Home / Spyware Help / Calix Ransomware Removal Guide

Calix Ransomware Removal Guide

by

Do you know what Calix Ransomware is?

If you download files and open spam emails carelessly, Calix Ransomware is one of many infections that could invade your operating system. These backdoors can be exploited by thousands of other threats as well, including different kinds of threats completely. When ransomware slithers in, it immediately detects and encrypts your personal files, so that the attackers behind the threat could demand money from you. How does that work? The attackers encrypt your files using a unique encryption key. They then offer a decryption key in return for a payment. Obviously, you should not think that you can trust cybercriminals and their promises. They will do whatever it takes to reach their goals, and they certainly do not care about you. So, let’s remove Calix Ransomware.

Calix Ransomware, according to our research team is a variant of Phobos Ransomware, a very well-known infection that has been ravaging Windows operating systems for quite some time now. A few other variants of the same infection include Eight Ransomware and Blend Ransomware, but there are tons of others. They all slither into vulnerable operating systems silently and then encrypt files that are deemed personal, including photos, documents, archives, etc. When files are encrypted, a unique extension is added to them as well. Calix Ransomware adds “.id[*].[painplain98@protonmail.com].calix,” and the ID, of course, is unique to every victim. You should be able to remove this extension, but there is absolutely no point in doing that since you cannot read your files because their data is ciphered, not because their names are modified. Unfortunately, you cannot decipher data by deleting the infection.

After files are encrypted, Calix Ransomware introduces two of its own files that, of course, you will need to remove in the end. One of them is “info.txt,” and it represents a message that instructs to send an email to painplain98@protonmail.com or patern32@protonmail.com. The second file is called “info.hta,” and this is the file that is responsible for opening the “encrypted” window. The message represented via it explains that your files were encrypted “due to a security problem” and that you need to email the attackers so that they could explain to you how to pay a ransom in return for a decryption tool. The only thing we know about the ransom is that it has to be paid in Bitcoins. Of course, we do not recommend paying it even if you think that it is small enough or if money is not an issue for you at all. If you think that you would get a decryptor as soon as you paid the ransom, you are mistaken. The attackers are only making this promise so that they could convince you to pay the ransom.Calix Ransomware Removal GuideCalix Ransomware screenshot
Scroll down for full removal instructions

At the time of this analysis, the files corrupted by Calix Ransomware could not be decrypted for free by third-party tools. Unfortunately, it is unlikely that you can free your files manually either. It seems that the only option you have is to delete the corrupted files and replace them with backup copies. If you do not own copies – and it is best to store them online or on external drives – you are out of options. Even if that is so, we do not recommend paying the ransom. To delete Calix Ransomware from the Windows operating system, you should implement a trusted anti-malware program. If you are not interested in having your system cleaned and protected automatically, you will need to remove the infection yourself. The guide below might help you some, but note that you will have to find the launcher yourself.

Remove Calix Ransomware

  1. Delete the launcher (.exe file) of the infection. It could be located anywhere, and its name is random too.
  2. Go to the Desktop and Delete the files info.txt and info.hta.
  3. Open File Explorer (tap Win+E keys) and enter %HOMEDRIVE% into the quick access field.
  4. Delete the file named info.hta.
  5. Enter the following paths into the quick access filed one by one to find and Delete a malicious {random name}.exe file:
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\
    • %LOCALAPPDATA%
  6. Open Run (tap Win+R keys) and enter regedit into the dialog box to open Registry Editor.
  7. Move to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  8. Delete a {unknown name} value that is linked to the malicious file in step 5.
  9. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and repeat step 8.
  10. Empty Recycle Bin and then immediately perform a full system scan using a trusted malware scanner.

In non-techie terms:

Calix Ransomware is a dangerous infection that preys upon vulnerable Windows operating systems. It can use spam emails and bundled downloaders to slither into systems, after which, it immediately encrypts files. When the data of your personal files is changed, you cannot read them, and the attackers are using that to demand a ransom. They suggest that your money would be exchanged for a decryptor, but that is not the truth. If you waste your money, you will get nothing in return. This is why we strongly recommend deleting Calix Ransomware as soon as possible. There is no point in waiting. The manual guide above can help some, but because the elimination of the infection is a complicated process, we strongly advise installing legitimate anti-malware software to assist. Hopefully, you can replace the corrupted files with backups afterward.