This page aims to help you remove Phobos Ransomware for free. Our instructions also cover how any Phobos file can be recovered.
It is best if you never come across a Ransomware cryptovirus such as Phobos because in case that this malware finds its way inside your machine, it can encrypt your most valuable files and prevent you from using them unless you pay a ransom. However, even if you try your best to stay away from sketchy sites, illegal installers and spam and be careful with the content that you interact with on the Internet, there is absolutely no guarantee that you won’t get infected because the Ransomware infections use some very advanced distribution and infection methods. Phobos, for instance, can be found in seemingly harmless files, links, ads and attachments or be delivered with the help of well-camouflaged Trojan Horse viruses. If you are on this page, the chances are that you have already been greeted by the scary ransom-demanding message which Phobos typically displays on its victims’ screens. That’s why, in the next lines, we will focus on the alternative methods that can help you remove the infection from your computer and minimize the negative consequences of its attack. The instructions in the removal guide that you can find below contain a set of manual steps, a trusted removal tool and a file-recovery section, which may help you clean your computer and possibly get some of your valuable files back. In case that you don’t have a full data backup of your files at your disposal or you don’t want to pay a ransom to the anonymous hackers behind Phobos, we strongly recommend you read the paragraphs that follow and pay close attention to the information there. This is very important because, as we have already mentioned above, Phobos Ransomware is a cryptovirus threat which is highly advanced and dealing with it could be very challenging and not always successful.
Remove Phobos Ransomware
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: The Hosts file
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.
To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.
If you want to avoid the risk, we recommend downloading SpyHunter - a professional malware removal tool - to see whether it will find malicious programs on your PC.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to Phobos Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
The previous steps were all aimed at removing the Phobos Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.
Think carefully before you decide to risk your money!
The main goal of the Ransomware is to blackmail you and force you to pay a certain amount of money to a given cryptocurrency wallet. For that purpose, it blocks the access to the files that you keep on your computer by locking them with a complex encryption. Then the malware asks you to pay a ransom for their decryption. Those who agree to pay are promised to receive a secret decryption key which is supposed to liberate the sealed data. This promise, however, can by no means guarantee that everything will return back to normal. In fact, if you agree to pay the required ransom, you will be risking your money without any assurance that the hackers will really send you such a decryption key. And even if they do, there is still a chance that the key may not work and that your files may remain sealed forever. For this reason, we believe that it is much better to keep your money and try some alternatives first. One such alternative is the removal guide on this page which should be enough to help you remove Phobos from the infected computer and prevent it from encrypting any new files that you create or download. The file-recovery suggestions there may even help you get back some of the already encrypted data. However, please keep in mind that, as much as we want to, we can’t promise you a full recovery from such a nasty Ransomware threat. There’s simply no universal method which can deal with the advanced encryption algorithm in all cases and instances of a Ransomware infection. Still, it is essential that you try whatever alternative options you may have instead of risking your money for a decryption key that you may or may not receive.
|Danger Level||High (Phobos Ransomware encrypts all types of files)|
|Symptoms||Phobos Ransomware is hard to detect and aside from increased use of RAM and CPU, there would barely be any other visible red flags.|
|Distribution Method||Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods.|
Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.