MALLOX Ransomware (.mallox Files) — How to remove virus?

Written by Brendan Smith

Mallox virus is a ransomware that belongs to the eponymous ransomware family. Our analysts team detected and tested it recently after finding the sample on VirusTotal. This particular malware tries to encrypt all data found on the user’s PC, including a wide range of file types such as photos, documents, excel tables, music, videos, and more. Each file is appended with .mallox extension, and RECOVERY INFORMATION.txt files are generated in every folder that contains encrypted files.

The Mallox virus poses a severe threat to computer systems as it operates as a highly destructive ransomware. When it infiltrates a user’s PC, it initiates an encryption process that renders files inaccessible. This encryption procedure affects a diverse array of file types, including photos, documents, excel tables, music, videos, and more.

To identify the encrypted files, the Mallox ransomware appends a .mallox extension to each one, serving as an indicator of encryption. Accessing these files without the corresponding decryption key becomes impossible. Furthermore, the malware generates a file named “RECOVERY INFORMATION.txt” in every folder containing encrypted files. Additionally, it adds one such text file to the user directory root and another to the desktop. Typically, these text files contain instructions or demands from the attackers, specifying the ransom amount required to regain access to the encrypted data.

If you suspect that your system has been infected by the Mallox virus or any other form of ransomware, it is imperative to employ reputable antivirus software to mitigate the damage and potentially recover your files. Regularly backing up your essential data to offline or cloud storage solutions can also significantly minimize the impact of ransomware attacks.

GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
When we talk about the intrusion of unfamiliar programs into your computer’s work, the proverb “Forewarned is forearmed” describes the situation as accurately as possible. Gridinsoft Anti-Malware is exactly the tool that is always useful to have in your armory: fast, efficient, up-to-date. It is appropriate to use it as an emergency help at the slightest suspicion of infection.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

Mallox Virus

☝️ Mallox can be correctly identify as a ransomware infection.

Mallox adds its specific “.mallox” extension to the name of every file. For example, your photo named as “my_photo.jpeg” will be transformed into “my_photo.jpeg.mallox“, report in Excel tables named “report.xlsx” – to “report.xlsx.mallox“, and so on.

RECOVERY INFORMATION.txt file, which can be found in every folder that contains the encrypted files, is a ransom money note. Inside of it, you can find information about ways of contacting Mallox ransomware developers, and some other info. This decryption tool is created by ransomware developers, and can be obtained through the email, contacting mallox.israel@mailfence.com, mallox@tutanota.com, recohelper@cock.li.

Here is a summary for the Mallox:
NameMallox Virus
Extension.mallox
Ransomware noteRECOVERY INFORMATION.txt
Contactmallox.israel@mailfence.com, mallox@tutanota.com, recohelper@cock.li
DetectionTrojan:Win32/Raccrypt.GE!MTB, Trojan:Win32/Raccrypt.GD!MTB, Win32/Kryptik_AGen.HB
SymptomsYour files (photos, videos, documents) have a .mallox extension and you can’t open it.
Fix ToolSee If Your System Has Been Affected by Mallox virus

The RECOVERY INFORMATION.txt file by the Mallox ransomware states the following frustrating information:

YOUR FILES ARE ENCRYPTED !!!

TO DECRYPT, FOLLOW THE INSTRUCTIONS:

To recover data you need decrypt tool.

To get the decrypt tool you should:

1.In the letter include your personal ID! Send me this ID in your first email to me!
2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files!
3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool!
4.We can decrypt few files in quality the evidence that we have the decoder.


CONTACT US:
mallox.israel@mailfence.com
mallox@tutanota.com

YOUR PERSONAL ID: 0F0046515E0E

The image below gives a clear vision of how the files with “.mallox” extension look like:

Mallox Virus - encrypted .mallox files

Example of encrypted .mallox files

How did I get Mallox ransomware on my computer?

That was a huge number of different ways of ransomware injection.

However, nowadays there are only two ways of Mallox injection – email spam and trojans. You may see a lot of messages on your email, stating that you need to pay different bills or to get your parcel from the local FedEx department. But all such messages are sent from unknown email addresses, not from familiar official emails of these companies. All such letters contain the attached file, which is used as a ransomware carrier. If you open this file – your system will get infected by Mallox.

In case of trojans presence, you will receive an offer to download and install ransomware on your PC under the guise of something legit. This may be a Chrome update, or a patch for the software you have on your disk. Sometimes, trojan viruses can hide as legit programs, and a ransomware payload will arrive as an update for this program. In rare cases, malware tries to squeeze in as an add-on package to a legitimate program, and will start the encryption once you will install it.

There is also the third way of ransomware injection, however, it becomes less and less popular day-to-day. I am talking about peering networks, such as torrents or eMule. No one can control which files are packed in the seeding, so you can discover a huge pack of different malware after downloading. If circumstances force you to download something from peering networks – scan every downloaded folder or archive with antivirus software.

