Eq Ransomware

What is Eq Ransomware?

Eq Ransomware is a dangerous infection that might invade your Windows operating system if you do not secure it appropriately. It is crucial that you install legitimate security/anti-malware software to keep the operating system guarded, and it is also important that you act cautiously. Most file-encrypting infections invade operating systems using the help of victims themselves, who, of course, have no idea what is going on. In a popular scenario, the launcher of the threat is camouflaged as a harmless file that is sent via email. If the victim clicks the file to open or download it, the malicious ransomware is executed immediately, without any notice. The threat needs to stay silent so that it could encrypt files and perform other malicious actions. Without a doubt, if you spot the infection right away, you must delete it; otherwise, your files will be destroyed. Continue reading if you want to understand what happens with your files, how to protect yourself in the future, and, of course, how to remove Eq Ransomware.

How does Eq Ransomware work?

The sample tested by our Anti-Spyware-101.com research team revealed that Eq Ransomware works only on Windows 7. When the infection was tested on Windows 10, it crashed immediately. Unfortunately, we do not know if that is a permanent bug or if the threat can be fixed and used to attack different versions of the Windows operating system. All in all, if the threat finds its way in, it starts making a mess immediately. First, Eq Ransomware deletes shadow volume copies using the “cmd /c vssadmin delete shadows /all /quiet” command to ensure that you cannot recover files using a system restore point. After that, the threat goes after your personal files, which it does by encrypting them using a special encryption key. When files on Windows 7 are encrypted, the “.fuck” extension is added to their names. When the threat encrypts files on Windows 10 – if it can do it – the “.gsg” extension is added instead. According to our research team, the infection can encrypt files in the entire disk, and it can even encrypt HDD partitions.

After the attack, Eq Ransomware creates a file named “readme_back_files.htm” to explain what is expected from you. The file opens a message that, first, displays a unique ID, and then it informs that you need a decryptor to have the files restored. To get this tool, you are expected to send the ID and one encrypted file to supportonl@cock.li or supportonl@airmail.cc. The ransom note also suggests that you would be creating more problems if you installed anti-virus software that could remove the infection or if you tried to decrypt files yourself. Unfortunately, decrypting files corrupted by Eq Ransomware manually is not possible, and our research team could not find a legitimate tool that would help with that either. What does that all mean? It means that if your files were encrypted, you are in quite a predicament. In fact, you can escape this mess only if your files are backed up. If you pay the ransom – which will be requested if you contact cyber criminals – the decryptor you are promised will not be provided to you. However, if your files are backed up, all you need to do is remove the infection and replace the corrupted copies with backups.

How to remove Eq Ransomware

We are sure that you want to delete Eq Ransomware from your operating system as soon as possible, and there is no reason to wait any longer. Your final decision should be whether or not you want to erase the threat manually. If that is your choice, you must inspect your operating first to check if there are other threats that are active. Next, you need to find the launcher of the threat, and since its location and name are unknown, we cannot help you with this step. Maybe a reliable malware scanner can help with that. Finally, you need to eliminate the remaining components, which are listed in the guide below. Another option you have is to install an anti-malware program that could automatically detect and delete every single malicious component. Hopefully, you know what to do, and the devious Eq Ransomware is eliminated in no time, but if you still have questions, do not hesitate to leave them in the comments section below.

Removal Instructions

1. Right-click the Taskbar and select Start Task Manager.
2. In the Processes tab look for unfamiliar, malicious processes and right-click them.
3. Choose Open file location to find the malicious .exe files.
4. End processes and Delete .exe filesif you find them. A few possible locations could be:
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
   • %TEMP%
5. Delete all copies of the ransom note file, readme_back_files.htm.
6. Launch RUN by tapping Win+R and then launch Registry Editor by entering regedit.exe into the box.
7. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
8. Delete the value named HD AUDIO (the value data should point to the launcher and its location).
9. Move to HKCU\Software\.
10. Delete the key named FUCK.
11. Exit all windows and then Empty Recycle Bin.
12. Perform a full system scan once more to check for any leftovers that might require attention. Download Removal Tool100% FREE spyware scan and
    tested removal of Eq Ransomware*

Stop these Eq Ransomware Processes: