Remove Meka Ransomware Threat (STOP/DJVU)

How to Remove Meka Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
*Redacted for security reasons*
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:
gorentos@bitmessage.ch
Reserve e-mail address to contact us:
gorentos@firemail.cc
Our Telegram account:
@datarestore


Meka
is the name of a ransomware menace. It’s a variant of the notorious STOP/DJVU threat. The tool uses trickery to slither into your system, then wreaks utter havoc. After it invades, it uses strong encryption algorithms to lock your data. It encrypts every single file you keep on your PC. Documents, photos, music, videos. Nothing escapes the infection’s clutches. It attaches a special extension at the end of all your files, to affirm its grip over them. Say, you have a picture called ‘batman.jpg.‘ After Meka’s done with it, it turns into ‘batman.jpg.meka.’ And, as soon as the extension is in place, your files become inaccessible. It renders them unusable, and the only way to change that, is compliance. The ransomware expects you to follow its demands. And, promises that, if you do, it will unlock your data. It lays out its expectations and requirements in a ransom note, it leaves for you to find. It’s a “_readme.txt” file, located on your Desktop. You can also see it in every folder that has locked files. As ransom notes go, it’s rather standard. Ignore everything it says! Don’t comply with the infection’s demands. Don’t reach out to the data kidnappers. Don’t pay them money. Don’t waste time, energy and resources dealing with cyber extortionists. It may be a tough call to make, but it’s the right one.

How did I get infected with?

Meka uses deception to invade. It resorts to the old but gold methods, and preys on your carelessness. It has its pick of tricks. It can hide behind corrupted links, sites or torrents. Or, pose as a fake system or program update. Or, turn to freeware and spam emails. One day, you receive an email that appears legitimate, but isn’t. It reads that you must click a link, it contains. Or, download an attachment. If you do, you get stuck with the Meka menace. Don’t discard the importance of caution. Always take the time to be thorough. Do your due diligence, and remember that attention goes a long way. Caution helps you to catch cyber threats in the act of attempting invasion. To spot them, and keep them out. Carelessness does the opposite. It incites them in. So, make the right choice.

Remove Meka

Why is Meka dangerous?

It’s not worth the hassle to deal with the people, behind Meka. You have to realize that these are cyber criminals with malicious agendas. They don’t have your best interests at heart. They don’t care if you regain control over your files. All, they wish is to get you to send them money. Don’t do that. Don’t oblige. After the Meka extension gets added, you get the note. The note may say “Don’t worry, you can return all your files!” But can you believe it? No. No, you can’t. You’re dealing with strangers, who extort you for monetary gain. They give you zero guarantees that compliance will help you get your files back. All, you have to go on, is their word. And, that’s hardly reliable. These people promise that, if you pay up, they’ll send you what you need to free your files. “The only method of recovering files is to purchase decrypt tool and unique key for you.” They even try to entice you into paying, by offering a discount. “Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that’s price for you is $490.” Don’t do it! Don’t send these people a dime. Don’t even try to reach out. Nothing good comes from compliance. Shall we examine your options? Say, you choose to comply, and pay the ransom. What then? You hang on their word. What if they send you nothing? What if they send a key that doesn’t work? Don’t take such risks. There aren’t enough ways to stress this. Don’t comply with the demands of cyber extortionists. It will bring you no positives.

Meka Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Meka Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Meka encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Meka encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment