Mole Virus File Removal (+File Recovery)

How to Remove Mole Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

All your important files were encrypted on this computer.
You can verify this by click on see files an try open them.
Encryption was produced using unique public key RSA-1024 generated for this computer.
To decrypted files, you need to obtain private key.
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet.
The server will destroy the key within 78 hours after encryption completed.
To retrieve the private key, you need to Contact us by email , send us an email your DECRYPT-ID-0ec69ed5-3c99-40f8-8544-0c7653dcd3e5 number
and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a single encrypted file and we will send you back it in a decrypted form.
Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!
E-MAILS ADRESS:
oceanm@engineer.com
oceanm@india.com


Are your files now renamed? If they have a bizarre .mole extension added to them, that’s bad news. Such an appendix is a crystal clear sign that a ransomware-type virus has modified your data. To begin with, do you keep important information on your machine? Most PC users do. However, what many of them fail to do is keep backups of their files. We strongly recommend that you have copies of your most precious, valuable files. This could save you quite a headache later on. As mentioned, your data is now renamed because you have a virus on board. And not just any virus. Ransomware is considered to be among the most destructive, aggressive and harmful kinds of malware. Some researchers even go so far as to say this is the worst type of infection online. To put it mildly, you’ve downloaded quite a pest. The ransomware gets activated immediately after it lands on board. It all starts with a thorough computer scan. Your machine is being scanned so the virus could locate your files. What ransomware searches for, it always finds. This program targets your personal data. Pictures, videos, presentations, music files, various documents. You see, every single bit of data stored on your machine falls victim to the parasite. This pest goes after a huge variety of file formats. Its goal is to create about as big of a mess as possible. After its scan, the virus uses the RSA-1024 algorithm to lock your data. How can you tell whether the encryption process has ended? If you notice the .mole extension, that is it. Seeing this extension meats you’re no longer able to open/use your information. Ransomware denies you access to your own data. It also makes sure that it locks the most popular file formats. That is because ransomware is nothing but a nasty attempt for a scam. The infection encrypts your data because it’s about to demand money from you. In other words, hackers are trying to trick you into paying for a unique decryption key. Some people would give into their despair and anxiety. That’s how they get blackmailed. While locking your data, the ransomware drops INSTRUCTION_FOR_HELPING_FILE_RECOVERY.txt files. These ransom notes are filled with bogus threats and empty lies. No wonder people fall into hackers’ trap. In order not to lose money, please keep on reading.

How did I get infected with?

Ransomware uses the same infiltration methods all other infections do. It may be a particularly dangerous sort of virus but it still needs to get properly installed beforehand. How does this pest travel the Web? In silence. As nobody would download such a virus on purpose, hackers rely on deceit. For example, they often attach the infection to a fake email or message. You do the rest by clicking the bogus message/email-attachment open. If you receive some suspicious-looking job applications, delete them. It is much more problematic to remove malware than to prevent installation in the first place. Hence, take care of your computer beforehand. Unless you personally know their senders, avoid random emails and messages in social media. Do yourself a favor and pay attention. Ransomware also gets spread online via corrupted program updates, third-party pop-ups or exploit kits. It might use some help from a Trojan horse as well. It is definitely worth it to check your machine for more infections. The ransomware could be having some malicious company. Last but not least, stay away from illegitimate websites in the future. Those could turn out to be infested with potential parasites. Also, keep an eye out for infections in the freeware/shareware bundles you install.

remove Mole

Why is Mole dangerous?

Hackers are aiming directly at your bank account. Unlike some other types of infections that use subtle tactics, ransomware is straightforward. It encrypts all your personal files and demands that you pay a ransom. On theory, paying would guarantee you a decryptor. However, on practice, things aren’t that good. If hackers promise a decryption tool, that is only to trick you into paying. They were never really interested in helping you free your data. What crooks are very interested in is stealing your Bitcoins. Instead of becoming hackers’ sponsor, restrain yourself from paying. Following their instructions  guarantees you nothing. Stay away from the oceanm@engineer.com and oceanm@india.com email addresses provided by the virus. Those would contact you with hackers which cannot possibly end well for you. To delete the ransomware manually, please follow our detailed removal guide. You will find it down below.

Mole Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Mole Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Mole encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Mole encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment