.aup.alka (virus problem)


I accidentally downloaded some malware. After reinstalling my OS, I still am stuck with about 5 aup files that have this extra suffix attached. The corresponding data files look OK, but this .alka suffix has rendered the aup files useless. Without functional aup files, I can’t access the data. Does anyone know anything about fixing or replacing corrupted aup files?


  1. First things first. Have you scanned your computer with an up to date, reputable anti-virus program AND scanned for other malware (including spyware)?
    The Alka virus is “ransomware”, but some versions also install additional malware.

  2. I assume that you don’t have backups for those projects?

  3. Do you still have the ransom .txt file? If you do, do NOT delete it. It “may” be useful for recovery, IF recovery is possible (no guarantees).

  4. Do you know how your computer got infected with the virus? (please do not post links to dangerous websites).

Thanks for responding. First, I did backup all files but isolated these alka files. Then I took my computer in and reinstalled my partition and reinstalled both my Linux and my Windows. This STOP virus did not cause any problem on Linux. So my computer itself must be OK. After installation of Windows, I downloaded 360 Security antivirus and scanned. It recommended some repairs and I did that. I’m not sure what to do next. I searched for info and it says that it’s possible that this virus could damage the computer itself. i doubt this, since Linux went unaffected. But I don’t know if I can trust a removal program. From what I’ve read, this is a new strain and it might be best to wait until a cure is developed. So i guess I could just keep these files until that happens, unless someone has a better suggestion.

I don’t think I saved the ransom txt file.

The malware was installed through a download.

The alka virus encrypts files, rendering them unreadable until they have been decoded, which requires an extremely complex cryptographic “key”.

You can test if the .aup.alka files have been encrypted by renaming them with an additional “.txt” to the file name (so that they are “filename.aup.alka.txt”)
Then see if you can open them in NotePad. If you can open them and see readable text, then you may be in luck. If it opens as garbage characters, or appears empty, or simply will not open, then it is encrypted and you are “probably” out of luck.

The only decoding program that I know of for .alka files, tries to match the “address” in the ransom .txt file to known cryptographic keys. If you don’t have the ransom txt file, then the files probably can’t ever be decoded.

Is this a “dual boot” setup?

Well, it’s not the end of the world. I do enough backing up to keep loses at a minimum. Do you think it’s safe to open these with a text editor? I think I’ll switch over to Linux to do this. Yes, this is a dual boot, if that’s what it’s called. I have it partitioned with Linux on one side and Windows on the other.

I opened a file in text form and it doesn’t look good. Just a few lines of text containing a load of question marks.

That definitely sounds like it has been encrypted.

I don’t think this will help, but here’s the website for the decryptor: Emsisoft: Free Ransomware Decryption Tools

Yeah. I don’t think I have the ransom note, so this won’t work. But I’ll live. It’s only a few aup files and I still have the earlier versions of these projects. Every few days I resave the project with a new date on it. So, I only lost a few minor edits. I think?