“What happened to your files?” Virus Ransomware Removal

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.


This page aims to help you remove the What happened to your files? virus. The What happened to your files? removal guide was named after the “What happened to your files all of your files were protected by a strong encryption with rsa-2048” message users typically received after their files are encrypted, most likely with the .mp3 file extension. These files become completely inaccessible unless you pay a ransom – something that we strongly advise against. The “What happened to your files all of your files were protected by a strong encryption with rsa-2048” message may have you believe there is no way to recover the files unless you pay up, but that is not 100% true.

The most likely reason for you to be reading this article is because your computer has been infected with “What happened to your files?” and all of your files have been encrypted. Encrypted files obtain a new file extension and will remain unreadable unless the proper decryption key is obtained. The goal of this virus is to blackmail you into paying a large sum of money in order to obtain this key and we’re written this article to help people avoid that. However, before you learn how to remove the virus from your computer you’ll have to learn a little basic information about it.

What type of virus is “What happened to your files?”

“What happened to your files?” is called a ransomware virus – the word was coined after the manner in which the virus holds people’s file hostage for ransom. This type of viruses were originally created during the 90’s, but they only grew to prominence recently. Unlike many other online threats that use some kind of deception to scam money out of your picket a ransomware virus specializes in direct extortion. We’ll explain why this is possible in short order.

Why are ransomware viruses considered to be very dangerous?

The worst part about a ransomware virus is that once it enter your computer and encrypts your files there is no way to reverse the process. Simply removing the virus won’t restore back your files. Our removal guide can help, but we are not trying to decrypt the infected files, we are trying to restore the original copies that existed before the presence of the ransomware.

The encryption process itself did not transform your files into the encrypted copies you see – rather it created new files and destroyed the originals. Typically newer versions of ransomware (“What happened to your files?” included) will try to overwrite the original files from your HDD in order to make them unrecoverable, but thankfully that often fails to work.

  • Should you pay? Well naturally that’s what the hackers want you to do. We advise the opposite – payment should be considered only as a last alternative and only after all other options are exhausted. We urge you to try out removal guide first and if you have encrypted files afterwards decide if they are worth it. Please, also keep in mind that you are dealing with cyber criminals, who are under no obligation to actually send you the necessary code. Also, any money spent will likely go towards releasing new and improved ransomware that is quite capable of targeting your PC again!

Beware of money-grabbing frauds

Where they are people in trouble there are also people trying to profiteer from their misfortune. There are actually a number of program circulating online that claim to be able to restore ransomware infected files. It is true that some ransomware threats were reverse engineered and decryption for them is possible, but most of these are older viruses and that information is publicly available anyway. So far the algorithm behind “What happened to your files?” has not been figured out by any of the major security companies in the field and you should be wary of any program that claims to be able to do so.

Beware of Trojan horses

Typically, ransomware viruses are not released at large via spam bots and emails, these days hackers actually prefer to use Trojan horse viruses in order to install the ransomware. Trojan horses are much harder to detect by security software in general and they can remain dormant and invisible on a computer for a very long time. New Trojan horses are being written as we speed and their main function is to blind anti-virus program and ease the installation of the ransomware virus, which will be deployed remotely to the affected computer.

It is quite possible that some type of Trojan horse installed “What happened to your files?” on your machine and that Trojan can remain behind and cause mischief after you remove the ransomware from your computer. For this reason we recommend our readers to download a good anti-malware agent to run a scan on their machines. You’ll find our recommendation for detection tool in the table below.

SUMMARY:

Name “What happened to your files?”
Type Ransomware
Danger Level High (It really doesn’t get worse than this)
Symptoms All user files are encrypted, ransom demanded in BitCoins.
Distribution Method Traditional channels such as email attachments and malicious websites, but also Trojan horse “dropper” viruses!
Detection Tool Ransomware are notoriously difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter is a malware detection tool. To remove the infection, you need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove “What happened to your files?”


Readers are interested in:

Step1

Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.

Step2

WARNING!
To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. “What happened to your files?” may have hidden some of its files.

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

 

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

Step3

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.

WARNING! READ CAREFULLY BEFORE PROCEEDING!

This is the most important and difficult part. If you delete the wrong file, it may damage your system irreversibly. If you can not do this,
>> Download SpyHunter - a professional parasite scanner and remover.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.

malware-start-taskbar

Step4

Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.

Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!

Step5

How to Decrypt files infected with “What happened to your files?”

There is only one known way to remove this virus successfully – reversing your files to a time when they were not infected. There are two options you have for this:

The first is a full system restore. To do this type System Restore in the windows search field and choose a restore point. Click Next until done.

system restore_opt

Your second option is a program called Recuva

Go to the official site for Recuva and download it from there – the free version has everything you currently need.

When you start the program select the files types you want to recover. You probably want all files.

Next select the location. You probably want Recuva to scan all locations.

Now click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish – maybe even several hours if your HDD is really big, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Found an alternative solution? Share your feedback with us so we can help other people in need!

Was this guide helpful?