How to remove Seto ransomware and to recover files encrypted by it?

By ivan.diskin | November 13, 2019 |

greater than 15 minutes

If you find an item with the .seto extension (or in the SETO format), then there is a good chance your computer has been infected with the Seto ransomware. You will be unable to open the files with the .seto extension because the file type is unusual.

Even if your computer had a special application for opening files in the SETO format, you would still struggle to open seto files because they are encrypted. Yes, the Seto ransomware encrypts the files that it gains access to (using a decent encryption algorithm) to prevent users from recovering their data.

You are probably here to find out how to recover files infected by the Seto malware – since you are unable to get your computer to open the encrypted items. In this guide, we intend to examine the Seto ransomware carefully, tell you all you need to know about it, and then move on to proffer solutions to the problems associated with it.

What is Seto malware?

Seto is popular ransomware that belongs to the Djvu collection of malicious programs or scripts. Once Seto finds its way into a computer, it works to encrypt files and block access to them. Victims of the attack are then encouraged to purchase a decryption utility or key from the criminals, who designed the malware in the first place.

Seto typically renames the items it encrypts to add the .seto extension so that users get to notice that something has happened to their files. For example, randomitem.doc becomes randomitem.doc.seto. The ransomware is also known to create a ransom message placed within a text file that is usually stored in the folders housing the encrypted data.

The criminals who came up with the Seto ransomware designed it to use a strong encryption algorithm. Yes, their algorithm cannot be broken through regular decryption techniques or operations. Nevertheless, you will be able to find a way to recover your files.

You must take note of one thing now, though. Whatever happens, you must not give in to the demands made by the attackers. For one, you should not be paying people who have caused you trouble by encrypting your files. For another, even if you cave in and give them the requested sum, there is no guarantee that they will keep to their end of the deal and send the decryption utility or key.

In other words, if you give in to their demands, there is a good chance you will end up losing your money too. We saw some messages from the attackers encouraging victims to attach one file, which the Seto ransomware creators are supposed to decrypt free of charge. It seems the attackers came up with the scheme to prove that they have the tools to decrypt the affected files.

However, several reports indicate that many users – who paid the ransom – were scammed and got no decryption tools. The attackers themselves –  especially those you might get into contact with – might actually have no way to decrypt the files. Well, given all that has been said, we are hopeful you have figured out that payment of the ransom is not an option.

How did my computer get infected with Seto ransomware?

A good number of malicious programs are disseminated through emails. Computers typically get infected when people open an attachment in an email from an unknown sender. Sometimes, the criminals go as far as attaching the bad stuff in normal items such as Word documents or PDF files. The malicious code can also be embedded in JavaScript files, executables files (in the .exe format), archives (especially the ones in the ZIP and RAR formats), and so on.

A different malicious program might even have something to do with the events where the Seto ransomware managed to infect your computer. Trojans, for example, are known to propagate other harmful items. Perhaps, a Trojan entered your computer and its activities resulted in chain infections leading to the Seto ransomware hitting your system.

Some harmless-looking applications are also known to download and install malware while they pretend to be searching for updates. They might also exploit existing bugs, vulnerabilities, or holes in old or outdated programs to expose your system to infection. In recent times, a lot of malware entities find their way into victim computers through utilities that appear to be harmless (for example, software updaters or activation tools, crack and patch utilities for programs, and so on).

How to remove Seto ransomware from your computer

Since you found a file in the SETO format, then the ransomware has probably executed a good number of decryption operations for items on your computer. Well, this means the malicious program is already quite ahead of the curve in its infestation cycle.

At this stage, you cannot get rid of it all on your own. You will have to use certain advanced techniques and even get help from special utilities. Before we show you how to decrypt .seto files, we have to walk you through certain procedures to remove everything associated with the malicious program.

Anyway, the procedures in this guide cover almost everything that you will need to do to make your computer free of the ransomware and recover your files.

  1. Start your PC in safe mode with networking:

Through safe mode, you get to force Windows to start up with a minimal number of drivers, processes, services, and start-up programs. By default, in the environment resulting from safe mode, third-party applications are not allowed to run, which means external influences are more or less non-existent.

