, .dbproj, .dbr,
.dbs, .dbt, .dbv, .dbx, .dc, .dc2, .dc3, .dc4, .dca, .dcb, .dcd, .dce, .dcf, .dcm, .dco, .dcpf, .dct, .dcx,
.dd, .ddl, .ddrw, .dds, .ddt, .ded, .deproj, .des, .design, .det, .dev, .dex, .df1, .df2, .dfc, .dff, .dfg,
.dfk, .dfproj, .dfs, .dft, .dfx, .dgb, .dgc, .dgk, .dgn, .dgs, .dib, .dicom, .dif, .dig, .dim, .dime, .dis,
.divx, .djr, .djv, .djvu, .dke, .dls, .dlv, .dlx, .dm, .dm3, .dmb, .dmf, .dmo, .dmr, .dms, .dmsa, .dmsd, .dmsd3d,
.dmse, .dmsm, .dmsm3d, .dmsp, .dmss, .dmx, .dna, .dnc, .dne, .dng, .dnl, .dob, .doc, .docm, .docx, .docxml, .docz,
.dot, .dotm, .dotx, .dov, .dp1, .dpb, .dpd, .dpp, .dpr, .dproj, .dra, .drf, .drg, .drmx, .drw, .drz, .ds2, .dsa, .dsd,
.dse, .dsf, .dsg, .dsgm, .dsi, .dsk, .dsm, .dso, .dsp, .dss, .dsx, .dsy, .dta, .dtp, .dtr, .dts, .dtshd, .dtx, .dv,
.dv4, .dv-avi, .dvdproj, .dvds, .dvf, .dvg, .dvo, .dvr, .dvr-ms, .dvx, .dw, .dwa, .dwd, .dwf, .dwfx, .dwg, .dwp,
.dwz, .dx, .dxb, .dxf, .dxg, .dxr, .dz, .e01, .e4a, .e57, .eap, .ear, .ebk, .ecm, .ecp, .ecs, .eda, .edat2, .edb,
.ede, .edf, .edfx, .edg, .edge, .edk, .edn, .edq, .edrwx, .eds, .edv, .efa, .efe, .efk, .efl, .efq, .efr, .efs,
.efu, .efv, .efx, .egc, .egg, .egp, .eio, .eip, .ekb, .el, .email, .emc, .eml, .emlx, .enc, .enex, .ep, .epf,
.epi, .epp, .eps, .epsf, .epub, .eql, .er1, .erf, .erl, .es2, .esb, .esf, .eui, .evo, .evr, .evy, .ewb, .ewd,
.ex, .exb, .exl, .exm, .exp, .exr, .exw, .eye, .ezp, .f04, .f06, .f32, .f3d, .f4a, .f4p, .f4v, .f64, .f90, .fac,
.face, .facefx, .fasta, .fax, .fb2, .fbc, .fbf, .fbk, .fbm, .fbp, .fbp7, .fbr, .fbw, .fbz, .fbz7, .fcd, .fcf,
.fcgi, .fcstd, .fcw, .fdd, .fdi, .fdp, .fdr, .fds, .fdx, .fft, .fg, .fgl, .fh10, .fh11, .fh3, .fh4, .fh5, .fh6,
.fh7, .fh8, .fh9, .fhd, .fhf, .fif, .fig, .fimpp, .fits, .fla, .flac, .flame, .flb, .flka, .flkb, .flo, .flow,
.flp, .flr, .flt, .flv, .flx, .fm, .fmpsl, .fmv, .fmz, .fnbk, .fnc, .fodp, .fods, .fodt, .fop, .forth, .fox,
.fp3, .fp8, .fpa, .fpenc, .fpf, .fpj, .fpos, .fpp, .fpx, .frg, .frj, .frm, .fro, .frx, .fry, .fs, .fsif, .fsm,
.fsproj, .fsq, .fsx, .ft10, .ft11, .ft7, .ft8, .ft9, .ftl, .ftm, .ftmb, .ftn, .ftw, .fwdn, .fx, .fxa, .fxcproj,
.fxl, .fxm, .fxml, .fxs, .fz, .fza, .fzf, .fzp, .fzz, .g3, .g721, .g723, .g726, .gal, .gan, .gb1, .gb2, .gbap,
.gbas, .gbi, .gbk, .gbs, .gca, .gcd, .gcdp, .gcw, .gcx, .gdf, .gdrive, .gds, .ged, .gem, .gen, .geo, .gexf, .gfar,
.gfb, .gfe, .gfp, .gho, .ghs, .gi, .gig, .gih, .gkh, .gl, .gla, .glade, .glb, .gld, .glox, .gls, .gm, .gm6, .gm81,
.gmd, .gmk, .gmspr, .gmx, .gmz, .gno, .gom, .gp3, .gp5, .gpd, .gpf, .gpg, .gpj, .gpp, .gpr, .gra, .grade, .grasp,
