Remove CryptoMix Ransomware (.code File Virus)

How to Remove CryptoMix Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

NOT YOUR LANGUAGE? USE hxxps://translate.google.com

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: hxxp://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen?
!!! Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our Secret Server

What do I do? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW!, and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

For more specific instructions:
Contact us by email only, send us email along with your ID number and wait for further instructions. Our specialist will contact you within 12 hours.
For you to be sure, that we can decrypt your files – you can send us a single encrypted file and we will send you back in a decrypted form. This will be your guarantee.
E-EMAIL1: xoomx_@_dr.com
E-MAIL2: xoomx_@_usa.com
YOUR_ID:


CryptoMix
is yet another infection, part of the ransomware family. It’s a plague, like all tools of its kind. CryptoMix tricks you into granting it access. And, then makes you regret your carelessness. Once it sneaks in, it encrypts everything with а RSA-2048 algorithm. After it’s done, everything you have on your computer, is inaccessible. Your files get locked. Your pictures, music, videos, documents, everything is beyond your reach. Once CryptoMix gets a hold of your data, it displays a note. It explains your predicament, and contains what’s expected of you. It’s pretty standard. It states how you’re stuck with a ransomware infection. How your data is now encrypted. How you have to pay a ransom for its decryption. And, it makes it seem normal. It appears like a straightforward exchange, doesn’t it? An infection sneaks in, and locks your data. Then, it demands you pay up, if you wish to free it. Well, it’s not as simple as you may think. To pay the ransom is a colossal mistake. Do NOT do it! If you don’t pay the cyber kidnappers, you lose your data. And, that’s not pleasant. But, here’s the thing. If you do pay, you lose your privacy. So, ask yourself the following. What’s worth to you more – pictures or privacy? One is replaceable. The other is not. Make your decision, and act upon it. But make the right one. There are consequences either way. Pick the lesser evil.

How did I get infected with?

CryptoMix preys on your carelessness to invade. It manages to trick you into allowing it in. Yes, you allow it in. Tools like it have to ask for your permission on their installment. And, they can enter only after receiving it. So, if you don’t agree to let them into your system, no admittance. That’s why caution is crucial. The tool doesn’t ask you out in the open. It does it in the sneakiest way possible. And, if you’re vigilant enough to spot it in its attempts, you may prevent it. If not, you’re stuck reading articles like this one. Ransomware tools slither in with the old but gold means of infiltration. They can hitch a ride with spam email attachments or corrupted links. Hide behind freeware. They can also pretend to be false updates. Like, Java. For example, you’re led to believe you’re updating your Java, while you’re NOT. In reality, you’re giving the green light to a cyber menace. If you wish to avoid that, be extra vigilant! Always take your time to read the terms and conditions. Do your due diligence. Infections prey on distraction, haste, and gullibility, and so does CryptoMix. Don’t grant them.

remove CryptoMix

Why is CryptoMix dangerous?

All of your files were protected by a strong encryption with RSA-2048.” That’s part of the message you receive upon the encryption’s completion. CryptoMix displays it after it takes over your data. And, as was mentioned, it locks EVERYTHING. The ransomware targets the staggering 862 types of files. So, every single one you keep on your PC, falls victim to the infection. To solidify its keep, it adds the “.code” extension at the end of each file. So, by the time it’s done, all your data has that particular extension. Imagine you have a video called ‘summer.’ After CryptoMix, you’ll find it as ‘summer.code.’ And, after that, you can longer open your files. Moving or renaming them does nothing. The only way to free yourself of CryptoMix’s clutches is with a decryption key. But, to get it, you have to pay up. The program demands you transfer 5 Bitcoin to a shady account. In case, you don’t know, that amounts to about $2200 US Dollars. So, it’s no small sum. And, just to incentivize you to pay ASAP, CryptoMix states that it doubles after 24 hours pass. You’re supposed to contact one of two emails, which the ransomware gives you. Either xoomx[@]dr.com or xoomx[@]usa.com. Once you contact the kidnappers, you receive a link and a password to a One Time Secret service website. There, you and the extortionists behind CryptoMix, communicate. During this back and forth, these people even try to convince you that if you pay, you contribute to charity. Yes, charity. They claim that the profit they make off of victims, gets used for “a good cause.” But, here’s the thing. The infection offers promises, and lots of them. But no guarantees. Zero. You can’t even be sure that it will send you the decryption key you need. It can send you the wrong, or choose not to send you one at all. And, even if it does go through with it, and you receive the right key, what then? You free your files, but for how long? After all, the decryption key takes care of the encryption. The ransomware is still somewhere on your computer. And, it’s free to strike again at any given moment. So, how long do you suppose you’ll have your files free before you get back to square one? And, even if all that doesn’t bother you, here’s what should truly worry you. If you make the horrendous choice to go through with the ransom payment, you open a door. You open the door to your privacy. You give access to your personal and financial details to strangers. Cyber criminals can steal your information, and use it for their benefit. So, ask yourself. Is your data worth that? Is it worth opening a door you cannot close afterwords?

CryptoMix Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover CryptoMix Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with CryptoMix encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate CryptoMix encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment