How to Remove Moka File Virus

How to Remove Moka Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

ATTENTION!

Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e- mail:

Reserve e-mail address to contact us:

Our Telegram account:

Your personal ID:


Moka
is a ransomware menace. It’s a variant of the dreadful STOP (DJVU) family. The infection slithers into your system, via slyness and finesse. Then, spreads corruption throughout. The ransomware takes your data hostage. It uses encryption algorithms to lock every file, you keep on your computer. It, then, proceeds to extort you for monetary gain. Let’s elaborate. Moka seizes control of your data by applying the ‘.moka‘ extension. Say, you have a picture called ‘sun.jpg.’ Well, after the cyber threat gets done with it, it becomes ‘sun.jpg.moka.’ After the extension is in place, that’s it. You can no longer access any of your files. And, the only way to change that, is compliance. The Moka menace makes that abundantly clear, in the ransom note it leaves you. It’s a ‘_readme.txt‘ file, you can find on your Desktop. As well as, in each folder that has locked files. Open it, and it’s pretty standard. It clues you into your predicament, and gives you one way out. It claims that, if you wish to free your files, you have to pay a ransom. Then, once you pay the money, the extortionists will send you the key you need. Apply said decryption key, and your data gets unlocked. Or, so they claim. Ask yourself the following. Can you trust the words of cyber criminals? Strangers, who kidnap your files, and extort you for their release? To trust these individuals is a mistake. Don’t make it.

How did I get infected with?

How do you imagine Moka slithered into your PC? Well, you have your carelessness to blame for its invasion. Let’s explain. These infections use the old but gold methods to invade. They hide behind corrupted links, sites or torrents. They pose as fake updates. And, of course, they use freeware and spam emails. You get an email, one day, that urges you to click a link, or download an attachment. If you do, you end up with the Moka tool. Caution helps you to avoid that, which is why the infection preys on carelessness. Its successful infiltration relies on it. The cyber menace needs you to skip doing due diligence, and give into naivety. To rush, ad leave your fate to chance. Why would you oblige? Don’t choose carelessness over caution. One helps you to spot infections, attempting to slip past you. It helps you keep them out. And, the other has the opposite outcome. So, make the right choice. Take the time to be thorough. And, if the Moka’s success rests on your distraction, haste, and naivety, don’t provide them.

Remove Moka

Why is Moka dangerous?

Moka requests payment of $980 for the key that unlocks your data. And, even promises a discount. Supposedly, if “you contact us first 72 hours, the price for you is $490.” Or, so it says in the ransom note. Don’t fall for its trickery. That’s all it is. The Moka menace spins a web of lies, and hopes you fall in it. Don’t oblige. Understand that compliance is futile. The cyber kidnappers and the ransom note, try to convince you otherwise. Don’t buy into the lie. Even if you follow the extortionists’ demands to the letter, it guarantees you nothing. Think about your options. Say, you choose to gamble, and pay up. What happens next? After you transfer the requested sum, you await to receive the key. Right? The decryption key, which the cyber criminals promised to send you, after you pay the ransom. Well, what if they don’t send it? Or, what if they send one that doesn’t work? These are valid possibilities. And, even if you do get a key that works, don’t celebrate just yet. The ransom pays for the decryption key, which removes the encryption. The infection, that encrypted your data, remains. That means, that Moka is free to strike again. And, it can do so, a day, an hour or a mere minute, after you free your files. Then, you’re back to square one, only you have less money now. Don’t waste your tome, energy and money, dealing with these people. It’s futile, and it costs you. Put your faith in backups, and cloud storage.

Moka Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Moka Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Moka encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Moka encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment