RECOMMENDED: Click here to fix Windows errors and optimize system performance
Meds is a malicious software that belongs to the Djvu-Ransomware family. Generally, ransom software programs are used to encrypt files and force victims to buy decryption tools and/or keys (actually a ransom). This ransom software adds the extension”.meds” to all encrypted files.
The.meds extension is associated with a ransom software infection called STOP. STOP Meds Virus is a data locker ransom software that infects computer systems in order to encrypt personal files and request a ransom for their recovery. Since it uses a powerful encryption algorithm to damage target files, it leaves all.meds files inaccessible. When the attack ends, the Meds-Ransomware virus drops a ransom message file called _readme.txt and loads it onto the screen to extract a ransom. The file is located both on the desktop and in folders containing encrypted.meds files.
Details of the ‘.Meds’ Ransomware:
Ransomware Family: STOP (DJVU) Ransomware
Ransomware Note : _readme.txt
A ransom: From $490 to $980 (in Bitcoins)
Contact: [email protected], [email protected], or @datarestore on Telegram
Changes Performed by ‘.Meds’ Ransomware:
- Encrypts personal files
- Connects to a remote server
- Modifies the Windows registry
- Module for theft of injected data, etc.
- Deletes shadow volume copies
- Executes shell commands
- Starts the VaultSvc service.
- Modifies the Windows host file.
How to Remove ‘.Meds’ Ransomware
Reboot Windows in Safe Mode With Networking.
- Remove all media such as memory cards, CDs, DVDs and USB devices. Then restart your computer.
- Start the Windows computer in SafeMode with a network connection.
- Before Windows starts loading, press Shift and F8 on your keyboard.
- In the restore interface, click Show Advanced Repair Options.
- Then click on the Troubleshooting option.
- Then select Advanced Options from the list.
- Select Windows Startup Settings and click Restart. When Windows restarts, you will be redirected to a familiar screen with advanced boot options.
- From the drop-down menu, select Safe Mode with Network.
Stop Malicious Processes in the Windows Task Manager
- Press the following key combination: CTRL+SHIFT+ESC
- Go to processes
- If you find a suspicious process, right-click it and select Open file location.
- Return to the Task Manager and stop the malicious process. Right-click again and select Finish the process.
- Then select the folder containing the malicious file and delete it.
Repair Windows Registry
- Enter the WIN Key + R key combination at the same time.
- Type regedit in the field and press Enter.
- Type CTRL+ F, then type the malicious name in the Search Type field to find the malicious executable.
- If you have discovered registry keys and name-related values, you should delete them, but be careful not to delete legitimate keys.
How to Protect Against ‘.Meds’ Ransomware
It is important to have antivirus software installed on your computer that is fully updated and that all current virus definitions are installed. Make sure that all Windows Defender components are installed and that updates are automatic. Because new viruses and malware are released by hackers, they are patched and fixed quickly by Microsoft.
If you have a hard disk or other data storage device nearby, it is recommended to back up all your important files and disconnect them from your computer. Back up your data from time to time because this type of virus attack can happen at any time and you could lose valuable data.
RECOMMENDED: Click here to troubleshoot Windows errors and optimize system performance
CCNA, Web Developer, PC Troubleshooter
I am a computer enthusiast and a practicing IT Professional. I have years of experience behind me in computer programming, hardware troubleshooting and repair. I specialise in Web Development and Database Design. I also have a CCNA certification for Network Design and Troubleshooting.