My PC files were enrypted with .booa extension, how can I remove this virus?
Hi,
my PC files were encrypted without my knowledge with some ".booa" extension and I cannot access them anymore.
In addition, the encrypters (hackers probably) are requiring me to pay a hefty sum of money to decrypt my files.
Is there a way to fix these issues without spending hundreds of $$?
Thanks!
Solved issue
Remove Booa Nowiolo System Mechanic will optimize your current system & remove the Booa ransomware. Purchase of a full license may be required for 100% fix.
The Booa Ransomware is a new variant of ransomware from the Djvu Ransomware Family. Just like its predecessors, the Booa ransomware disables the victim’s ability to access and use their files normally by encrypting them. The virus also changes the file extensions of the infected files to “.booa“, as an example if the original name of the file is “photos.jpg“, the virus will change it into “photos.jpg.booa” and it can no longer be opened.
While the Booa Ransomware is encrypting the files, it will show a fake Windows update window and once the encryption process is complete, it will then place its ransom note to every folder that has infected files. The file name of the ransom note is “_readme.txt“. The ransom note contains a message that basically asks the victim to pay them $980 and they will give a discount of 50% if the victim contacts the criminals in exchange of getting the decryption tool in order for them to recover the infected files.
Here’s the screenshot of the ransom note from Booa Ransomware:
“ATTENTION!
Don’t worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: hxxps://we.tl/t-VP0uSxh1Bi Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that’s price for you is $490. Please note that you’ll never restore your data without payment. Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail: [email protected]
Here’s a screenshot of how file names of the infected files are appended by the Booa Ransomware:
Here is how the fake Windows update look like:
How to Avoid Getting Infected With Booa Ransomware?
Remove Booa Nowiolo System Mechanic will optimize your current system & remove the Booa ransomware. Purchase of a full license may be required for 100% fix.
Just like any other ransomware, the Booa Ransomware infects computers through a variety of ways. Here’s a breakdown on how a computer gets infected with viruses:
Spam Email Attachments – From emails claiming that you’ve won a raffle or lottery, to people telling you that you have inherited money from a deceased distant relative, these spam emails contain attachments. If you receive such emails, you should avoid opening the attachment and delete it right away as it contains a file that would automatically infect your computer.
Avoid Visiting Suspicious Websites – Sketchy websites such as ones that offer ridiculous deals should be avoided at all costs. These websites will offer things that are too good to be true such as items and services and will ask for you to download or install an application to get the discount. Others will offer a cracked or pirated application in which is bundled with viruses.
Install a Legitimate Anti-virus Tool – Having a trusted anti-virus tool on your machine will not only notify you of potential threats, but it will also automatically remove threats that are already on the computer. A good anti-virus tool will not only protect you from threats but it will also make sure that your computer is operating optimally. One of the best anti-virus tools that is available right now is iolo System Mechanic, it keeps your computer updated with the latest Windows files and repairs any corrupted files as well.
Threat Summary
Threat Name
Booa Virus
Type of Threat
Crypto-virus, ransomware
File Encryption Extension
.booa
Ransom Note File Name
_readme.txt
Ransom Amount
$980 (50% discount if payment is made within 72 hours)
All infected files are encrypted can no longer be opened and the only way to decrypt them is to send a payment to the developers.
Distribution
Attachments from spam emails, malicious ads, suspicious websites, dowloading and installing pirated applications
Removal
Running a full system scan using a reputable anti-virus software such as iolo System Mechanic while the computer is in Safe Mode with Networking
What to Do If You’re Infected with the Booa Ransomware?
Remove Booa Nowiolo System Mechanic will optimize your current system & remove the Booa ransomware. Purchase of a full license may be required for 100% fix.
If you happen to determine that you are infected with Booa Ransomware or any other ransomware, you should immediately isolate the infected computer from your network. Otherwise, the virus may creep into your network and infect the rest of the devices that are connected in your network.
Follow these steps on how to isolate your computer from the network:
Disconnect your computer from the network/internet – The easiest way to go about this is to disconnect your computer from the WiFi or unplug the network cable from your machine. You may also follow these steps to do it from the control panel.
Open the Run Command window by holding down the “Window” key on your keyboard and press the letter “R” and type in “ncpa.cpl” and press enter
Click on your “Local Area Network” and click “Disable This Network Device”
Unplug all connected external storage devices – If you have a flash drive or any external storage devices plugged in to your computer, it is best to safely unplug them so that it will not infect the files on the external device.
You can simply click the “Arrow” that is pointing up beside the clock on the bottom left corner on your desktop, and click on the connected media icons and click on the “Eject” on the external storage device.
Logout form all Cloud Storage Accounts – When an infection hits a computer, it will affect all the files in the machine including files in the Cloud Storage. That is why we strongly suggest to disconnect your computer from the internet so that if you do not have the time to logout from the Cloud, at least the infection cannot spread to it through the internet.
How to Remove the Booa Ransomware?
Remove Booa Nowiolo System Mechanic will optimize your current system & remove the Booa ransomware. Purchase of a full license may be required for 100% fix.
Before you start the data recovery process, the Booa ransomware should be removed otherwise, your files will be infected again. To manually remove the threat, your computer should be booted into Safe Mode with Networking.
OPTION 1. Rebooting to Safe Mode with Networking:
Windows XP/Windows 7/Windows Vista:
Click on the “Windows” or “Start” button located on the lower left corner of the Window’s Desktop and click on the little arrow right next to “Shutdown” and click on “Restart”
Tap on the “F8” button on the keyboard once every second while the computer is booting back up until you see the “Advanced Boot Options”. Using the arrow keys on the keyboard, select “Safe Mode with Networking” and press “Enter” on your keyboard
Windows 10/Windows 8:
Click on the “Windows” button located on the lower left corner of the Window’s Desktop and hold down the “Shift” key on and click “Power” then “Restart”
In the Troubleshoot Screen, click the “AdvancedOptions”
In the Startup Settings, select the 5th option “Enable Safe Mode with Networking”
Once your computer has booted into Safe Mode with Networking, you can now start running a full system scan using the anti-malware tool of your choice. Make sure that your tool has been updated to its latest version before running the full system scan.
OPTION 2. Looking for Ransomware Decryption Tools
Remove Booa Nowiolo System Mechanic will optimize your current system & remove the Booa ransomware. Purchase of a full license may be required for 100% fix.
The success rate of the restoration of infected files depends on the type of threat that has infiltrated the computer. There are versions of ransomware that have weak encryption algorithm which can be decrypted by ransomware decryption tools and there are some that uses complex encryption algorithm that does not have any known decryption method.
To know if there are any available decryption tool for the type of ransomware that has infected your machine, you can go to nomoreransom.org.
The No More Ransom project offers free services for finding possible decryption tools for ransomware victims. All you need to do to use their free service is to upload 1 or 2 infected files or the ransom note from the ransomware and they will tell if you there is a decryption tool available.
Data Recovery
Automatic data recovery tools can also recover infected files depending on the severity of the infection. We suggest using Wondershare RecoverIT as it can support several types of files. Click here to download Wondershare RecoverIT.
Final Summary
To avoid the stress and hassle of going through the process of virus removal, we strongly encourage everyone to install anti-virus software that will protect your computer from online threats.
iolo System Mechanic is considered to be one of the best anti-virus tool that is available right now with its unique holistic approach. iolo System Mechanic not only removes threats but it also makes sure that the computer is operating in its peak condition by automatically updating and repairing corrupt and missing Windows Files.
Ian is the editor on BestPCTips.com. He has been involved with PCs since he was a teenager.
He has experience in software development, computer hardware, virus removals & other security stuff.
Currently, his main job and hobby, at the same time, is to help others to deal with various computer-related issues. Whether it's viruses, spyware, all sorts of errors and "bugs" -- Ian and BestPCTips.com are here to help.
iolo System Mechanic® — is a patented PC & MAC repair tool & the only program of its kind. Not only it’s a registry fix, PC optimizer, or an anti-virus/malware remover – The iolo System Mechanic® technology reverses the damage done to Windows or Mac, eliminating the need for time-consuming reinstallations & costly technician bills.
It is available for FREE. Although, for some more advanced features & 100% effective fixes you may need to purchase a full license.
If your Booa virus is still not removed — don’t hesitate and contact us via email, or a Facebook messenger (the blue ‘bubble’ on the bottom-right of your screen).
