Deos Ransomware Removal Guide

Do you know what Deos Ransomware is?

If you do not have an anti-malware program to protect your PC, then you might fall victim to a cyber attack and your PC can become infected with Deos Ransomware, a program that was designed to lock your computer’s screen and, thus, prevent you from using it. Once the screen is locked, this program will demand you pay a ransom to unlock it. However, the good news is that you can avoid paying the ransom and remove this program free of charge. In this short article, we will discuss how this program works, how it is distributed, and how you can delete it from your PC.

This ransomware was discovered only recently. We have received information that Deos Ransomware was first spotted on May 5, 2017. Our malware analysts believe that this ransomware should be disseminated through malicious emails. The emails should be sent from a dedicated email server to random or pre-selected email addresses. The email can be disguised as something interesting or requiring immediate attention such as a tax return form, receipt or invoice. The fake emails can contain a link that downloads this ransomware. Nevertheless, the emails can also feature some sort of file to download Deos Ransomware secretly. For example, the attached file might be a WSF (Windows Script File) that is executed through Windows Script Host or a .VBS file that runs malicious script when launched and download this ransomware secretly to a hidden location. The sample tested by our developers was named Locker.exe with a file size of 114688. The MD5 of this file is 565eeb45c776d2a17a10581931159c08. Now let us move on to how this ransomware works.

When this ransomware enters a computer, it locks its screen immediately as it renders a full-screen window that states that all of your files have been encrypted. Furthermore, it drops a file in Startup directory, to execute it every time PC starts. Furthermore, it executes a command "shutdown -a" so that you would not be able to shutdown it. The lock screen does not go away, and you cannot use your PC. However, the good news is that, contrary to what the program says, Deos Ransomware cannot encrypt your files. Our malware analysts have found that this ransomware features Boolean algebra's (XOR) function used to encrypt files. The ransomware enumerates all files in %USERPROFILE%\Desktop, %APPDATA%, %USERPROFILE%\Documents, %USERPROFILE%\Music, %USERPROFILE%\Pictures, %USERPROFILE%\Videos, and %TEMP%.

However, research has shown that this ransomware does not execute this function and, thus, it does not encrypt any files. Furthermore, there is no additional function for appending the encrypted files with a custom file extension. Nevertheless, we have received information that later versions might start encrypting files with file extensions such as .txt, .html, .zip, and .rar. Researchers say that this particular program was written in Net framework and it seems that this program has not been fully completed yet. It will evolve and get progressively more dangerous.

In closing, Deos Ransomware is one malicious piece of programming that you must remove to keep your PC out of harm’s ways and use it as normal. To delete this program’s files, you must first boot your PC in Safe Mode (preferably Safe Mode with Networking to have Internet access). When you boot the PC in Safe Mode, this program will not run, and you will be able to go to its location and delete all of this ransomware’s files. Alternatively, you can download and Install SpyHunter to get rid of this ransomware for you.

Boot the PC in Safe Mode with Networking

Windows 10/8.1/8

  1. Press the Windows Key.
  2. Type Change advanced startup options in the search window and press Enter.
  3. Under the Recovery tab, select the Restart now option under Advanced startup.
  4. Select Troubleshoot.
  5. Select Advanced options and go to Startup Settings.
  6. Click the Restart button.
  7. Select Enable Safe Mode with Networking by pressing 5.

Windows 7/Vista

  1. Click the Start button click the arrow next to the Shut Down button, and then click Restart.
  2. Press and hold the F8 key as your computer restarts.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.
  4. Log on to your computer with a user account that has administrator rights.

Windows XP

  1. Click the Start button and then click Restart.
  2. Press and hold the F8 key as your computer restarts.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.
  4. Log on to your computer.

Delete Deos Ransomware manually

  1. Press Windows+E keys.
  2. Enter the following file paths and press Enter.
    • %ALLUSERSPROFILE%\Start Menu\Programs\
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\
  3. Right-click suspicious-looking files and click Delete.

In non-techie terms:

Deos Ransomware is nothing more than a highly malicious program that was intended to encrypt your files. However, the version we have tested only manages to lock the screen. While it has a function to encrypt your files, it does not execute it. This is good news because you can remove this ransomware and not suffer the consequences of losing your files. Please use our comprehensive guide on how to boot your PC in Safe Mode and eradicate this malware.