Grod Virus



The Grod virus is a new and highly problematic infection of the Ransomware family. Its encryption is quite advanced and unless you have the corresponding decryption key for it, recovering your files from such an attack can’t be guaranteed. However, as we mentioned, even the ransom payment may not result in you receiving the needed access key, which means you should really carefully assess your options at the moment and choose the best one for you.

This is the message you will find in a _readme.txt file left behind by the Grod Virus

Ransomware is a unique form of computer threats that targets the files of its victims, but not with the goal of harming them – instead of damaging the targeted data, a typical Ransomware virus would encrypt the files, making them totally inaccessible. In most instances, the only way to open a file encrypted by e Ransomware cryptovirus if you use the corresponding access key that can decrypt the locked-up documents. The problem with that, however, is the fact that only the hackers behind the virus have the said key. Their goal is to make you pay money for it, hence the name of the whole malware category used to achieve that – Ransomware. However, many are the users who cannot afford such a payment. Also, in many cases, even if one pays the ransom, the needed key may still not be received by them. All of this creates a particularly unpleasant situation in which there seems to be no good move one could make. Still, this doesn’t mean you should stand still and do nothing in case of a Ransomware infection. Therefore, we have made it our goal to inform our readers who have become victims of Ransomware about what their potential options so that they can make an informed choice on what to do next in case their files have become inaccessible due to an attack from such a virus.

The Grod virus

Obviously, the first thing you can try if you have had your files locked by Grod, Lokf or Mosk is pay the money the hackers want from you. This may or may not get you the decryption key. However, it will certainly cost you some money – money you’d never get back regardless of whether or not the hackers send you the access key. The other option is to remove the virus yourself, and then try some alternative methods of bringing back your files. Similarly to option number one, the alternatives may or may not result in the restoration of your files, but at least you get to keep your money if you go for them.

The Grod file encryption

The main problem with any cryptovirus attack is the encryption. For instance, the Grod file encryption is really advanced and breaking it is very difficult. Some Ransomware infections have special corresponding decryption tools developed by security specialists, but not all of them. You can find a list of such decryptors as well as some other alternative restoration methods in the second part of the guide you will see in a moment. Before you get to that, however, use the removal instructions from the guide to rid your computer of Grod. Otherwise, any new files you create on your computer, as well as any files you manage to recover may get locked by the cryptovirus all over again, creating a vicious circle you’d certainly want to avoid.


Name Grod
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Most threats like this one won’t reveal themselves by showing any visible symptoms until the files get locked by the encryption
Distribution Method Shady sites with fake and misleading ads in them, or which distribute pirated content are the most common sources of Ransomware infections.


Remove Grod Ransomware Guide

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Grod

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Grod.


4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Grod , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Grod

Type each of the following locations in the Windows search box and hit enter to open the locations:






Delete everything you see in Temp linked to Grod RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Grod Decryption

The previous steps were all aimed at removing the Grod Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Leave a Reply

Your email address will not be published. Required fields are marked *