Removing eBayWall Ransomware (Malware/Virus)

Aug 10th 2017 - by Fix My PC FREE in: Blog Virus Removal | 0 Comment

ATTENTION, PLEASE!

Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.

We recommend downloading Restoro to eradicate Malware for you (it should cut down the time to about 15 minutes).

>> Download Restoro <<

What is eBayWall?

eBayWall is another  ransomware-type discovered by malware security researcher, Jakub Kroustek, it is a virus that stealthily infiltrates systems and encrypts stored data. The eBayWall appends filenames with the “.ebay” extension (for example, “sample.jpg” is renamed to “sample.jpg.ebay“) on the enrycpted files. This parasite, eBayWall creates an HTML file (“ebay-msg.html“), placing it on the desktop.

The HTML file it created contains a long message complaining about eBay’s recklessness about the cyber security. The message basically  states that the eBay company is making billions of USD, and yet, investing very little money into the security and, so, the entire system is at risk. Mainly, the purpose of this ransomware is presumably to warn users about the the situation. It is also suggests that the developer of this stealthy malware is an eBay employee. Unlike other ransomware-type viruses, this pesky eBayWall does not demand any payment for ransom. However, it attempts to blackmail eBay to pay 200000 Monero coins. Take note that 1 coin is equivalent to ~$44 and, thus, the total ransom amount is approximately $9M. Once the ransom amount asked is paid, all affected files will supposedly be restored. This malware also has some strains of political background, which makes it similar to END Of ISRAEL ransomware. Currently, it is unknown whether eBayWall basically uses symmetric or asymmetric cryptography. In either case, it require a decryption unique key. Cyber criminals store these keys on a remote server and make ransom demands for their release and claims to decrypt files once payment has been made. Unluckily, there are no tools that are capable of restoring files encrypted by eBayWall. The only solution is to restore files or the system from a backup.

 

Although eBayWall does not demand anything from its victim users unlike other similar malware, it is virtually identical to dozens of some other ransomware-type viruses such as BTCWare, Shade, and Reyptson. The eBayWall name is probably inspired by a previously popular ransomware virus which is called CryptoWall. Viruses like the  eBayWall also encrypt files and make ransom demands as their main purpose of generating money. In fact, the only major differences between these type of malware infections are amount of ransom which usually ranges between $500 and $1500 and type of cryptography  they used. Most ransomware employs encryption algorithms  that basically generate unique decryption keys. Therefore,it is mostly impossible to restore files manually without cyber criminals’ involvement.

 

How can a ransomware infect a computer?

Cyber criminals often proliferate ransomware by employing fake software updaters, trojans, unofficial software download sources (peer-to-peer networks, freeware download websites, free file hosting websites, etc.), and spam emails (with malicious attachments or from unknown sources) and also through bundling. Infection could also be through fake software update tools that exploit bugs/flaws of old software versions to infect the system. Unofficial distribution sources often proliferate infectious files by presenting  and disguising them as legitimate software. The malicious attachments are usually comes in the format of MS Office documents or JavaScript files designed to download/install malware.

 

Protection against ransomware infections

To prevent ransomware infections, always be very cautious and careful while browsing the Internet. Download your software only from trusted sources, and always keep installed software up-to-date, and never open files received from suspicious emails and unfamiliar sources or senders. It is also advisable to use a legitimate anti-virus/anti-spyware suite- this is also paramount.

 

Take note: The affected users can’t  access the content inside the data container, but the file can be moved, copied and even renamed. The ransom note is loaded in the default Internet browser as ‘eBay-msg.html’ says:

‘Welcome to ebaywall!
Many of your files were locked because of gross negligence.

This is about very weak security… So, to set the stage, quite a bit of back story is necessary:

“The internet is extremely large and full of very expensive and very dangerous tools. I am at the internet at least six days a week; I know who is coming and going and what they are working on. When the internet police is not in the way, I unlock certain power tools to give the other users supervised access to what could potentially be very dangerous machinery. I do have a certain level of authority – I can kick people out of the internet, report them for tool-misuse, and effectively prevent them from passing their internet classes.
[Follows a Story About Monkeys and Coding]”

 

How to remove eBayWall Ransomware from your computer?

  1. Open your File Explorer.
  2. Navigate to C:\Users\[your username]\Downloads.
  3. Right-click a malicious .exe file and select Delete. Note that the name of this file could be randomized.
  4. Right-click your Recycle Bin and then select Empty Recycle Bin.

 

In simpler terms:

Do not worry if you find manual removal too complicated and risky. Malware experts at Fixmypcfree.com have crafted an alternative removal guide that is way easier to execute. Follow the instructions that is given below and you will be able to delete eBayWall Ransomware automatically.

 

How to automatically remove eBayWall Ransomware?

 

  • Turn the infected computer on. If it is turned on, restart it.
  • When BIOS screen disappears after the reboot, tap F8 key repeatedly. Advanced Options menu will show up. If Windows logo appears, reboot the PC and try pressing F8 again.
  • When you access Advanced Options menu, use arrow keys to navigate and choose Safe Mode with Networking. Press Enter to access the mode.

 

 

4. Wait for Windows to load Safe Mode with Networking.

5. Press and hold the Windows key and then press R key.

 

6. If you have pressed both keys correctly, Windows Run Box will pop up.

7. Type the following into the Open box:
explorer https://www.fixmypcfree.com/removal

Note, that there has to be a single space gap in between iexplore and http. Click OK.

8. Internet Explorer will open and a download dialog bar will appear at the bottom of your screen. Click Run to begin the installation automatically once c is downloaded.

9. Click OK if your system asks whether you want to run SpyRemover Pro software.

10. Run SpyRemover Pro and perform a full system scan.

 

11. Once all the malicious infections are detected, click Fix Threats. SpyRemover Pro will ask you to register the software.

12. By registering SpyRemover Pro you will also be able to protect your computer from other potential threats. Once you have registered the program, the malware will be removed. Reboot your PC to fully implement the malware removal procedure.

 

Basic steps of SpyRemover Pro:

Step 1. Run SpyRemover Pro installer

Click on the .exe file that just downloaded in the lower right corner of your browser window.

 

Step 2.  Click Yes

Click Yes to accept the User Account Control settings dialog.

 

Step 3. Foll0w setup instructions

Follow the instructions to get SpyRemover Pro set up on your computer and you will be good to go!

 

                “use a one click solution like SpyRemover Pro

 

No Comment

Leave a Reply

Name Required

Website