Jump to content


Recommended Posts

My computer is infected with Win 7 payfornature@india.com ransomware yesterday, when I was working online. Then it all the files in the encrypted drive and change some of the extensions is unknown.


and I would like once again to read the files

Link to post
Share on other sites


The ransomware removes itself after they have done their dirty deed.

We have no decryptor.   But I believe others have one or two that you may try.
But first, be sure you make SAVE Backup copies of these documents onto external storage before trying the decryptor.

If you saw *.crypt* in the filename extensions, then this falls under the classification of a CryptXXX ransomware.

Go slow and careful and see if this writeup matches what you are looking at.
and before doing anything, Copy off all your messed-up user files to a clean USB-external-flash drive for safety before you do anything.

Check out articles at Bleepingcomputer

Also check out  

at Kaspersky, see if that fits your situation.


I always regret to see anyone be a victim to these types of malicious destructive infections.  The news is never good.
This infection is not a normal type of infection. It is very vicious and has done all the damage already before it even gives you the first clue.
By the time you see the first warning, it is all done & has damaged your personal documents.
If your computer is on a network, physically disconnect it from the network.
There is nothing we can do to restore *the files you did not backup.*

However, I think Kaspersky had a decryptor that may help you out.

This infection relies mostly on user execution via opening an attachment from an unknown email source.
We can remove the infection but can't cure or resurrect the corrupted /encrypted documents & files.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.