How to remove Mallox virus?

In addition to encode a victim’s files, the Mallox virus has also started to install the Azorult Spyware on system to steal account credentials, cryptocurrency wallets, desktop files, and more.

To ensure the user that ransomware distributors really have the decryption tool, they may offer to decrypt several encrypted files. And they are the single owners of this decryption program: Mallox ransomware is a completely new type, so there is no legit program from anti-malware vendors, which can decrypt your files. But such a situation is in momentum, as decryption tools are updating every month.

However, paying the ransom is a bad decision, too. There is no guarantee that Mallox ransomware developers will send you the decryption tool and a proper decryption key. And there are a lot of cases when ransomware distributors deceived their victims, sending the wrong key or even nothing. In the majority of cases, there is a way to recover your files for free. Search for available backups, and restore your system using it. Of course, there is a chance that the backup you found is too old, and does not contain a lot of files you need. But, at least you will be sure that there is no malware in your system. However, to ensure that there are no malicious programs in your system after the backup, you need to scan your PC with anti-malware software.

Mallox ransomware is not unique. There are more ransomware of this type: Nope, Robm, Luez. These examples of ransomware act in a similar way: encrypting your files, adding a specific extension, and leaving a great number of ransom money notes in every folder. But there are two things which make difference between these ransomware – cryptography algorithm, which is used for file encryption, and ransom amount. In some cases, victims are able to decrypt their files without any payments, just using free solutions produced by several anti-malware vendors.

Reasons why I would recommend GridinSoft1

There is no better way to recognize, remove and prevent ransomware than to use an anti-malware software from GridinSoft2.

Remove Mallox virus with Gridinsoft Anti-Malware

We have also been using this software on our systems ever since, and it has always been successful in detecting viruses. It has blocked the most common Ransomware as shown from our tests with the software, and we assure you that it can remove Mallox virus as well as other malware hiding on your computer.

Gridinsoft Anti-Malware - Main Screen

To use Gridinsoft for remove malicious threats, follow the steps below:

1. Begin by downloading Gridinsoft Anti-Malware, accessible via the blue button below or directly from the official website gridinsoft.com.

2.Once the Gridinsoft setup file (setup-gridinsoft-fix.exe) is downloaded, execute it by clicking on the file.

setup-gridinsoft-fix.exe

3.Follow the installation setup wizard's instructions diligently.

Gridinsoft Setup Wizard

4. Access the "Scan Tab" on the application's start screen and launch a comprehensive "Full Scan" to examine your entire computer. This inclusive scan encompasses the memory, startup items, the registry, services, drivers, and all files, ensuring that it detects malware hidden in all possible locations.

Scan for Mallox virus Ransomware

Be patient, as the scan duration depends on the number of files and your computer's hardware capabilities. Use this time to relax or attend to other tasks.

5. Upon completion, Anti-Malware will present a detailed report containing all the detected malicious items and threats on your PC.

The Mallox virus was Found

6. Select all the identified items from the report and confidently click the "Clean Now" button. This action will safely remove the malicious files from your computer, transferring them to the secure quarantine zone of the anti-malware program to prevent any further harmful actions.

The Mallox virus has been removed

8. If prompted, restart your computer to finalize the full system scan procedure. This step is crucial to ensure thorough removal of any remaining threats. After the restart, Gridinsoft Anti-Malware will open and display a message confirming the completion of the scan.

Remember Gridinsoft offers a 6-day free trial. This means you can take advantage of the trial period at no cost to experience the full benefits of the software and prevent any future malware infections on your system. Embrace this opportunity to fortify your computer's security without any financial commitment.

Trojan Killer for “Mallox virus” removal on locked PC

In situations where it becomes impossible to download antivirus applications directly onto the infected computer due to malware blocking access to websites, an alternative solution is to utilize the Trojan Killer application.

Trojan Killer - Main View

There is a really little number of security tools that are able to be set up on the USB drives, and antiviruses that can do so in most cases require to obtain quite an expensive license. For this instance, I can recommend you to use another solution of GridinSoft - Trojan Killer Portable. It has a 14-days cost-free trial mode that offers the entire features of the paid version. This term will definitely be 100% enough to wipe malware out.

Trojan Killer is a valuable tool in your cybersecurity arsenal, helping you to effectively remove malware from infected computers. Now, we will walk you through the process of using Trojan Killer from a USB flash drive to scan and remove malware on an infected PC. Remember, always obtain permission to scan and remove malware from a computer that you do not own.

Step 1: Download & Install Trojan Killer on a Clean Computer:

1. Go to the official GridinSoft website (gridinsoft.com) and download Trojan Killer to a computer that is not infected.

Download Trojan Killer

2. Insert a USB flash drive into this computer.

3. Install Trojan Killer to the "removable drive" following the on-screen instructions.

Install Trojan Killer to Removable Drive

4. Once the installation is complete, launch Trojan Killer.

Step 2: Update Signature Databases:

5. After launching Trojan Killer, ensure that your computer is connected to the Internet.

6. Click "Update" icon to download the latest signature databases, which will ensure the tool can detect the most recent threats.

