Matrix9643@yahoo.com Ransomware Removal Guide

We want to inform you about a newly discovered highly malicious computer infection called Matrix9643@yahoo.com Ransomware that was designed to encrypt your files and demand money to decrypt them. Obviously, you must remove it from your PC as soon as possible because there is no use dealing with the cyber criminals that got your PC infected with it in the first place. All they want is your money, and there is no guarantee whether you will receive the promised decryption software.

If Matrix9643@yahoo.com Ransomware happens to infect your computer, then its main executable will be placed in %HOMEDRIVE% and in a six-character named folder that may look like {123456}. The executable has a name of tandom symbols, so you might want to use an anti-malware program to identify and possibly get rid of it for you. At any rate, if it enters your computer, then it will scan it and map encryptable files and then begin the encryption. At present, we have yet to determine the particular encryption algorithm that it uses, but from what we have observed is that the encryption is definitely strong. The good news is that this ransomware encrypts files that are in %USERPROFILE%\Desktop and %USERPROFILE%\Downloads only. Therefore, all file stored elsewhere are safe. The choice of location to encrypt is quite odd because few people use them to store valuable information for which they would be willing to pay a hefty ransom.

It appends all of the encrypted files with the .MATRIX file extension and then creates a randomly named file with the .MTH file extension that hosts information about your computer. This information includes operating system version, Service Pack, architecture, drivers, and so on. This file is placed on the desktop, and its purpose is yet to be clarified. Once the encryption is complete, Matrix9643@yahoo.com Ransomware drops another file that is called matrix-readme.rtf. This file is the ransom note that is both in English and Russian which leads us to believe that this ransomware was created in Russia. Furthermore, it generates a randomly named .cmd file that deletes shadow copies of files and a randomly named .vbs file that should delete the main executable of this malware.

The ransom note (matrix-readme.rtf) demands that you email a code provided in the note to Matrix9643@yahoo.com or Redtablet9643@yahoo.com if you do not get a reply within 24 hours. We think that the rest of the instructions on how to pay the ransom should be included in the reply and that the criminals should want you to pay the ransom in Bitcoins in order to hide their tracks.

Before we conclude this description, we would like to elaborate on how Matrix9643@yahoo.com Ransomware is distributed. According to our research, this malicious application is currently being distributed via malicious emails sent from a dedicated email server. They are sent automatically to random users and contain an attached Trojan file that can masquerade as Word or PDF document. If this file is opened, then it will run its malicious script and download Matrix9643@yahoo.com Ransomware on your PC.

Matrix9643@yahoo.com Ransomware is by no means a safe application. It was created with the intention to encrypt your files and demand that you purchase a decryption tool to get them back. Unfortunately, you cannot decrypt the files for free because there is no free decryption tool, but this does not mean that it will not be developed. Furthermore, it encrypts files in locations that may not feature your personal and valuable files, so you can just remove this ransomware altogether. To delete it, you can use our guide (in the event it does not erase itself) or an antimalware application such as SpyHunter that will do this automatically.

How to delete this ransomware manually

1. Hold down Win+E keys.
2. Enter %HOMEDRIVE% in the address bar and hit Enter.
3. Go to the {foldername} folder and delete the executable.
4. Enter %APPDATA%\Microsoft and delete the randomly named .cmd and .vbs files.
5. Delete matrix-readme.rtf and the randomly named .MTH file form the desktop.
6. Empty the Recycle Bin.