REMOVE .Zepto Virus
If you’re reading this then I can presume that you are wanting to remove and restore the files of a computer system that has already been infected by the Zepto virus. If you haven’t been infected then it’s a good time to backup your important files and make sure your Anti-Virus software is up to date and running.
Before removing the zepto virus it might be a good idea to understand what it does to your files and what options you have for restoring them back to their original state.
The Zepto virus is one of several viruses known as ransomeware, they ask for payment for the information to get your files back. . Ransomeware viruses infect your computer and then request that you pay a fee to regain access to your files, in most cases paying to get access to your files again will not work and will only make your problems worse, as you will have given your card details to someone that is untraceable, and will probably sell the details on to other unscrupulous beings.
The Zepto virus works by encrypting your files so you are unable to open them without the encryption key. Once activated the Zepto virus starts scanning your files and copying their contents. Once this phase has been completed the virus deletes your original files and leaves behind the encrypted copy. After this stage is completed it then informs you that your files are infected and then tells you what you need to do in order to gain access to them again. (If you have just received the information that you have the infection then the best thing is to STOP using the infected computer. Recovering any files will be more successful if you don’t use the infected computer.) Most people get the infection from opening an email attachment that they have received, or through opening infected programs they have downloaded through public file sharing software.
Once encrypted there is little hope of decrypting the file unless you have the correct encryption key. Encryption works by jumbling up the files code so that it cannot be read without a special key that tells the software what order the code needs to be read in. At the time of writing there are no decryption key that is publicly available for the .zepto extension.
Removing the Zepto Virus
Your first task should be to remove the virus from your computer. You should be able to do this by booting your computer in to Safe Mode with Networking, and then running your Anti-Virus application.
Restoring files that have been infected with the Zepto virus
Your next step should be to backup all of the files, including the encrypted ones to an external drive (I will tell you why this is important in a short while.)
Now you have two options:
- Try using system restore and restore your computer to a time before you were infected. Although I have found this to be a waste of time there are several reports online that this method has worked. So, possibly worth while trying before trying the second option. NOTE: After restoring run your anti-virus program again as you may have restored the virus back into the system!
- Download and install ShadowCopy, then run the software to see what files it can retrieve from the hard drive. Export the files to an external disk.
You now need to delete all of the files with a .zepto extension. To do this open Windows search and type in *.zepto This will give you a list of all of the infected files on your computer. Once you have the list ‘select all’, and press delete. You can do the same for all of the files that give -_Help information which are related to the virus infection. NOTE: Use the file name for the Help files and not the extension, which will probably be .html.
Once all of the infected files are deleted from your hard drive, reboot Windows again.
Now you can restore the files that ShadowExplorer found and your computer (do not restore any system files.)
You now need to run your anti-virus again to check that the computer is still free of any viruses.
Now you should be able to use your computer again, and you will hopefully not have lost too many files to the Zepto virus infection.
If this seems too complicated then give your local computer technician a call and let them sort this issue for you.
Nearly forgot…You will have a back-up on an external drive of the files infected with the .zepto extension. The reason I said you should keep a copy of the files is that eventually there will be decryption software available to decrypt the files and enable you to restore them all.