Click Update Button

Step 3: Scan the Infected PC:

7. Safely eject the USB flash drive from the clean computer.

8. Boot the infected computer to the Safe Mode.

9. Insert the USB flash drive.

10. Run tk.exe

11. Once the program is open, click on "Full Scan" to begin the malware scanning process.

Searching Mallox virus Virus

Step 4: Remove Found Threats:

12. After the scan is complete, Trojan Killer will display a list of detected threats.

Searching Mallox virus Finished

13. Click on "Cure PC!" to remove the identified malware from the infected PC.

14. Follow any additional on-screen prompts to complete the removal process.

Restart needed

Step 5: Restart Your Computer:

15. Once the threats are removed, click on "Restart PC" to reboot your computer.

16. Remove the USB flash drive from the infected computer.

Congratulations on effectively removing Mallox virus and the concealed threats from your computer! You can now have peace of mind, knowing that they won't resurface again. Thanks to Gridinsoft's capabilities and commitment to cybersecurity, your system is now protected.

Frequently Asked Questions

How can I open “.mallox” files?

No way. These files are encrypted by Mallox ransomware. The contents of .mallox files are not available until they are decrypted.

🤔 Mallox files contain important information. How can I decrypt them urgently?

If your data remained in the .mallox files are very valuable, then most likely you made a backup copy.
If not, then you can try to restore them through the system function – Restore Point. All other methods will require patience.

🤔 You have advised using GridinSoft Anti-Malware to remove Mallox. Does this mean that the program will delete my encrypted files?

Of course not. Your encrypted files do not pose a threat to the computer. What happened has already happened.

You need GridinSoft Anti-Malware to remove active system infections. The virus that encrypted your files is most likely still active and periodically runs a test for the ability to encrypt even more files. Also, these viruses install keyloggers and backdoors for further malicious actions (for example, theft of passwords, credit cards) often.

🤔 Mallox virus has blocked infected PC: I can’t get the activation code.

In this situation, you need to prepare the memory stick with a pre-installed Trojan Killer.

🤔 What can I do right now?

You can try to find a copy of an original file that was encrypted:

  • Files you downloaded from the Internet that were encrypted and you can download again to get the original.
  • Pictures that you shared with family and friends that they can just send back to you.
  • Photos that you uploaded on social media or cloud services like Carbonite, OneDrive, iDrive, Google Drive, etc)
  • Attachments in emails you sent or received and saved.
  • Files on an older computer, flash drive, external drive, camera memory card, or iPhone where you transferred data to the infected computer.

How сan I avoid ransomware attack?

Mallox ransomware doesn’t have a superpower.

You can easily protect yourself from its injection in several easy steps :

  • Ignore all emails from unknown mailboxes with a strange unknown address, or with content that has likely no connection to something you are waiting for (can you win in a lottery without taking part in it?). If the email subject is likely something you are waiting for, check carefully all elements of the suspicious letter. A fake email will surely contain a mistake.
  • Do not use cracked or untrusted programs. Trojans are often distributed as a part of cracked software, possibly under the guise of “patch” which prevents the license check. But untrusted programs are very hard to distinguish from trustworthy software, because trojans may also have the functionality you need. You can try to find information about this program on the anti-malware forums, but the best solution is not to use such programs.
  • And to be sure about the safety of the files you downloaded, use GridinSoft Anti-Malware. This program will surely be a perfect shield for your personal computer.

I need your help to share this article.

It is your turn to help other people. I have written this article to help users like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan Smith
How to Remove MALLOX Ransomware & Recover PC

Name: MALLOX Virus

Description: MALLOX Virus is a ransomware that primarily aims at infecting corporate networks. This malware appends a .mallox extension to every file it can reach. In particular, Mallox ransomware aims for MS Office documents, videos, photos, Photoshop projects, and files of software-specific formats. Hackers invite their victims to negotiate on ransom sums at their Darknet website.

Operating System: Windows

Application Category: Virus

Sending
User Review
4.67 (12 votes)
Comments Rating 0 (0 reviews)

References

  1. GridinSoft Anti-Malware Review from HowToFix site: https://howtofix.guide/gridinsoft-anti-malware/
  2. More information about GridinSoft products: https://gridinsoft.com/comparison

About the author

Brendan Smith

I'm Brendan Smith, a passionate journalist, researcher, and web content developer. With a keen interest in computer technology and security, I specialize in delivering high-quality content that educates and empowers readers in navigating the digital landscape.

With a focus on computer technology and security, I am committed to sharing my knowledge and insights to help individuals and organizations protect themselves in the digital age. My expertise in cybersecurity principles, data privacy, and best practices allows me to provide practical tips and advice that readers can implement to enhance their online security.

One Response

  1. Darlan December 16, 2023

Leave a Reply

Sending