Domn virus is a new ransomware. It is created to encrypt files on the computer. All encrypted files become useless and get the .domn file extension. Each folder containing the affected files contains a message informing the user about the presence of a malicious virus on the computer and its destructive impact on the target files.
ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-JbqssVgS78
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.To get this software you need write on our e-mail:
gorentos@bitmessage.chReserve e-mail address to contact us:
gerentoshelp@firemail.cc
Domn ransomware virus is able to encrypt files such as movies, photos, documents, drawings, databases including common as:
.bc6, .yml, .0, .hkdb, .wgz, .wbd, .raf, .d3dbsp, .bar, .p7b, .pkpass, .wmd, .mcmeta, .wn, .desc, .fsh, .xlsx, .sid, .z3d, .odb, .sav, .zi, .zdc, .mdf, .pptm, .wma, .xwp, .wri, .qdf, .rar, .xpm, .wcf, .cdr, .vfs0, .xlk, .xdb, .css, .ws, .rb, .das, .ff, .crt, .mov, .mp4, .wb2, .xmmap, .psk, .jpg, .sidn, .db0, .crw, .sum, .1st, .wmf, .wm, .xf, .py, .wps, .iwd, .hkx, .syncdb, .xy3, .zw, .esm, .ntl, .bay, .bkf, .ods, .zip, .itl, .sis, .docx, .sie, .yal, .mrwref, .itdb, .wsh, .dxg, .odt, .x3d, .wpg, .rtf, .wpe, .wp5, .pem, .odc, .pst, .srf, .wpd, .kdc, .m2, .mef, .psd, .wbz, .svg, .tor, .ibank, .wbk, .epk, .lvl, .jpe, .raw, .xar, .apk, .p7c, .cfr, .xbplate, .mpqge, .webp, .pdf, .rwl, .lrf, .bsa, .sidd, .m3u, .sr2, .flv, .r3d, .rofl, .wpb, .litemod, .erf, .cas, .ptx, .bik, .3dm, .asset, .ppt, .wbc, .vpp_pc, .w3x, .z, .wmv, .accdb, .png, .nrw, .fpk, .pak, .xyp, .gho, .upk, .wmo, .wpl, .zif, .zdb, .1, .xlgc, .7z, .kf, .mdb, .xls, .lbf, .avi, .qic, .bc7, .hvpl, .srw, .p12, .sql, .ybk, .ztmp, .t13, .js, .csv, .xmind, .rgss3a, .wot, .wp, .3fr, .iwi, .wsd, .wbm, .xyw, .wpa, .doc, .t12, .vtf, .wdb, .slm, .zip, .x3f, .itm, .docm, .arch00, .xld, .big, .xdl, .pptx, .wav, wallet, .mdbackup, .layout, .ncf, .pfx, .xls, .zabw, .sb, .dba, .y, .eps, .pef, .jpeg, .kdb, .wma, .xlsb, .xxx, .dng, .wpt, .xlsm, .bkp, .wire, .dcr, .wp6, .menu, .ltx, .2bp, .ysp, .dbf, .ai, .wmv, .snx, .txt, .blob, .tax, .wsc, .fos, .m4a, .orf, .wpd, .dwg, .wp7, .dmp, .forge, .wotreplay, .x3f, .xlsx, .cr2, .odp, .rw2, .vdf, .indd, .re4, .gdb, .map, .mlx, .vcf, .wpw, .der, .arw, .wp4, .wps, .xml, .mddata, .vpk, .cer, .pdd, .dazip, .hplg, .xll, .xbdoc, .odm, .xlsm
Attackers clearly inform each victim that he has the ability to recover locked files only paying a $980 ransom. After transferring the specified amount to cyber frauds, the user will receive a code key from them, which will help to decrypt and restore files affected by the Domn ransomware. If the money for the purchase of a unique tool for decrypting files will be transferred to the fraudsters within 72 hours, they are ready to give the victim a discount of 50%.
Domn file virus
Summary
| Name | Domn ransomware |
| Type | Ransomware, Crypto virus, File virus |
| Encrypted files extension | .Domn |
| Ransom note | _readme.txt |
| Contact | gerentoshelp@firemail.cc, gorentos@bitmessage.ch |
| Ransom amount | $980, $490 in Bitcoins |
| Distribution methods | Spam mails, Exploit kits, Social media, Torrent web-sites. |
| Removal | Domn virus removal guide |
Quick links
- How to Remove Domn file virus (ransomware removal guide)
- How to restore .domn files (without decryption)
How to Remove Domn file virus (ransomware removal guide)
If you don’t have much experience in setting up and configuring the Windows operating system, then the best way to locate and remove Domn ransomware virus is to use malware removal tools which are listed below.
Zemana AntiMalware (ZAM) is full featured ransomware removal tool. It can help to delete Domn ransomware virus and other security threats. It uses 1% of your PC system resources. This tool has got simple and beautiful interface.
- First, click the following link, then click the ‘Download’ button in order to download the latest version of Zemana Anti Malware (ZAM).
Zemana Anti Malware download - At the download page, click on the Download button. Your browser will open the “Save as” prompt. Please save it onto your Windows desktop.
- After downloading is done, please close all software and open windows on your computer. Next, start a file called Zemana.AntiMalware.Setup.
- This will run the “Setup wizard” of Zemana Free onto your PC system. Follow the prompts and do not make any changes to default settings.
- When the Setup wizard has finished installing, the Zemana will run and open the main window.
- Further, click the “Scan” button . Zemana Anti-Malware application will scan through the whole system for Domn file virus. While the Zemana utility is checking, you may see number of objects it has identified as being infected by malicious software.
- Once the scan get finished, Zemana AntiMalware (ZAM) will show a scan report.
- In order to remove all items, simply press the “Next” button. The tool will delete ransomware virus and move all security threats to the program’s quarantine. Once finished, you may be prompted to restart the system.
How to restore .domn files (without decryption)
Despite the fact that it is impossible to decrypt .domn files without a key, you have the opportunity to restore your files. Below in this article we will give several ways, please try all of them. Perhaps one of them will allow you to completely restore the files, or rather, return them to their original state, to the state that was before their encryption.
At this stage, I want to emphasize that before recovering files, you must definitely check your computer for viruses, find and remove malware that encrypted your files. The only way to skip this step is to get the disk with encrypted files and connect it to another computer, then use it to restore your files. Attention, using a disk on another computer, there is a small chance that you accidentally infect that computer with this virus.
How to restore .domn files using ShadowExplorer
To restore documents, photos, databases and other important files, that is, practically “decrypt .domn files without a key,” we first recommend using a free program called ShadowExplorer. If you have not come across this program, then here is some information about it. It is a small utility that allows you to easily access copies of files that are created automatically by a standard OS function called Windows Previous Versions.
Download the program using the link that you can find below. We recommend that you save the downloaded file to your desktop, so you can easily find it after the download is complete.
When the program download is complete, you will see a file called ShadowExplorer-0.9-portable.zip. The utility is in the archive, so you need to unzip the archive before starting the program. Right-click on this file and select the option called Extract All. Now open folder ShadowExplorerPortable.
In the list of files, find the ShadowExplorerPortable program and run it.
The main program window will open before you, as in the following example. The main window is divided into two parts – left and right. In the left part of the window, select the drive on which the encrypted files are located and select the date closest to the moment when the virus attacks your computer, encrypts the files and has changed the file extension to .domn. In the right part of the window, select the file you want to restore, then right-click on it.
A small pop-up menu will open before you, select Export in it. In the next window, select the directory where the recovered files will be saved.
What else do I want to say about the process of recovering encrypted files using the ShadowExplorer tool. Unfortunately, very often ransomware disable the Windows Previous Versions function and delete all saved copies of files. Therefore, after starting the ShadowExplorer, you may find that it is impossible to recover files. In this case, use another method of recovering encrypted .domn files, which is given below.
How to restore .domn files using PhotoRec
Another way to recover encrypted .domn files is the ability to use utilities designed to find and recover accidentally deleted and lost data. We recommend that you use the free PhotoRec tool. It is one of the best and has already helped readers of our site repeatedly recover encrypted files in a seemingly absolutely hopeless situation.
Before using the program, you need to download it. Use the link below.
When the file is downloaded, in the folder where you saved it you will see a file with the name ‘testdisk-7.0.win_.zip’. This file is the archive that contains the PhotoRec. To use the PhotoRec, this archive must be unzipped. Right-click on the file and select the item called Extract All. Open the folder with the name testdisk-7.0, you will see a list of files similar to the one below.
In the contents of the directory that opens, find the file with the name QPhotoRec_Win and run it. You will be shown a window similar to the one in the following figure. This is the main PhotoRec window.
Here you need to select the physical disk and the disk partition (disk name) where the encrypted .domn files are located. Note that in section ‘File System Type’, option ‘FAT/NTFS’ must be selected. Now select the folder where the recovered files will be written. We recommend using a partition or drive that does not contain encrypted files. It is better to use external media. It is very important! Since the PhotoRec restores files that were deleted by the Windows OS, if you restore them to the same drive on which you are trying to find them, a situation may occur when the Windows simply physically overwrites them and you can no longer recover such files.
Next, at the bottom of the window, click File Formats. A small window opens that lists the types of files that the PhotoRec can find and restore.
Leave only those file types that you need to recover selected. For example, if you want to restore images of ‘jpg’ format, then select the file type ‘jpg’. Having decided which files to recover, click OK button.
Having completed the steps listed above, you have made all the settings necessary to search and restore encrypted .domn files. It remains only to click on the Search button. The process of searching and restoring files can take a very long time, be sure not to turn off the computer or restart it. During this process, the program will show the current search location (disk sector), how many and which files were found and restored.
When the file recovery process is complete, click the Quit button. Then open the directory that you previously selected as the place where the recovered files will be written.
Here you will see one or more directories with the name recup_dir (recup_dir.1, recup_dir.2, …). Check these folder to find the files you need. The file name may not be restored, so to find what you need, use file sorting, as well as the standard Windows OS search by file contents.
I hope this information helped you remove Domn virus and restore the encrypted files. If you have any questions or you have information that will help readers of this article, then please add your comment below.