Since you are dealing with ransomware known to execute operations to encrypt files, safe mode will provide you with the ideal troubleshooting platform. There, you will find it easier to do all the hard work required to get rid of the malicious program and even recover your files.

If your computer is running Windows XP or Windows 7, then these are the instructions you must follow to start your PC in safe mode:

  • Click on the Windows Start icon in the bottom-left corner of your machine’s screen to see the Windows Start menu programs and options (or give the Window logo button on your device’s keyboard a tap for the same outcome).
  • Click on Shut Down (to see some options) and then select Restart.
  • While your computer is starting up, you have to press the F8 button (perhaps, multiple times) until you see the Windows Advanced Options menu.

You might have to press and hold the F8 button to get into the Windows Advanced Options menu, or a single tap might be enough. It all depends on your computer model, device manufacturer, and similar variables.

  • Anyway, assuming you are now in the Advanced Options menu, you have to go through the list and then select Safe Mode with networking.

If your machine is running Windows 8 or Windows 8.1, then these are the instructions you must follow to start your computer in safe mode:

  • Click on the Windows Start icon in the bottom-left corner of your machine’s screen to see the Windows Start menu programs and options (or give the Window logo button on your device’s keyboard a tap for the same outcome).
  • Input Advanced into the text field (that becomes visible the moment you start typing) to perform a search task using that keyword as the query.
  • Once Advanced startup options emerges as the main or primary entry on the results list displayed, you have to click on it.

Your system is supposed to bring up the General PC settings window now.

  • Click on Advanced Startup and then click on the Restart now button.

Your computer will now restart automatically. Windows will come up and direct you to the Advanced Startup options menu.

  • Assuming you are on the right screen, you have to click on the Troubleshoot button. On the screen or dialog that follows, you have to click on the Advanced options button.
  • Since you are now on the Advanced options screen, you should see Startup settings, which you have to click on to continue.
  • At this point, you have to click on the Restart button again. Your computer will then restart to go into the Startup Settings screen where you will see a list of options.
  • Give the F5 button on your machine’s keyboard a tap to choose the Enable Safe Mode with networking option.

Windows will now work to get your computer into the safe mode environment where your system gets equipped with networking functions or features.

If your device is running Windows 10, then these are the steps you must go through to start your PC in safe mode with networking:

  • Click on the Windows Start icon in the bottom-left corner of your machine’s screen to see the Windows Start menu programs and options (or give the Window logo button on your device’s keyboard a tap for the same outcome).
  • Click on the Power icon to see the options available. The Sleep, Hibernate, Shut down, and Restart options should be visible now.
  • Press (and hold) the Shift key on your PC’s keyboard and then click on the Restart option.
  • Assuming you are now on the Choose an option window, you have to click on Troubleshoot.
  • On the screen or dialog that follows, you have to click on Advanced options.
  • Assuming you are now on the Advanced options menu, you have to select Startup Settings and then click on the Restart button.
  • At this point, you have to give the F5 button on your machine’s keyboard a tap to select the Enable Safe Mode with networking option.

Your PC will now restart to go into the safe mode environment where networking capabilities or functionalities will be provided.

  1. Delete Seto files and packages; run scans with an antivirus or antimalware utility to remove the Seto ransomware:

Since you are now in the safe mode environment – where third-party processes, components, and services are a nonfactor – you have to perform the necessary tasks to remove the malicious program. The ransomware is not active, so nothing will stop you from detecting and removing the bad stuff.

These steps cover everything we want you to do here:

  • First, you have to launch the File Explorer program by clicking on its application icon on your taskbar or through the Windows logo button + letter E keyboard shortcut.
  • Assuming the File Explorer window has been brought up, you have to navigate through the appropriate path to the folders where you believed the Seto ransomware files or components are stored.

If you can find the location from which the Seto ransomware has been operating (or was operating), then things will be easier.

  • If you find any item associated with the malicious program in view, you have to click on it to get it highlighted, right-click on it to see the regular options available for it, and then select Delete.

You have to perform the file removal task on all the stuff associated with the Seto ransomware. In any case, you have to delete all packages or files used by the Seto ransomware.

  • Once you are done removing all Seto ransomware components and data files, you can close the File Explorer.

We do not expect you to find or identify all the entries or packages used by the Seto ransomware on your computer. There is a good chance you have missed some Seto files, which correspond to threats or leftovers of the ransomware.

To this end, we want you to run scans for viruses and malware on your computer using your antivirus or antimalware program. If you do not have a security program, then you will do well to download and run Auslogics Anti-Malware and then use it to run the necessary scans.

Assuming you now have the required security utility in hand, you must go through these instructions to use it:

  • Fire up the antivirus or anti-malware program by double-clicking on its launcher or shortcut on your desktop screen.
  • Assuming the security application window has been brought up on your screen, you have to click on its scan menu.
  • Check for the Full scan option (or any similar parameter).

We want you to use the scan option that ensures your antivirus or antimalware utility checks every item on your computer and goes through all the directories on your PC’s disk. That scan option is probably the one that uses the most time and consumes more resources than others.

  • Wait while the security utility does its job.
  • After the scan is complete, you have to review the results provided.

Your antivirus might have quarantined some items that it considered malicious or harmful, so you might want to check its Quarantine (or a similar pane) to see what it found.

If you find something that should not be there – and if you are sure about it – then you can use the Restore function to force the security tool to return the item to its location. On the other hand, if you see files that you know to be real threats, then you might want to go ahead to use the Delete option to instruct your antivirus to remove the bad stuff from your PC for good.

  • Once you are done with the threat detection and removal tasks, you can close the security program that assisted you.

If you are not satisfied with the results of the work done by your antivirus or security utility, then you can get the malware removal tool provided by Microsoft and use it to run the same checks. In that case, you have to continue with the instructions below:

  • Fire up your web browser and search for the Malicious Software Removal Tool designed by Microsoft.
  • On the download page for the needed utility, you might have to select your preferred language and also specify other parameters or details that define your computer.
  • Eventually, you will see the Download button, which you have to click on to proceed.
  • After your browser fetches the tool package, you will have to click or double-click on it to get Windows to run it.
  • You might have to click on the Run button to affirm things – if Windows brings up a prompt or dialog to get some form of confirmation for the program execution operation.

Your system will bring up the Malicious Software Removal Tool window now.

  • You will probably have to click on Next to continue. On the screen that follows (usually for the scan type), you have to click on the radio button for Full scan to get this parameter selected.

Yes, we want you to use the Full scan option here to ensure no stone gets left unturned in the search for threats.

The tool is now supposed to start running checks on your computer for all Seto ransomware packages, files, and so on. The full scan procedure might take a while, so you have to be patient.

  • As usual, after the tool completes the scan operation, you have to review the threats found.

The same guidelines and instructions we provided earlier apply here too.

  • Once you are done with everything, you can close the Malicious Software Removal Tool window and move to the next task.
  1. Try to use System Restore, the Windows Previous Versions feature, and similar functions or programs to recover what you can:

Here, we want you to take advantage of the built-in Windows OS features that allow users to revert their computers to an old state (System Restore) or bring back old copies of files (Windows Previous Versions). Certain variables, limitations, risks, and complications might come into play, though, and we must spell them out now.

To use System Restore, the function needs to have been enabled on your computer at some point in the past. Hopefully, System Restore got enabled before the Seto ransomware found its way into your PC. Otherwise, the program will end up being useless for the purposes or goals you are looking to achieve here.

When you decide to use System Restore to force your computer to go back to an old state, you get to choose a restore point, which is a system state that corresponds to a specific date in the past (associated with your computer composition at that moment). Perhaps, if you manage to select a restore point that preceded the Seto ransomware entry into your machine, then you will able to salvage some data.

We must warn you, however, that things could go wrong. Your usage of System Restore might end up complicating the issue, for one. You need to be sure that your computer is free of Seto threats and other ransomware devices. Otherwise, if the same or a similar threat remains active on your computer, your files might get encrypted again. In cases where the files get encrypted again, decryption becomes more difficult than before.

We will now move on to outline the steps on using System Restore in Windows 10. We will add slight variations to account for the instructions for older versions of Windows (Windows 8.1, Windows 8, and Windows 7):

  • First, you have to fire up the Command Prompt window with administrative privileges or rights.

On Windows 10, Windows 8.1, and Windows 8, you can do it this way: Use the Windows logo button + letter X keyboard shortcut to access the Power User menu list of options and programs and then select Command Prompt (Admin).

On Windows 7, you can do it this way: Press the Windows button to see the Windows Start screen, fill the text box there with CMD to perform a search task, right-click on the Command Prompt entry on the search results list to see some options, and then choose Run as administrator.

  • Assuming the Administrator: Command Prompt window has been brought up, you have to execute the following code there (by typing it in first and hitting the Enter button on your device’s keyboard to get Windows to run it):

rstrui.exe

Your system is supposed to bring up the System Restore window now.

  • Click on the Next (or a similar) button to begin.
  • On the screen that follows, you have to click on your preferred restore point to get it highlighted. Click on the Next button to confirm your selection and move on.
  • Now, you might have to review all the parameters or options you selected for the restoration operation. You can still make changes – if need be.
  • You might have to click on the Yes button to affirm things.

Windows will now initialize system restore processes.

  • Follow the on-screen instructions and guidelines. Everything should go smoothly.

Your computer will eventually restart to get into the regular Windows operating system environment. There again, we recommend you boot your PC into safe mode and then you must continue by running scans for viruses and malware (as you did earlier).

The Windows Previous Versions feature is the other function that might assist you in the recovery process for your files. However, we must warn you that there are no guarantees with the operation here. From some reports, we figured out that some variants of the Seto ransomware delete shadow volume copies of files, which means the proposed procedure will be ineffective on certain computers.

Anyway, we still recommend you give the feature a try and see what results you get. Follow these instructions:

  • First, you have to launch the File Explorer app. You can perform the launch task for this program by clicking on the application icon on your taskbar or through the Windows logo button + letter E keyboard shortcut.
  • Assuming the File Explorer window has been brought up, you have to navigate through the appropriate path to find the encrypted or affected files.
  • To restore a file, you have to perform a right-click on it to see the context menu available, and then choose the Properties option.

Your system will bring up the Properties window for the chosen file now.

  • Click on the Previous Versions tab to go there. If a restore point for the file in view is available, you will see it now.
  • Click on the relevant restore point to get it highlighted and then click on the Restore button (close to the bottom of the window).

Windows will now work to bring back an old version of the file in view. If everything goes well, then you will be reunited with an accessible or usable copy of the encrypted file.

We do not know of any standard procedure that guarantees the total recovery of the items which got encrypted by a ransomware device such as Seto. You might succeed in getting back some files using top-level decryption techniques/tools or powerful third-party applications, but the procedures and programs are not fool-proof. They do not work all the time, or they might not do well on your computer.

You might want to take serious precautions to prevent such attacks in the future. Ideally, you must come to terms with all the essential security guidelines and recommendations – since you (as an individual) constitute the best defense against all forms of threats. Nevertheless, you will do well to configure the relevant protection setups on your computer to keep out all malicious programs.

We advise that you create a solid/reliable backup – which you get to update or maintain regularly – for all the important files or packages on your computer. With such a backup in place, if your computer ever falls victim to a ransomware (or even any malware) attack, you will be able to make things right by simply doing a clean install of Windows, which is the nuclear procedure that guarantees total removal of the threats.

If you use Windows 10, then you might want to take advantage of the recently introduced Controlled Folder Access functionality, which was designed to block attempts made by ransomware to encrypt items on PCs. Well, you might want to keep your stuff in the Documents, Pictures, Videos, Music, Favorites, and Desktop directories – since the security feature is programmed to protect the stuff stored in those folders by default.

Our final security recommendations require you to take proactive measures to preempt malware attacks in the future. For one, you will benefit from adding a new security utility – such as Auslogics Anti-Malware – to take your protection setup some levels up. For another, you might want to keep an eye on Windows updates to ensure that your computer always gets the latest bug fixes and patches to security holes or vulnerabilities.

Share it:
Do you like this post?
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...