Just come back from a long and exhausting day at work, you have positioned yourself in front of your trusty PC to listen to music and relax a bit but… aaaaargh! All your files have been modified and have the extension .micro. Also, when trying to open them, a disturbing message appeared on the desktop stating that in order to view photos, PDFs and other documents again you will have to pay! Do you think you are crazy? Well, I'm sorry to disappoint you, but no, you don't have the "tricks". Your computer is really asking for a ransom and the fault lies with it CryptoLocker or to one of the many variants of this ransomware. In any case, you must not be alarmed, I can help you cope with this as well as a MICRO file decryption, or rather to recover the encrypted files.
Before providing all the explanations of the case, however, it seems only right to clear your ideas about the cyber threat in question ("if you know the enemy and yourself, your victory is certain" cit.). CryptoLocker but also TorrentLocker, CryptoWall and other possible variants of this ransomware (for more details, you can click here to consult the page dedicated to the topic on Wikipedia), they are nothing more than a particular type of malware that affects Windows operating systems and that once they are in action, they limit access to the files contained in the affected user's computer, encrypting them and changing their extension and then asking for a ransom to make them accessible again.
Generally, this type of malware spreads as an apparently “harmless” e-mail attachment from legitimate institutions. In other cases, however, it is loaded on a computer that is already part of a botnet. As you can easily understand, decrypting MICRO files is not exactly simple but with the right amount of attention and concentration the situation can still be faced.
So, if you are really interested in finding out how you can proceed to decrypt encrypted MICRO files, I suggest you not waste any more precious time and immediately start reading this tutorial. So give yourself half an hour of time all to yourself for your PC and put into practice the instructions you find below. I am sure that in the end you will be able to get rid of the malware that has infested your computer, that you will be able to restore your files to "normal" and that if necessary you will also be able to explain to all your friends in need of a little help how to do it. Let it bet?
I went directly to ▶ ︎ Getting started | Recover encrypted files | Defend against viruses and malware
Use Malwarebytes Anti-Malware
Before going to find out how to decrypt MICRO files, you need to remove CryptoLocker or the ransomware that is “infesting” your computer. To do this, you can rely on Malwarebytes Anti-Malware. Haven't you ever heard of it? No problem, I'll "enlighten" you right away. It is a famous and reliable program that can remove trojans, worms, rootkits, dialers, spyware, ransomware and other types of malware from your computer. It's free (in its basic version) and it's super easy to use.
To start using Malwarebytes Anti-Malware on your computer, connected to its official website, click on the button Free download and wait for the download to be started and completed automatically, if this does not happen click on the link Click here.
Then open the installation package obtained and click in sequence on the buttons Yes, OK e Next>. Then accept the conditions of use of the software, putting the check mark next to the item I accept the terms of the license agreement and finish the setup by pressing on first forward five consecutive times, then on Install and subsequently on end. If present, uncheck the option to try Malwarebytes Pro free for 30 days.
Upon its first launch, Malwarebytes will download the most up-to-date malware detection database from the Internet. Wait for this operation to be completed and proceed with the system check by going to the tab Scan application by selecting the option Search for harmful elements e clicking on your button starts scan.
At the end of the scan (it may take a long time!), All the threats detected will be reported to you on the screen. All you have to do is press the button to eradicate them all. Note that a system restart may also be required to complete the operation.
If you encounter any difficulties in using Malwarebytes Anti-Malware or if the program, despite having identified CryptoLocker or one of its variants, fails to remove the malware, I suggest you start your computer in safe mode by following the instructions in my guide on how to start your PC in safe mode and repeat the whole procedure again.
Norton Power Eraser
Could Malwarebytes Anti-Malware have the desired effect? Then ask Norton Power Eraser. This is a free tool distributed by Symantec that does not require installation to work. It is capable of scanning and eliminating viruses and other malware, including ransomware, that may escape traditional scans.
To use Norton Power Eraser on your computer, first connect to the official website of the program and then click on the orange button Download and wait for the download procedure to be started and completed.
Then open, by double clicking on it, the file you just obtained and click on Si. In the window that will be shown to you at this point, first click on Accept and then click the yellow button Look for risks located on the left. Then press the button Restart.
Then wait for the computer to restart and for the system analysis procedure to be able to identify and remove CryptoLocker or one of its variants is started and completed (I warn you, it may take a while!). At the end of the scan make sure that in the Norton Power Eeraser window that displays on the desktop among the threats found in the list under the heading Scanning completed also include the voice Cryptolocker and / or that of other "suspicious" elements and then presses the button Edit.
Then click on the button Restart now and wait for the computer to restart and for the procedure to remove CryptoLocker to be effectively completed. Once the Windows desktop is displayed again, first presses on Si and then on the button end attached to the Norton Power Eraser window and then choose whether to send a complete report of the operation carried out to Symantec or not by pressing, depending on your intentions, on the button Si or about that No.
Also in this case, if you encounter difficulties in using Norton Power Eraser or if the program fails to remove the malware, I suggest you start your computer in safe mode following the instructions in the guide that I indicated in the lines and repeat the procedure from the beginning.
Recover Encrypted Files
Now that you have finally managed to get rid of CryptoLocker or similar I'm sorry to tell you but ... as I had anticipated in part at the beginning of the guide, decrypting MICRO files in the true sense of the term is not possible. In fact, despite the removal of the malware, the files are not accessible again and at the moment there is no actually working method to decrypt them.
However, you don't have to give up! By putting into practice a special recovery procedure you may in fact be able to access your files again. What needs to be done? First you need to know which documents were actually affected. To do this, click on the icon depicting a yellow folder which is attached to the taskbar, select the computer from the sidebar located on the left and double-click Local disk (C 🙂. Then click on the search field located in the upper right part of the displayed window and type * .micro. Doing this will show you all the files that have been encrypted.
Now that you know the files that have been the victim of the ransomware, connect to the website of ShadowExplorer, the program you will need to use to restore normal access to your documents. It is a free and usable software without installation that, in fact, allows you to restore files that have been encrypted by malware using the security copies made automatically by Windows. Once the program web page is displayed, click on the entry Download located on the left then select the link Portable present at the top right and wait for the software download to be started and completed.
At this point, click with the right mouse button on the compressed file that has been saved on your computer, choose the item Extract all ... from the menu that is shown to you and presses on Extract then double click on the folder attached to the window that appeared on the desktop. Then click twice on the file ShadowExplorerPortablepiggy back his Si and wait for the software window to be visible on the desktop.
Finally, select the most recent Windows backup from the drop-down menu located at the top left of those listed and then move between the various folders and the various files visible in the right part of the program window until you find those to restore. Then click on each element identified with the right mouse button, choose the item Export… from the menu that is shown to you, indicate the location where you want to save the restored and accessible file again and click on OK.
Defend Against Viruses and Malware
In order to prevent the same thing from happening again in the future, allow me to provide you with some basic useful tips, in fact, to prevent the onset of unpleasant and annoying situations like this. First, always lend the maximum attention to the files that are sent to you via e-mail and to what you download via the Internet, make sure of their nature and above all, in the case of e-mails, of the affective trustworthiness of the sender.
Common sense and care aside, I suggest, if you have not already done so, to equip your computer with a good antivirus, even a free one is fine. For more info about it, please read my article on how to download antivirus in which I proceeded to illustrate all the best software in the category currently available and how to install and use them on your PC.
In addition to a good antivirus, always have a antimalware, such as those that I have indicated in the previous lines or as the resources that I have proceeded to show you in my tutorial on how to eliminate malware. As you have had the opportunity to verify for yourself, these are very useful tools that can easily cope with thorny situations even when everything seems lost. Furthermore, they do not "step on the toes" of the antivirus and should be started only when necessary.
Another thing I suggest you do in order to always be able to access the files stored on your computer, regardless of any viruses and various problems, is to create copies of backup of photos, documents, videos etc. saved on the PC hard disk. How you do it? Simple: just use one of the ad hoc software that I indicated in my article on backup programs. Read it now, I'm sure you will find it very interesting.