Home / Spyware Help / Ox4444 Ransomware Removal Guide

Ox4444 Ransomware Removal Guide

by 0 Comments

Do you know what Ox4444 Ransomware is?

Perhaps it is easy to tell what you are dealing with when you look at the name of this infection. It is a ransomware program, and it is definitely bad news. Ransomware are relentless and dangerous infections that leave multiple systems crippled because they want to make as much money for their developers as possible. It is important to remove Ox4444 Ransomware and other similar infections from the affected systems as soon as possible. Dealing with the people behind these threats will bear not fruit. Simply terminate the infection and then look for ways to restore your files.

Our research team says that Ox4444 Ransomware is a variant of the GlobeImposter Ransomware infection. In fact, some of the features that were common to GlobeImposter Ransomware could be applied to Ox4444 Ransomware as well. The former was released way back in 2017, and it exhibited most of the commonly known ransomware features. Therefore, it is only natural to expect the same from Ox4444 Ransomware. It is also very likely that this infection reaches you through spam email attachments. We always emphasize how important it is to double-check the sender’s identity when some email reaches you unexpectedly. Also, you should always consider scanning the received file with a security tool.

Scanning received files with a security tool should be a given, especially if you work with such files on your computer at work. Please bear in mind that ransomware infections far more often target corporate computer systems than individual desktops. Encrypting multiple files on a business system is a lot bigger success than locking up files on a single desktop. Therefore, businesses have to invest in educating their employees about cyber security if they want to avoid Ox4444 Ransomware and other similar infections.Ox4444 Ransomware Removal GuideOx4444 Ransomware screenshot
Scroll down for full removal instructions

Once Ox4444 Ransomware enters the target system, this program creates a copy of itself in the %LOCALAPPDATA% directory. The filename of the executable file will be the same as the downloaded file that you have executed. On the other hand, the previously released ransomware programs that are associated with Ox4444 Ransomware sometimes named the dropped executable file svhost.exe. So you might want to check whether the filename remains the same or changes to svhost.exe.

Aside from dropping additional file, Ox4444 Ransomware also creates a point of execution in the Windows registry. It means that the ransomware gets launched each time you turn on your computer. If new files are saved in the directories that are targeted by the ransomware, they will be encrypted again, because Ox4444 Ransomware scans the system upon every single launch.

During our research, we have found that this program encrypts almost every single file it comes into contact with. However, it does skip the Windows system files and the %WinDir% directory. This is not uncommon. Ransomware infections still need the system to function properly, so that the infected user could transfer the ransom payment.

After the encryption, all the affected files receive the “.Ox4444” extension to their original filenames, so it is really easy to see which files were infected. Also, every affected folder will get a ransom note as well. The ransom note says the following:

YOUR FILES ARE ENCRYPTED!!!

TO DECRYPT, FOLLOW THE INSTRUCTIONS:

To recover data you need decrypt tool.
To get the decrypt tool you should:

  1. In the letter include your personal ID! Send me this ID in your first email to me!

  2. We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!

  3. After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool!

  4. We can decrypt few files in quality the evidence that we have the decoder.

Now this all sounds nice and everything, but this infection was released quite some time ago. Therefore, it might not be possible to receive the decryption key even if you were to contact these criminals. Either way, you should never do that.

Please remove Ox4444 Ransomware from your computer right now. You can do it either manually or automatically with a reliable antispyware tool. To restore your files, look for a public decryption tool. If there is none available, check out other recovery options. In case you have a file backup on an external drive, delete the encrypted files, and transfer the healthy copies of your data into your computer.

How to Remove Ox4444 Ransomware

  1. Press Ctrl+Shift+Esc and open Task Manager.
  2. Open the Processes tab and highlight suspicious processes.
  3. Press the End Process button and close Task Manager.
  4. Delete the malicious launched file and press Win+R.
  5. Type %LocalAppData% into the Open box and click OK.
  6. Remove the malicious executable file (could be svhost.exe).
  7. Press Win+R and type regedit. Click OK.
  8. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  9. On the right side, right-click the BrowserUpdateCheck value and select to delete it.

In non-techie terms:

Ox4444 Ransomware may not be the worst ransomware infection out there, but it can still stop you from running your system properly. This program will encrypt your files, and then it will ask you to pay for the decryption. Paying is never an option. You should use the instructions above to terminate Ox4444 Ransomware for good. Also, employ all the measures possible to protect your system and your personal data from similar intruders in the future.