.Copa Virus [Restore Files]


Remove It Now ▼ Get a Free Scan and check if your computer is infected
To remove malware, you have to activate trial or purchase the full version of SpyHunter.


.Copa is a file-locking virus that runs an encryption process in the infected machine which makes the targeted files inaccessible. The goal of .Copa is to force the attacked users to pay for the private key that will remove the encryption from their files.

The Copa Virus ransom note

The Ransomware threats are constantly evolving and dealing with their attacks is becoming more and more difficult despite all the hard work of numerous security specialists who do their best to come up with new methods and decryption tools that can help the users remove such viruses from their machines and unlock the files that the Ransomware has sealed. Because of this, it is extremely important that more and more users become informed the characteristics of the Ransomware threats.

The .Copa virus

The .Copa virus is a form of Windows malware intended to extort money from its victims by locking-up their data and keeping it sealed until a ransom payment is released. .Copa uses a unique encryption algorithm to ensure that nobody can open the locked files.

The Copa ransomware encrypted files

It’s always much better to prevent an infection with such a virus than to have to find a way to remove it from your computer and to free the files that it has locked. However, the hackers who create and spread such threats are very creative when it comes to finding new ways to spread their malware, which is why many unfortunate users end up with such viruses on their machines. .Copa is probably the reason why you’ve come here in order to look for help against it. If that is so, the next lines will offer you some guidance with regard to what to do in this unpleasant situation.

The .Copa file encryption

The .Copa file encryption is a software process that rearranges the files’ code, making them unreadable without the private key. The .Copa file encryption stays on the files even after the virus itself is no longer present in the user’s computer.

.Copa has undoubtedly presented you with a ransom-demanding note that tells you to send some of your money to the hackers behind the virus since this would result in you receiving a private key for your files that can decrypt them. If you are considering the payment, give yourself a moment to think about what can actually happen after you pay. You may indeed receive the needed key but you may also not get anything that can help you with the liberation of your files from the hackers. This is why the payment isn’t really a preferable option and should be avoided unless there really is no other choice.

Our alternative suggestion is to use the guide from this page and follow the steps. This will allow you to remove the virus and then try some of the alternative recovery methods present in the second part of the guide. We can’t promise you any miracles but it’s still better to go for the alternatives as they won’t cost you anything.


Name .Copa
Type Ransomware
Danger Level  High (.Copa Ransomware encrypts all types of files)
Symptoms .Copa Ransomware is hard to detect and aside from increased use of RAM and CPU, there would barely be any other visible red flags.
Distribution Method  Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods.

Remove .Copa Ransomware Guide

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to .Copa

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the .Copa.


4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and .Copa , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – .Copa

Type each of the following locations in the Windows search box and hit enter to open the locations:






Delete everything you see in Temp linked to .Copa RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: .Copa Decryption

The previous steps were all aimed at removing the .Copa Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.
  • ultramediaburner.com pro-zipper.com productsdetails.online post-back-url.com rothsideadome.pw room1.360dev.info telechargini.com

  • Os locais %dados do programa% e %dados do aplicativo % não foram encontrados no meu pc. Logo depois que o copa vírus foi instalado eu realizei uma restauração de sistema e desinstalei o que sobrou. Alguns dos passos eu não achei nada do copa, como no host e outros.o único que eu achei foi no regedit que eu fiquei em dúvida se podia apagar (fica em uma pasta .copa com o arquivo nome: (padrão ) tipo:REG_SZ dados:copa_auto_file). E achei no %localappdata% que me parecia arquivos como os outros que foram codificados e não me representava perigo. Posso apagar esses arquivos?

    Obs:os passos 4, 5 , e 6 foram feitos no modo de segurança.

Leave a Reply

Your email address will not be published. Required fields are marked *