Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Xzzx Ransomware

If you have found your files with a new extension .xzzx, this must be a sign that Xzzx Ransomware has affected your computer and made changes on it. This infection is a new version of CryptoMix Ransomware, but it is definitely not as prevalent as the original version of this ransomware infection yet because it was spotted in the wild only a weeks ago (November 27, 2017) by our malware researchers. Everything might change soon, i.e. it does not mean that you cannot find this malicious application on your computer if it is not very prevalent yet. It will be too late for prevention if Xzzx Ransomware ever shows up on your computer, so you should be more careful from now on. First of all, our specialists recommend staying away from spam emails and their attachments because these infections are usually distributed as ordinary documents or other harmless files. What is more, they say that users will never discover malicious software on their computers if they have reputable security software installed on their computers. Of course, you cannot turn the clock back and be more cautious, so if you have encountered Xzzx Ransomware, you will simply need to delete it from your system. If you do nothing after discovering your files with a new extension, it will stay active (it creates entries in the Run registry key) and will definitely not miss an opportunity to lock new files you create/download. Usually, it is not very easy to remove ransomware infections. Unfortunately, the same can be said about the Xzzx Ransomware removal too.

Xzzx Ransomware is one of the newest ransomware infections our specialists have detected, and it is, without a doubt, a new version of CryptoMix Ransomware. Because of this, it was quite easy to find out how it acts on victim’s computers. Research has shown that it also goes to lock users’ personal files the first thing. Victims’ pictures, documents, text files, and other valuable data are locked using a strong encryption algorithm, and all these affected files are marked using the .xzzx extension. Their names are changed to 32 random characters as well, so it is impossible to say how these original files look like. Xzzx Ransomware also drops a ransom note _HELP_INSTRUCTION.txt on victims’ computers, but it does not tell them much about the decryption of files. Users only find out that they need to write an email address to crooks to get more information. You can write an email to one of the provided email addresses (xzzx@tuta.io, xzzx1@protonmail.com, xzzx10@yandex.com, or xzzx101@yandex.com) if you want to, but we can assure you that you will be told to pay a ransom. Most likely, the price will be set depending on the importance of the encrypted data. No matter the decryptor is cheap or expensive, you should not purchase it from cyber criminals. You should not send money to them because you might not get anything from them and, in this case, you could not do anything to get your money back. We cannot promise to you that you could unlock your files without the special decryptor, but there is a tiny possibility that free software for decrypting files will be developed one day and you could download it from the web freely, so do not delete those files with .xzzx from your computer – you might be able to decrypt them one day in the future.

Before we talk about the Xzzx Ransomware removal, let’s talk about changes it applies when it infiltrates computers. As you already know, it goes to encrypt users’ files right away, but it is definitely not the only modification it makes on these affected computers. Research has shown that it also creates its entries in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce. Additionally, it places two files in %ALLUSERSPROFILE% and %ALLUSERSPROFILE%\Application Data. Because of this, it might be slightly harder to erase it, but we are still 99% sure that you will successfully erase it with our help.

You can find manual removal instructions below this article. You should use them if you decide to delete Xzzx Ransomware manually from your computer because it is very important not to leave any malicious components representing the ransomware infection active on the system. Do not worry if you are not a very experienced user because it is also possible to erase malware automatically. You just need to download a reputable scanner from the web to do this. Unfortunately, it could not unlock any of your encrypted files either.

Xzzx Ransomware removal guide

  1. Launch Run by tapping Win+R on your keyboard.
  2. Type regedit.exe in the box and press Enter on your keyboard.
  3. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  4. Find a Value representing Xzzx Ransomware and delete it (it might have a random name).
  5. Remove BC0EBCF2F2 from the same registry key.
  6. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  7. Delete *BC0EBCF2F2.
  8. Close Registry Editor and launch Windows Explorer.
  9. Go to %ALLUSERSPROFILE% and delete BC0EBCF2F2.exe.
  10. Remove BC0EBCF2F2.exe from the %ALLUSERSPROFILE%\Application Data directory.
  11. Remove _HELP_INSTRUCTION.TXT from Desktop.
  12. Empty Trash to delete all ransomware components permanently.
Download Spyware Removal Tool to Remove* Xzzx Ransomware
  • Quick & tested solution for Xzzx Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.