grf, .grn, .gro, .grob, .groove, .groovy, .grr, .gry, .gs3, .gsd, .gsm, .gsproj, .gszip, .gtar, .gtp, .gts, .gvi,
.gvy, .gwp, .gxd, .gxk, .gz, .gz2, .gza, .gzip, .h, .h0, .h11, .h12, .h264, .ha, .hal, .haml, .has, .hbc, .hbc2,
.hbe, .hbk, .hbx, .hcc, .hce, .hci, .hcp, .hcr, .hcx, .hdmov, .hdp, .hdr, .hdv, .hex, .hf, .hfs, .hfv, .hh, .hip,
.hipnc, .hki, .hki1, .hki2, .hki3, .hkm, .hlsl, .hma, .hmi, .hmk, .hmxp, .hpd, .hpi, .hpk, .hpl, .hpp, .hqx, .hr,
.hrf, .hrl, .hs, .hsf, .html0, .htmlz, .htxt, .htz4, .htz5, .hwp, .hxn, .hxx, .hyp, .hz, .i00, .i01, .i02, .iba, .ibb,
.ibcd, .ibq, .ic1, .ic3, .ic3d, .ica, .icap, .icb, .ice, .icml, .icmt, .icpr, .ics, .idap, .idea, .idml, .idms, .idpk,
.idw, .if, .ifc, .ifczip, .iff, .iges, .igs, .igx, .iiq, .ilbm, .ildoc, .ima, .imd, .imf, .img, .imj, .imz, .incd,
.inct, .incx, .ind, .indb, .indd, .inds, .ink, .inl, .inm, .ino, .int, .ipd, .ipf, .ipj, .ipk, .ipn, .ipt, .ipx,
.ircp, .irf, .irock, .irp, .irx, .ish, .ish2, .ish3, .isma, .ismv, .iso, .isoz, .isz, .iv, .iv2i, .iva, .ive, .ivf,
.ivr, .iw, .iwxdata, .iwz, .ix2, .ixa, .ixb, .ize, .izz, .izzy, .j, .j2c, .j2k, .j3o, .jac, .jam, .jar.pack, .jas,
.jav, .java, .jb2, .jbc, .jbig, .jbig2, .jbk, .jbmp, .jclic, .jcp, .jed, .jfif, .jfsl, .jic, .jif, .jiff, .jis,
.jng, .jo, .jo-7z, .job, .joe, .jp1, .jp2, .jpc, .jpe, .jpeg, .jpf, .jpg, .jpg2, .jpr, .jps, .jpx, .jrtf, .jsd, .jsda,
.jsfl, .jt, .jtf, .jts, .jtv, .jtx, .jude, .jvsg, .jwl, .jxr, .k25, .k26, .k3g, .kar, .kb2, .kdbx, .kdc, .kde, .kdk,
.key, .kfn, .kfx, .kgb, .kic, .kin, .kit, .kmv, .kodak, .koob, .koz, .kpf, .kpg, .kpp, .kpr, .kpx, .krz, .ktp, .ktz,
.kwd, .kwm, .kyr, .kz, .layout, .lbm, .lbr, .lcb, .lcd, .lcn, .ldr, .legal, .lha, .lhs, .lid, .lisp, .lit, .ljp,
.llx, .lnt, .lnx, .lp, .lp2, .lp7, .lpdb, .lpp, .lqr, .lqt, .lrc, .lrec, .lrs, .lrv, .lsp, .lsproj, .ltr, .luf,
.lut, .lutx, .lvp, .lvw, .lw4, .lwd, .lwo, .lwp, .lws, .lxf, .lxo, .lxsproj, .lyc, .lyx, .lz, .lzh, .lzma, .lzo,
.lzx, .m, .m12, .m15, .m1a, .m1pg, .m1v, .m21, .m2a, .m2t, .m2ts, .m2v, .m3, .m4a, .m4b, .m4e, .m4p, .m4r, .m4v,
.m75, .ma, .ma1, .mag, .magik, .mani, .mars, .mart, .mat, .mav, .maw, .max, .maxc, .mb, .mbb, .mbd, .mbf, .mbk, .mbm,
.mbw, .mc2, .mcd, .mcdx, .mcf, .mcp, .mcrp, .mcs, .mcsp, .mcsx, .mcxe, .md, .md0, .md1, .md2, .md8, .mdb, .mdbackup,
.mdc, .mddata, .mdf, .mdi, .mdinfo, .mdl, .mdx, .mdzip, .med, .mef, .meo, .mer, .mesh, .mfa, .mfp, .mga, .mgcb, .mgf,
.mgmt, .mgmx, .mgs, .mgtx, .mic, .mid, .midi, .mig, .mim, .mime, .min, .mip, .mix, .mj2, .mjp, .mjpg, .mk3d, .mka,
.mkv, .mlb, .mlp, .mma, .mmat, .mme, .mmf, .mml, .mmm, .mmp, .mmpz, .mmv, .mnc, .mng, .mnk, .mny, .mo3, .mob, .mobi,
.mod, .modd, .model, .mogg, .moho, .moi, .moov, .mos, .mot, .mou, .mov, .movie, .mox, .mp, .mp_, .mp1, .mp10, .mp11
.mp2, .mp21, .mp2v, .mp3, .mp4, .mp4v, .mp7, .mp9, .mpa, .mpb, .mpc, .mpdp, .mpe, .mpeg, .mpeg1, .mpeg4, .mpf, .mpg,
.mpg2, .mpga, .mpi, .mpj, .mpo, .mpp, .mppz, .mpu, .mpv, .mpv2, .mpz, .mpzip, .mqo, .mqv, .mrb, .mrml, .mrw, .mrxs,
.ms11, .ms3d, .ms7, .ms8, .ms9, .mscx, .msdvd, .msg, .msh, .msif, .msp, .msv, .mswmm, .mt9, .mth, .mts, .mtv, .mtx,
.mtz, .muf, .muz, .mv, .mv_, .mvb, .mvd, .mve, .mvex, .mvp, .mvy, .mwb, .mws, .mwx, .mx, .mx3, .mx4, .mx5, .mxf, .mxs,
.mxv, .myd, .myl, .mys, .mzp, .na2, .nap, .nb, .nb7, .nba, .nbak, .nbc, .nbd, .nbf, .nbp, .nbs, .nbu, .nc, .ncd, .nco, .ncor,
.ncorx, .ncr, .nct, .nef, .neko, .neo, .neu, .nfb, .nfc, .nff, .nfi, .ngc, .ngd, .nim, .njx, .nmp, .nmsv, .nni, .nnp, .npf,
.npp, .npr, .nps, .nqc, .nrbak, .nrg, .nri, .nrt, .nrw, .nsa, .nsv, .ntf, .nut, .nuv, .nvc, .nvf, .nvram, .nwbak, .nwc, .nwctxt,
.nwd, .nwf, .nxc, .nzb, .oab, .oar, .obd, .obk, .occ, .oci, .ocr, .odb, .odc, .odf, .odg, .odi, .odm, .odp, .ods, .odt, .oeb,
.ofc, .off, .ofr, .oga, .ogg, .ogm, .ogv, .ogx, .old, .olk, .oma, .omf, .omg, .one, .ontx, .opd, .opf, .opj, .opus, .or3, .or4,
.or5, .or6, .orf, .ori, .orig, .ort, .orv, .ot, .ota, .otb, .otg, .otl, .otrkey, .otx, .ovf, .ovl, .ovw, .oxps, .p, .p01, .p19,
.p21, .p2g, .p2i, .p2z, .p3, .p3d, .p6, .p65, .p7, .p7b, .p7c, .p7m, .p7s, .pab, .pac, .pack.gz, .package, .pae, .pak, .pakm,
.pano, .pap, .paq6, .paq7, .paq8, .paq8f, .par, .pas, .pat, .pax, .pbb, .pbk, .pbm, .pbproj, .pc1, .pc2, .pc3, .pc6, .pca,
.pcd, .pcm, .pct, .pcv, .pcx, .pdb, .pdc, .pdd, .pder, .pdf, .pdfxml, .pdg, .pdi, .pdl, .pdm, .pdn, .pdp, .pds, .pdwr, .pe4,
.pea, .pef, .pem, .pep, .pex, .pez, .pf, .pfc, .pfd, .pfi, .pfl, .pfv, .pfx, .pgd, .pgf, .pgi, .pgm, .pgp, .pgpf, .pgx, .phb,
.phj, .phl, .photoshow, .php, .php3, .php4, .php5, .phtm, .phtml, .pi1, .pi2, .pi3, .pi4, .pi5, .pi6, .pic, .picnc, .pict,
.pigs, .pika, .pim, .pis, .pit, .pix, .piz, .pjpeg, .pjpg, .pjx, .pkey, .pkg, .pl1, .pl2, .pla, .pln, .plproj, .plt, .ply,
.pm3, .pm4, .pm5, .pm6, .pmatrix, .pmd, .pmf, .pmg, .pmlz, .pmm, .pmo, .pna, .pni, .pnm, .pnproj, .pnpt, .pnt, .pntg, .pobi,
.pobj, .pod, .pop, .pov, .pp2, .pp4, .pp5, .ppc, .ppcx, .ppf, .ppj, .ppk, .ppm, .ppr, .pps, .ppsm, .ppsx, .ppt, .pptm,
.pptx, .ppz, .pqi, .prc, .prd, .prefab, .prel, .prg, .prj, .prn, .pro4, .pro4dvd, .pro5, .pro5dvd, .project, .proqc, .prproj,
