Ox4444 Ransomware

What is Ox4444 Ransomware?

Ox4444 Ransomware is a dangerous computer infection that will encrypt your files. It is not something unknown; after all, we have been dealing with ransomware infections for a few years now. It is very frustrating that they just keep on coming, but if there is anything we can do about it, it’s removing Ox4444 Ransomware and other dangerous infections from your systems no questions asked. Please refrain from transferring the ransom fee to these criminals. It wouldn’t help restoring your files anyway. You may need to look at other file recovery options if you do not have a file backup.

Where does Ox4444 Ransomware come from?

Like most of the ransomware infections, Ox4444 Ransomware isn’t a stand-alone program. It is a modified version of the Globeimposter Ransomware infection. Although even when we have ransomware programs from the same family, it is very seldom that we can apply the same decryption tool to all of them.  Therefore, if you are looking for a public decryption tool, make sure that it is intended for Ox4444 Ransomware, and not any other infection. There is also a chance that the public decryption tool is not available because it is not a very “popular” infection.

Nevertheless, that should not stop you from battling this intruder. It is definitely a lot better to prevent these infections from entering your system in the first place. For that, we need to know how they spread. Computer security experts say that Ox4444 Ransomware usually travels in spam email attachments. We think that we often recognize spam, and that we can ignore those mails. But these days, spam messages that distribute ransomware can be really creative. Sometimes they even look like they were sent by an individual human being. What’s more, if those spam messages target a corporate business system, they might appeal at something that you usually deal with at work. For example, copyright infringement or sales.

Therefore, it is of utmost importance to be careful when you are about to open new attachments. Do yourself a favor, and scan them with a security tool before launching. You should apply this to every single file you receive, whether via email or, say, RDP connection. Scanning the files would definitely decrease the possibility of a ransomware infection.

What does Ox4444 Ransomware do?

However, what happens if Ox4444 Ransomware enters the system whether you like it or not? Well, there is the usual ransomware behavior pattern, and this program follows it through and through. First, it scans the system looking for all the file types it can encrypt. Then it launches the encryption. Ox4444 Ransomware encryption affects almost every single folder in your system, except for Windows system documents. As you can clearly tell, this infection needs your computer to work once the encryption is complete because it expects you to transfer the ransom payment.

Ox4444 Ransomware also drops a copy of itself in the %LocalAppData% directory. It is an executable file, and it might have two different names. It could have the same filename as the ransomware installer that you launched accidentally. Or it could be named svhost.exe. Please note that there is a legitimate system process svchost, but it has nothing in common with this malicious file.

In every affected folder, you will find the ransom note under HOW_TO_BACK_FILES.txt. It will also tell you that you have to contact the criminals behind this attack via China.Helper@aol.com or China.Helper.@india.com. Of course, sending mails would not solve your problems. In fact, it is very likely that the servers are dead by now, and you would not receive an answer from these criminals.

How do I remove Ox4444 Ransomware?

Instead of doing what you are told, you have to delete Ox4444 Ransomware today. Since this program has a point of execution in the registry, you will have to edit the Windows registry on your own when you remove this infection. If you do not feel confident about it, invest in a security application that can do everything for you automatically.

Also, you can delete the encrypted files if you have copies of your data saved on an external hard drive. What’s more, if you regularly back up your data on a cloud drive, it shouldn’t be a problem to restore most of your files. Thus, do not feel discouraged when you need to deal with Ox4444 Ransomware.

Manual Ox4444 Ransomware Removal

1. Press Ctrl+Shift+Esc and Task Manager will open.
2. Click the Processes tab and mark suspicious processes.
3. Click the End Process button and exit Task Manager.
4. Remove the malicious launched file and press Win+R.
5. Enter %LocalAppData% into the Open box and press OK.
6. Delete the malicious executable file (might be svhost.exe).
7. Press Win+R and enter regedit. Press OK.
8. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
9. On the right pane, right-click the BrowserUpdateCheck value and delete it.
10. Scan your computer with SpyHunter. Download Removal Tool100% FREE spyware scan and
    tested removal of Ox4444 Ransomware*

Stop these Ox4444 Ransomware Processes: