The Smile virus falls within the ransomware type of infection. Malware of such sort encrypts all the data on your computer (photos, text files, excel tables, music, videos, etc) and appends its extra extension to every file, creating the SM$LE-read-it.txt files in every folder with the encrypted files.
What is known about the Smile virus?
Smile appends its specific .SM$LE extension to every file’s title. For instance, a file entitled “photo.jpg” will be turned into “photo.jpg.SM$LE”. Likewise, the Excel sheet with the name “table.xlsx” will become “table.xlsx.SM$LE”, and so on.
In every directory containing the encrypted files, a SM$LE-read-it.txt file will appear. It is a ransom money note. Therein you can find information on the ways of paying the ransom and some other remarks. The ransom note most probably contains instructions on how to purchase the decryption tool from the Smile developers. You can obtain this decryptor after contacting [email protected], via email. That is pretty much the scheme of the malefaction.
Smile Overview:
| Name | Smile Virus |
| Extension | .SM$LE |
| Ransomware note | SM$LE-read-it.txt |
| Contact | [email protected], |
| Detection | Trojan:Win32/Tnega!MSR Removal, Win32:Adware-DNA [Adw] Virus Removal, Win32:Secat [Trj] Virus Removal |
| Symptoms | Your files (photos, videos, documents) have a .SM$LE extension and you can’t open them. |
| Fix Tool | See If Your System Has Been Affected by Smile virus |
The SM$LE-read-it.txt file coming in package with the Smile malware provides the following dispiriting information:
/////>SMILE RANSOMWARE Ooops. Your files have been encrypted by The SMile Ransomware. Your files are now encrypted with AES and RSA encryption algorthims and are no longer accessable to you. In order to gain access to your files, you must buy our decryption software. To restore your data, follow these easy steps. 1. Download the TOR Browser at hxxps://torproject.org/ 2. Visit any of the three darknet sites listed below: - - - If one of the sites doesn\'t work then try another one as some of these sites may be offline from time to time! 4.Once your connected to one of our websites. You must pay a total of $3000 worth of bitcoin to the address listed on the website. Once the payment is verified, you will be sent the decryption software in due time! WARNING: Failure to pay the ransom within a 3 day time period will result in the decryption software being destroyed and your files and data will be lost FOREVER!!!!!!!!!!!!!!!!!!!!!!! If you have any other issues. Please feel free to contact us at [email protected] or LIVE CHAT with our operators on one of our darknet sites! Thank you. Best Regards. Smile C0rp
In the picture below, you can see what a folder with files encrypted by the Smile looks like. Each filename has the “.SM$LE” extension appended to it.
That is how encrypted “.SM$LE” files look.
How did Smile ransomware end up on my PC?
There are plenty of possible ways of ransomware infiltration.
There are currently three most popular ways for evil-doers to have ransomware acting in your digital environment. These are email spam, Trojan infiltration and peer file transfer.
- If you access your mailbox and see letters that look like familiar notifications from utility services companies, postal agencies like FedEx, Internet providers, and whatnot, but whose “from” field is strange to you, be wary of opening those emails. They are very likely to have a malware item enclosed in them. Thus it is even more dangerous to download any attachments that come with letters like these.
- Another thing the hackers might try is a Trojan file scheme. A Trojan is an object that gets into your machine pretending to be something different. For example, you download an installer for some program you need or an update for some service. However, what is unpacked turns out to be a harmful program that encrypts your data. As the update package can have any name and any icon, you have to make sure that you can trust the source of the files you’re downloading. The best thing is to trust the software developers’ official websites.
- As for the peer file transfer protocols like torrent trackers or eMule, the threat is that they are even more trust-based than the rest of the Web. You can never know what you download until you get it. Our suggestion is that you use trustworthy resources. Also, it is a good idea to scan the directory containing the downloaded items with the antivirus as soon as the downloading is done.
How do I get rid of ransomware?
It is important to inform you that besides encrypting your files, the Smile virus will most likely deploy Vidar Stealer on your PC to get access to credentials to different accounts (including cryptocurrency wallets). The mentioned program can extract your credentials from your browser’s auto-filling data.
How to avoid ransomware injection?
Smile ransomware doesn’t have a endless power, so as any similar malware.
You can protect your PC from ransomware injection within several easy steps:
- Never open any emails from unknown mailboxes with unknown addresses, or with content that has likely no connection to something you are expecting (can you win in a lottery without even taking part in it?). If the email subject is likely something you are expecting, check all elements of the dubious letter with caution. A fake letter will always contain mistakes.
- Never use cracked or untrusted software. Trojans are often distributed as an element of cracked products, most likely under the guise of “patch” preventing the license check. Understandably, potentially dangerous programs are very hard to tell from reliable software, because trojans may also have the functionality you need. You can try to find information about this software product on the anti-malware message boards, but the best way is not to use such software.
Frequently Asked Questions
🤔 How can I open “.SM$LE” files?Can I somehow access “.SM$LE” files?
Unfortunately, no. You need to decipher the “.SM$LE” files first. Then you will be able to open them.
🤔 What should I do to make my files accessible as fast as possible?
If the “.SM$LE” files contain some really important information, then you probably have them backed up. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. The rest of the methods require patience.
🤔 What to do if the Smile virus has blocked my computer and I can’t get the activation code.
🤔 What could help the situation right now?
Some of the encrypted files can be located elsewhere.
- If you exchanged your critical files via email, you could still download them from your online mail server.
- You might have shared photographs or videos with your friends or relatives. Simply ask them to send those pictures back to you.
- If you have initially got any of your files from the Web, you can try to do it again.
- Your messengers, social media pages, and cloud storage might have all those files too.
- It might be that you still have the needed files on your old PC, a portable device, cellphone, external storage, etc.
USEFUL TIP: You can use data recovery programs1 to get your lost data back since ransomware encodes the copies of your files, removing the original ones. In the video below, you can see how to use PhotoRec for such a recovery, but remember: you can do it only after you kill the virus with an antivirus program.
I need your help to share this article.
It is your turn to help other people. I have written this guide to help users like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan SmithReferences
- Here’s the list of Top 10 Data Recovery Software Of 2024.
Leave a Comment