.prs, .prt, .prz, .psa, .psb, .psd, .psdx, .pse, .psf, .psh, .psm, .psm1, .psp, .pspd, .psr, .pss, .pssd, .pst, .psu, .psw,
.psw6, .psz, .pt, .ptcop, .ptg, .ptr, .ptw, .ptx, .pub, .puz, .pva, .pvc, .pvk, .pvm, .pvr, .pwd, .pwi, .pwn, .pwp, .pwr, .pwrep,
.pws, .px, .pxf, .pxi, .pxj, .pxr, .pxv, .py, .pyw, .pyx, .pz2, .pz3, .pza, .pzp, .pzs, .pzz, .q07, .q08, .q09, .q3c, .q3d, .qba,
.qbb, .qbk, .qbm, .qbmb, .qbmd, .qbw, .qbx, .qby, .qcow, .qcow2, .qcp, .qda, .qdb, .qdf, .qdl, .qdt, .qel, .qic, .qif, .qml,
.qpb, .qpf, .qpw, .qrp, .qsd, .qt, .qti, .qtif, .qtm, .qtz, .quiz, .quox, .qvp, .qvw, .qx, .qxb, .qxd, .qxf, .qxp, .r0, .r00,
.r01, .r02, .r03, .r1, .r2, .r21, .r30, .r3d, .ra, .rad, .raf, .ral, .ram, .rar, .rar5, .ras, .ratdvd, .raw, .rax, .ray, .rb,
.rbc, .rbf, .rbp, .rbw, .rcd, .rcl, .rcx, .rcy, .rdb, .rdi, .rdl, .rdlx, .rds, .rdx, .rec, .record, .rev, .rex, .rfp, .rgb,
.rgf, .rgmb, .rgmc, .rgo, .ric, .rif, .riff, .rix, .rk, .rle, .rli, .rm, .rmd, .rmf, .rmi, .rms, .rmuf, .rmvb, .rmx, .rnc,
.rnq, .rns, .roca, .roxio, .rp9, .rpa, .rpd, .rpf, .rpmsg, .rpp, .rpprj, .rpt, .rri, .rs, .rsa, .rsb, .rsg, .rsn, .rso,
.rsp, .rsv, .rta, .rte, .rtf, .rtx, .rv, .rvl, .rvt, .rvx, .rw2, .rwg, .rwl, .rx2, .rxc, .rzb, .rzk, .rzs, .rzx, .s00,
.s01, .s02, .s85, .sab, .saf, .safe, .safetext, .sai, .sam, .sap, .sar, .sat, .sb, .sb2, .sbb, .sbd, .sbg, .sbk, .sbp,
.sbs, .sbu, .sbw, .scad, .scg, .sci, .scm, .scn, .sco, .scp, .sct, .scu, .scv, .scw, .scx, .scz, .sd, .sd2, .sd2f, .sda,
.sdb, .sdc, .sdd, .sdf, .sdg, .sdii, .sdm, .sdo, .sdoc, .sdr, .sds, .sdsk, .sdv, .sdw, .sdx, .sdz, .sec, .sedprj, .sef,
.seg, .sep, .ser, .sesx, .sf, .sfc, .sfera, .sff, .sfpack, .sfs, .sfvidcap, .sfw, .sfx, .sgi, .sgml, .sgn, .sgp, .sgz
.sh3d, .sh3f, .shg, .shn, .show, .shp, .sht, .shtm, .shtml, .shw, .shy, .si, .sid, .sig, .sim, .sit, .sitx, .siv, .sk1,
.sk2, .skb, .skc, .skf, .skl, .skm, .skp, .skr, .skv, .sla, .sla.gz, .slb, .sld, .slddrw, .sldprt, .slf, .slp, .sls, .slx,
.sme, .smf, .smi, .smil, .smk, .sml, .smp, .sms, .smv, .smz, .sn1, .sn2, .sna, .snagproj, .snb, .snd, .sng, .snk, .sns,
.sob, .sonic, .sopt, .sou, .spa, .spb, .spc, .spd, .spdf, .spe, .spf, .sph, .spi, .spiff, .spj, .spk, .spl, .spp, .spt,
.spx, .sqb, .sqf, .sqlite, .sqlite2, .sqlite3, .sqx, .sqz, .sr, .sr2, .srep, .srf, .srw, .ssk, .ssnd, .ssp, .ssv, .std,
.ste, .step, .stg, .stk, .stn, .sto, .stp, .stproj, .stu, .stw, .stx, .styk, .stykz, .suf, .sumo, .sun, .suniff, .sv$,
.sva, .svd, .svf, .svg, .svgz, .svi, .svx, .sw, .swa, .swi, .swm, .swt, .sxd, .sxg, .sxi, .sxw, .syn, .syw, .t01, .t02,
.t03, .t04, .t05, .t06, .t07, .t08, .t09, .t10, .t11, .t12, .t13, .t2ks, .t2kt, .t3001, .t3d, .t64, .taac, .tab, .tak,
.tao, .tar.gz, .tar.gz2, .tar.lzma, .tar.xz, .tax08, .tax09, .tax10, .tax11, .tax12, .tax13, .taz, .tbk, .tbp, .tbz2,
.tc, .tcc, .tcr, .tcw, .tcx, .td0, .tda3mt, .tdb, .tddd, .tex, .text, .tg, .tg4, .tga, .tgd, .tgo, .thl, .thm, .thp,
.thx, .tib, .tif, .tiff, .tivo, .tjp, .tk3, .tl5, .tlb, .tlg, .tlh, .tli, .tlp, .tlz, .tm, .tm2, .tm8, .tmb, .tmc,
.tmd, .tme, .tmv, .tn1, .tn2, .tn3, .tne, .tnef, .tny, .toast, .toc, .tod, .top, .topc, .topprj, .topviw, .tp,
.tp0, .tpd, .tpi, .tpr, .tpz, .tr, .tr3, .tra, .trif, .trm, .trn, .trp, .ts, .tt10, .tt11, .tt12, .tt13, .tta, .ttbk,
.ttx, .tvl, .tvs, .twb, .twbx, .txa, .txf, .txt, .txw, .tzx, .u10, .u11, .u12, .ub, .uc2, .uci, .uds, .uea, .ufo, .ufr,
.uga, .uha, .uibak, .uif, .uof, .uos, .uot, .upf, .ustar, .utf8, .utxt, .uud, .uw, .uwf, .uwl, .v, .v2i, .v2m, .v3d,
.v3o, .val, .vap, .vbc, .vbg, .vbk, .vbp, .vbpf1, .vbproj, .vbw, .vc1, .vc4, .vc6, .vc8, .vcd, .vce, .vcf, .vco,
.vcp, .vcpf, .vcproj, .vcrd, .vcv, .vcxproj, .vda, .vdi, .vdo, .vdproj, .vdr, .vdw, .vec, .veg, .vem, .vep, .vet,
.vf, .vfd, .vff, .vfw, .vhd, .vhdx, .vic, .vid, .video, .viewlet, .viff, .vis, .viv, .vivo, .vix, .vlab, .vle,
.vlg, .vlp, .vlt, .vmdk, .vml, .vmo, .vmsd, .vmsn, .vmss, .vna, .vnt, .vob, .voc, .voi, .vox, .voxal, .voxb, .vp,
vp3, .vp6, .vp7, .vpd, .vpe, .vpj, .vpm, .vpp, .vpw, .vqf, .vrf, .vrl, .vrml, .vs4, .vsd, .vsdm, .vsdx, .vse, .vsh,
.vsmproj, .vsp, .vsq, .vst, .vstm, .vstx, .vtx, .vud, .vue, .vvd, .vw, .vyf, .w02, .w3d, .w64, .wb1, .wb2, .wb3,
.wbb, .wbc, .wbd, .wbk, .wbs, .wcat, .wcm, .wcp, .wdb, .wdf, .wdp, .web, .webm, .webp, .wem, .wgp, .wgs, .wi, .wic,
.wlmp, .wlp, .wma, .wmga, .wmmp, .wmp, .wmt, .wmv, .wn, .wot, .wp, .wp3, .wp4, .wp5, .wp6, .wp7, .wpa, .wpb, .wpc,
.wpd, .wpe, .wpg, .wpk, .wpl, .wpp, .wproj, .wps, .wpw, .wq1, .wq2, .wrf, .wri, .wrk, .wrp, .wsd, .wsdl, .wtv, .wtx,
.wv, .wve, .wvl, .wvp, .x_b, .x_t, .x3d, .x3f, .x64, .xaf, .xar, .xbdoc, .xbm, .xcf, .xdi, .xef, .xer, .xesc, .xfs,
.xif, .xise, .xl, .xlc, .xld, .xlf, .xlk, .xlm, .xlmv, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xlw, .xmap, .xmcd,
.xmcdz, .xmct, .xmd, .xmf, .xmi, .xmind, .xmmap, .xmpz, .xof, .xol, .xpm, .xpp, .xps, .xpt, .xq, .xql, .xquery,
.xqy, .xrp, .xry, .xsi, .xslic, .xtm, .xtp, .xv0, .xvid, .xwd, .xwf, .xwp, .xws, .xx, .xxe, .xz, .y, .y4m, .yab,
.yaodl, .ybk, .ydl, .ygf, .yka, .ym, .yml, .yml2, .ync, .yog, .ypr, .yuv, .yz, .yz1, .z3d, .zab, .zabw, .zap,
.zdp, .zfx, .zgm, .zi, .zif, .zip, .zipx, .zix, .zl, .zm1, .zm2, .zm3, .zmv, .zoo, .zpi, .zps, .zvr, .zw, .zz

It has been observed that the latest generation of the ransomware it skips some of the system folders. This is done in order not to corrupt the Windows operating system which ensures that the ransomware note can be displayed correctly:

• \AMD
• \AppData
• \Application Data
• \Boot
• \BOOTSECT.BAK
• \Chrome
• \Config.Msi
• \Dell
• \Drivers
• \ESTsoft
• \FIFA
• \Games
• \HeroOnline
• \HP
• \Intel
• \iTunes
• \League
• Local Settings
• \McAfee
• \Microsoft
• \MineCraft
• \nDoors
• \NortonInstaller
• \Norton
• \PerfLogs
• \Program Files
• \Program Files (x86)
• \ProgramData
• \Sample Media
• \Sample Music
• \Sample Pictures
• \Sample Videos
• \Setup
• \SmileGate
• \Steam
• \Temporary
• \TwelveSky
• \WarRock
• \Windows

All_Your_Documents Ransomware Distribution

The first samples of the All_Your_Documents Ransomware were identified in February 2017. The limited number of infections so far doesn’t give a clear conclusive answer as to which distribution method is preferred by the hackers.

We suspect that the operators of the attack campaigns utilise one of these methods:

• Installers – Viruses are often bundled with software installers that are found on dangerous download sites and BitTorrent trackers. Often malware such as this one can be found on illegal copies of applications, games, tools and patches.
• Email Spam – Spam messages are a popular delivery mechanism used to distribute various forms of malware. The virus can be linked or attached directly to the contents of the spam messages. In many cases the hackers use various social engineering tricks to increase the infection ratio.
• Malicious Redirects – All sorts of dangerous redirects can lead to an active virus infection. This includes malicious ads, browser hijackers and hacked sites.

Summary

All_Your_Documents Ransomware Ransomware Removal

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

1) Hit WIN Key + R

2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking”

STEP II: Show Hidden Files

1) Open My Computer/This PC
2) Windows 7
– Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option

3) Windows 8/ 10

– Open “View” tab
– Mark “Hidden items” option



4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely All_Your_Documents Ransomware Ransomware Using SpyHunter Anti-Malware Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

1) Use present backups
2) Restore your personal files using File History
– Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar



– Hit the “Restore” button

3) Using System Restore Point

– Hit WIN Key
– Select “Open System Restore” and follow the steps

STEP VII: Preventive Security Measures

1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.