Mallox virus is a ransomware that belongs to the eponymous ransomware family. Our analysts team detected and tested it recently after finding the sample on VirusTotal. This particular malware tries to encrypt all data found on the user’s PC, including a wide range of file types such as photos, documents, excel tables, music, videos, and more. Each file is appended with .mallox extension, and RECOVERY INFORMATION.txt files are generated in every folder that contains encrypted files.
The Mallox virus poses a severe threat to computer systems as it operates as a highly destructive ransomware. When it infiltrates a user’s PC, it initiates an encryption process that renders files inaccessible. This encryption procedure affects a diverse array of file types, including photos, documents, excel tables, music, videos, and more.
To identify the encrypted files, the Mallox ransomware appends a .mallox extension to each one, serving as an indicator of encryption. Accessing these files without the corresponding decryption key becomes impossible. Furthermore, the malware generates a file named “RECOVERY INFORMATION.txt” in every folder containing encrypted files. Additionally, it adds one such text file to the user directory root and another to the desktop. Typically, these text files contain instructions or demands from the attackers, specifying the ransom amount required to regain access to the encrypted data.
If you suspect that your system has been infected by the Mallox virus or any other form of ransomware, it is imperative to employ reputable antivirus software to mitigate the damage and potentially recover your files. Regularly backing up your essential data to offline or cloud storage solutions can also significantly minimize the impact of ransomware attacks.
Mallox Virus
☝️ Mallox can be correctly identify as a ransomware infection.
Mallox adds its specific “.mallox” extension to the name of every file. For example, your photo named as “my_photo.jpeg” will be transformed into “my_photo.jpeg.mallox“, report in Excel tables named “report.xlsx” – to “report.xlsx.mallox“, and so on.
RECOVERY INFORMATION.txt file, which can be found in every folder that contains the encrypted files, is a ransom money note. Inside of it, you can find information about ways of contacting Mallox ransomware developers, and some other info. This decryption tool is created by ransomware developers, and can be obtained through the email, contacting mallox.israel@mailfence.com, mallox@tutanota.com, recohelper@cock.li.
Here is a summary for the Mallox:
Name | Mallox Virus |
Extension | .mallox |
Ransomware note | RECOVERY INFORMATION.txt |
Contact | mallox.israel@mailfence.com, mallox@tutanota.com, recohelper@cock.li |
Detection | Trojan:Win32/Raccrypt.GE!MTB, Trojan:Win32/Raccrypt.GD!MTB, Win32/Kryptik_AGen.HB |
Symptoms | Your files (photos, videos, documents) have a .mallox extension and you can’t open it. |
Fix Tool | See If Your System Has Been Affected by Mallox virus |
The RECOVERY INFORMATION.txt file by the Mallox ransomware states the following frustrating information:
YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: mallox.israel@mailfence.com mallox@tutanota.com YOUR PERSONAL ID: 0F0046515E0E
The image below gives a clear vision of how the files with “.mallox” extension look like:
How did I get Mallox ransomware on my computer?
That was a huge number of different ways of ransomware injection.
However, nowadays there are only two ways of Mallox injection – email spam and trojans. You may see a lot of messages on your email, stating that you need to pay different bills or to get your parcel from the local FedEx department. But all such messages are sent from unknown email addresses, not from familiar official emails of these companies. All such letters contain the attached file, which is used as a ransomware carrier. If you open this file – your system will get infected by Mallox.
In case of trojans presence, you will receive an offer to download and install ransomware on your PC under the guise of something legit. This may be a Chrome update, or a patch for the software you have on your disk. Sometimes, trojan viruses can hide as legit programs, and a ransomware payload will arrive as an update for this program. In rare cases, malware tries to squeeze in as an add-on package to a legitimate program, and will start the encryption once you will install it.
There is also the third way of ransomware injection, however, it becomes less and less popular day-to-day. I am talking about peering networks, such as torrents or eMule. No one can control which files are packed in the seeding, so you can discover a huge pack of different malware after downloading. If circumstances force you to download something from peering networks – scan every downloaded folder or archive with antivirus software.
How to remove Mallox virus?
In addition to encode a victim’s files, the Mallox virus has also started to install the Azorult Spyware on system to steal account credentials, cryptocurrency wallets, desktop files, and more.
To ensure the user that ransomware distributors really have the decryption tool, they may offer to decrypt several encrypted files. And they are the single owners of this decryption program: Mallox ransomware is a completely new type, so there is no legit program from anti-malware vendors, which can decrypt your files. But such a situation is in momentum, as decryption tools are updating every month.
However, paying the ransom is a bad decision, too. There is no guarantee that Mallox ransomware developers will send you the decryption tool and a proper decryption key. And there are a lot of cases when ransomware distributors deceived their victims, sending the wrong key or even nothing. In the majority of cases, there is a way to recover your files for free. Search for available backups, and restore your system using it. Of course, there is a chance that the backup you found is too old, and does not contain a lot of files you need. But, at least you will be sure that there is no malware in your system. However, to ensure that there are no malicious programs in your system after the backup, you need to scan your PC with anti-malware software.
Mallox ransomware is not unique. There are more ransomware of this type: Nope, Robm, Luez. These examples of ransomware act in a similar way: encrypting your files, adding a specific extension, and leaving a great number of ransom money notes in every folder. But there are two things which make difference between these ransomware – cryptography algorithm, which is used for file encryption, and ransom amount. In some cases, victims are able to decrypt their files without any payments, just using free solutions produced by several anti-malware vendors.
Reasons why I would recommend GridinSoft1
There is no better way to recognize, remove and prevent ransomware than to use an anti-malware software from GridinSoft2.
Remove Mallox virus with Gridinsoft Anti-Malware
We have also been using this software on our systems ever since, and it has always been successful in detecting viruses. It has blocked the most common Ransomware as shown from our tests with the software, and we assure you that it can remove Mallox virus as well as other malware hiding on your computer.
To use Gridinsoft for remove malicious threats, follow the steps below:
1. Begin by downloading Gridinsoft Anti-Malware, accessible via the blue button below or directly from the official website gridinsoft.com.
2.Once the Gridinsoft setup file (setup-gridinsoft-fix.exe) is downloaded, execute it by clicking on the file.
3.Follow the installation setup wizard's instructions diligently.
4. Access the "Scan Tab" on the application's start screen and launch a comprehensive "Full Scan" to examine your entire computer. This inclusive scan encompasses the memory, startup items, the registry, services, drivers, and all files, ensuring that it detects malware hidden in all possible locations.
Be patient, as the scan duration depends on the number of files and your computer's hardware capabilities. Use this time to relax or attend to other tasks.
5. Upon completion, Anti-Malware will present a detailed report containing all the detected malicious items and threats on your PC.
6. Select all the identified items from the report and confidently click the "Clean Now" button. This action will safely remove the malicious files from your computer, transferring them to the secure quarantine zone of the anti-malware program to prevent any further harmful actions.
8. If prompted, restart your computer to finalize the full system scan procedure. This step is crucial to ensure thorough removal of any remaining threats. After the restart, Gridinsoft Anti-Malware will open and display a message confirming the completion of the scan.
Remember Gridinsoft offers a 6-day free trial. This means you can take advantage of the trial period at no cost to experience the full benefits of the software and prevent any future malware infections on your system. Embrace this opportunity to fortify your computer's security without any financial commitment.
Trojan Killer for “Mallox virus” removal on locked PC
In situations where it becomes impossible to download antivirus applications directly onto the infected computer due to malware blocking access to websites, an alternative solution is to utilize the Trojan Killer application.
There is a really little number of security tools that are able to be set up on the USB drives, and antiviruses that can do so in most cases require to obtain quite an expensive license. For this instance, I can recommend you to use another solution of GridinSoft - Trojan Killer Portable. It has a 14-days cost-free trial mode that offers the entire features of the paid version. This term will definitely be 100% enough to wipe malware out.
Trojan Killer is a valuable tool in your cybersecurity arsenal, helping you to effectively remove malware from infected computers. Now, we will walk you through the process of using Trojan Killer from a USB flash drive to scan and remove malware on an infected PC. Remember, always obtain permission to scan and remove malware from a computer that you do not own.
Step 1: Download & Install Trojan Killer on a Clean Computer:
1. Go to the official GridinSoft website (gridinsoft.com) and download Trojan Killer to a computer that is not infected.
2. Insert a USB flash drive into this computer.
3. Install Trojan Killer to the "removable drive" following the on-screen instructions.
4. Once the installation is complete, launch Trojan Killer.
Step 2: Update Signature Databases:
5. After launching Trojan Killer, ensure that your computer is connected to the Internet.
6. Click "Update" icon to download the latest signature databases, which will ensure the tool can detect the most recent threats.
Step 3: Scan the Infected PC:
7. Safely eject the USB flash drive from the clean computer.
8. Boot the infected computer to the Safe Mode.
9. Insert the USB flash drive.
10. Run tk.exe
11. Once the program is open, click on "Full Scan" to begin the malware scanning process.
Step 4: Remove Found Threats:
12. After the scan is complete, Trojan Killer will display a list of detected threats.
13. Click on "Cure PC!" to remove the identified malware from the infected PC.
14. Follow any additional on-screen prompts to complete the removal process.
Step 5: Restart Your Computer:
15. Once the threats are removed, click on "Restart PC" to reboot your computer.
16. Remove the USB flash drive from the infected computer.
Congratulations on effectively removing Mallox virus and the concealed threats from your computer! You can now have peace of mind, knowing that they won't resurface again. Thanks to Gridinsoft's capabilities and commitment to cybersecurity, your system is now protected.
Frequently Asked Questions
No way. These files are encrypted by Mallox ransomware. The contents of .mallox files are not available until they are decrypted.
If your data remained in the .mallox files are very valuable, then most likely you made a backup copy.
If not, then you can try to restore them through the system function – Restore Point. All other methods will require patience.
Of course not. Your encrypted files do not pose a threat to the computer. What happened has already happened.
You need GridinSoft Anti-Malware to remove active system infections. The virus that encrypted your files is most likely still active and periodically runs a test for the ability to encrypt even more files. Also, these viruses install keyloggers and backdoors for further malicious actions (for example, theft of passwords, credit cards) often.
In this situation, you need to prepare the memory stick with a pre-installed Trojan Killer.
You can try to find a copy of an original file that was encrypted:
- Files you downloaded from the Internet that were encrypted and you can download again to get the original.
- Pictures that you shared with family and friends that they can just send back to you.
- Photos that you uploaded on social media or cloud services like Carbonite, OneDrive, iDrive, Google Drive, etc)
- Attachments in emails you sent or received and saved.
- Files on an older computer, flash drive, external drive, camera memory card, or iPhone where you transferred data to the infected computer.
How сan I avoid ransomware attack?
Mallox ransomware doesn’t have a superpower.
You can easily protect yourself from its injection in several easy steps :
- Ignore all emails from unknown mailboxes with a strange unknown address, or with content that has likely no connection to something you are waiting for (can you win in a lottery without taking part in it?). If the email subject is likely something you are waiting for, check carefully all elements of the suspicious letter. A fake email will surely contain a mistake.
- Do not use cracked or untrusted programs. Trojans are often distributed as a part of cracked software, possibly under the guise of “patch” which prevents the license check. But untrusted programs are very hard to distinguish from trustworthy software, because trojans may also have the functionality you need. You can try to find information about this program on the anti-malware forums, but the best solution is not to use such programs.
- And to be sure about the safety of the files you downloaded, use GridinSoft Anti-Malware. This program will surely be a perfect shield for your personal computer.
I need your help to share this article.
It is your turn to help other people. I have written this article to help users like you. You can use the buttons below to share this on your favorite social media Facebook, Twitter, or Reddit.
Brendan SmithHow to Remove MALLOX Ransomware & Recover PC
Name: MALLOX Virus
Description: MALLOX Virus is a ransomware that primarily aims at infecting corporate networks. This malware appends a .mallox extension to every file it can reach. In particular, Mallox ransomware aims for MS Office documents, videos, photos, Photoshop projects, and files of software-specific formats. Hackers invite their victims to negotiate on ransom sums at their Darknet website.
Operating System: Windows
Application Category: Virus
User Review
( votes)( reviews)
References
- GridinSoft Anti-Malware Review from HowToFix site: https://howtofix.guide/gridinsoft-anti-malware/
- More information about GridinSoft products: https://gridinsoft.com/comparison
Li os posts e fiz algumas ações sugerida pelo o mesmo, em relação a decriptografia do ransoware mallox, não consegui êxito em nenhum arquivo de tentativas com ferramentas de decriptografia AVAST Descryption Toll, seberia informar alguma outra saída pra descriptografar os arquivos, por favor?