The .Dodoc Virus in Depth
How worried should you be if you have a Ransomware like Dodoc on your computer? This article and the guide attached to it describe everything you need to know about the Ransomware category and this particular representative, including how to remove it if you get infected.
Cybersecurity is a major problem in today’s digital world, both for businesses and for regular web users. Our computers, portable devices, smart home devices, and any other type of devices that are connected to the Internet are vulnerable to various attacks. One of the greatest threats to security that everyone may encounter online is the so-called Ransomware.
What is .Dodoc file?
Ransomware is a type of malicious software (also called “malware”) which is designed to hijack computer files and, sometimes, even to block the access to the entire computer. This type of malware encrypts your files so they cannot be opened without the application of a special decryption key. If you get attacked, you basically cannot use any of your precious videos, photos, personal files, work documents, archives, etc. The attackers behind the malware contact the victim by displaying a ransom-demanding note on the screen of the infected computer and request a ransom to be paid in exchange for the special decryption key. They promise to decrypt the files after the payment (often required in bitcoins) is made and usually threaten that, if no money is sent to them, they will destroy the key and leave the data encrypted forever.
Infections such as Dodoc, Lapoi, Gusau, for example, can be very nasty as they use a very complex file-encryption method, which is almost unbreakable without the application of the corresponding decryption key. Those threats also use some very stealthy methods to sneak into the system and, sadly, they usually manage to remain under the radar of most security programs until they complete their file-encrypting process. When all the files have been blocked, a ransom note appears on the screen, stating the amount of money you must pay to decrypt the files, as well as telling you about where or how to transfer the money, and how much time you have to do it. If the deadline is not met, the amount typically increases or the decryption key gets destroyed. If you attempt to open any of the encrypted files, an error message appears stating that the file is protected by an encryption algorithm and cannot be opened without a corresponding key.
The most worrying thing about Dodoc and other infections of this type is that, unlike viruses, once you remove them, this doesn’t necessarily mean that you will be able to restore the access to the files they have encrypted. Sometimes, the targeted data may remain inaccessible for an indefinite period of time, and in those cases, you may need to use some alternative methods in order to get it back.
Paying the ransom that the hackers want, however, is also not a guarantee that you will get everything back to normal, because the crooks may never send you the decryption key needed for the recovery of your encrypted files. Not to mention that even if you manage to get the key, it may not work properly and may still turn out to be useless. Therefore, instead of risking your hard-earned money, we suggest you focus on the proper steps to remove Dodoc and, after the infection is gone, explore some alternative file-recovery steps. You can see such steps in the removal guide below and give them a try once you remove the Ransomware from the computer.
Dodoc SUMMARY:
Name | Dodoc |
Type | Ransomware |
Danger Level | High (Dodoc Ransomware encrypts all types of files) |
Symptoms | Dodoc Ransomware is hard to detect and aside from increased use of RAM and CPU, there would barely be any other visible red flags. |
Distribution Method | Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods. |
[add_third_banner]
Dodoc Ransomware Removal
1: Preparations
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: IP related to Dodoc
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Dodoc.
[add_forth_banner]
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Dodoc , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data – Dodoc
Type each of the following locations in the Windows search box and hit enter to open the locations:
%AppData%
%LocalAppData%
%ProgramData%
%WinDir%
%Temp%
Delete everything you see in Temp linked to Dodoc Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
7: Dodoc Decryption
The previous steps were all aimed at removing the Dodoc Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.
Leave a Reply