• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

.Dodoc file extension ransomware virus (Restore, Decrypt .dodoc files)

Myantispyware team July 23, 2019    

A ransomware called Dodoc file virus is another development of cyber criminals. The principle of its functioning and the method of distribution is the same as in the case of the Todar, Lapoi, Darus and so on, the only difference is the .dodoc extension appended to the photos, documents and music that are affected by it.

Files encrypted by Dodoc ransomware virus

Files encrypted by Dodoc ransomware virus

Getting to the user’s machine, the Dodoc ransomware starts searching for files in all folders and recursively, and after their detection, locks up each of them using complex ciphered combination that completely blocks them and leads to their dysfunction. This ransomware virus is capable of encrypting various files such as documents, archives, database, video materials, photos, web application-related files and drawings, as well as its destructive effects can be subjected to backups. Dodoc virus encrypts almost of files, including common as:

.webp, .vfs0, .forge, .odm, .xlsx, .bar, .bay, .der, .dba, .2bp, .wdp, .arch00, .wsh, .zdb, .xdl, .wpd, .xar, .wpw, .vcf, .das, .rtf, .x, .wb2, .y, .x3f, .pfx, .dng, .pptm, .3fr, .map, .erf, .psk, .wp, .tor, .desc, .7z, .pst, .odc, .raw, .dwg, .png, .xbplate, .jpg, .xlsm, .rim, .wmo, .kdc, .jpe, .m3u, .pdf, .wma, .crt, .vdf, .xls, .crw, .nrw, .wp6, .zabw, .xlgc, .z, .esm, .wpd, .hplg, .3ds, .mdf, .sidd, .qdf, .zif, .csv, .xmmap, .mpqge, .doc, .bkp, .xbdoc, .txt, .p7c, .m4a, .wbd, .docx, .rw2, .xls, .wmf, .slm, .itl, .snx, .xyw, .bsa, .pkpass, .wav, .rb, .zdc, .ltx, .jpeg, .ptx, wallet, .wbmp, .cdr, .big, .sr2, .xy3, .zi, .t12, .lbf, .gho, .rgss3a, .zip, .wp5, .ibank, .fpk, .p12, .srf, .ods, .iwd, .cfr, .fsh, .hvpl, .wotreplay, .icxs, .mrwref, .wdb, .w3x, .sis, .pem, .re4, .1st, .hkx, .wpg, .ntl, .accdb, .kdb, .cas, .wbz, .mov, .wn, .wsd, .mcmeta, .css, .odt, .cer, .sidn, .wbk, .sum, .mddata, .wma, .dazip, .wps, .wbc, .rofl, .vpk, .wpa, .pak, .d3dbsp, .webdoc, .ybk, .sid, .wm, .xx, .ws, .xlsx, .mef, .pptx, .menu, .bik, .yal, .apk, .avi, .wmv, .r3d, .itdb, .wpt, .svg, .wcf, .wpb, .wot, .gdb, .srw, .syncdb, .ztmp, .t13, .yml, .ysp, .ai, .mdbackup, .indd, .vpp_pc, .wmd, .wri, .qic, .kf, .pef, .litemod, .layout, .ppt, .asset, .bc6, .upk, .xmind, .rar, .1, .xml, .orf, .m2, .zip, .x3f, .flv, .bc7, .xll, .sql, .fos, .blob, .dxg, .dmp, .mdb, .odp, .wgz, .docm, .bkf, .db0, .0, .xxx, .raf, .p7b, .xlsb, .tax, .sav, .dbf, .wps, .mlx, .js, .xlk, .sie, .wbm, .itm, .pdd, .cr2, .lvl, .wp7, .wmv, .odb, .dcr, .xpm, .xwp, .lrf, .iwi, .eps, .arw, .psd, .xyp, .sb, .x3d, .wp4, .wpl, .z3d, .vtf, .xlsm, .wpe, .xf, .ff, .hkdb, .wire, .xdb, .mp4, .zw, .py

Files which are locked by Dodoc receive the .dodoc extension and become inaccessible to the victim. In the place where the photos, documents and music were locked by the Dodoc virus, a ransom note appears with instructions that there was a lock of archives, tables, video materials, photos and documents, or other files important to the victim. The ransom note also states that the victim must transfer money to scammers to obtain a special code key that he can use to decrypt the encrypted files that have received the .dodoc extension. If the victim has the opportunity to transfer money to purchase this key and/or decryption utility within 72 hours, he can pay only half of the specified amount.

Dodoc virus ransom note

Dodoc virus ransom note


 

Threat Summary

Name Dodoc
Type File locker, Crypto malware, Crypto virus, Ransomware, Filecoder
Encrypted files extension .dodoc
Ransom note _readme.txt
Contact gorentos@bitmessage.ch, @datarestore (telegram)
Ransom amount $490, $980 in Bitcoins
Symptoms Encrypted photos, documents and music. Your photos, documents and music now have different extensions that end with something like .locked, .crypted or .cryptor. Files called such as ‘_readme.txt’, or ‘_readme” in every folder with an encrypted file. You have received instructions for paying the ransom.
Distribution methods Phishing emails that contain malicious attachments. Drive-by downloads from a compromised web page. Social media posts (they can be used to entice users to download malware with a built-in ransomware downloader or click a misleading link). Torrent web-sites.
Removal To remove Dodoc ransomware use the removal guide
Decryption To decrypt Dodoc ransomware use the steps

 

We recommend you to remove Dodoc ransomware sooner, until the presence of the ransomware virus has not led to even worse consequences. You need to follow the steps below that will help you to completely remove Dodoc from your computer as well as restore encrypted documents, photos and music, using only few free utilities.

Quick links

  1. How to remove Dodoc file virus
  2. How to decrypt .dodoc files
  3. Dodoc decryption tool
  4. How to restore .dodoc files
  5. How to protect your machine from Dodoc crypto malware?

How to remove Dodoc file virus

In order to delete Dodoc crypto virus from your computer, you need to stop all ransomware processes and delete its associated files including Windows registry entries. If any crypto malware components are left on the computer, the crypto virus can reinstall itself the next time the personal computer boots up. Usually viruses uses random name consist of characters and numbers that makes a manual removal procedure very difficult. We recommend you to use a free crypto virus removal tools that will help uninstall Dodoc crypto virus from your PC. Below you can found a few popular malware removers that detects various ransomware.



Use Zemana Anti Malware to remove Dodoc virus

Zemana Free highly recommended, because it can find security threats such Dodoc crypto virus, other malicious software and trojans which most ‘classic’ antivirus applications fail to pick up on. Moreover, if you have any Dodoc removal problems which cannot be fixed by this tool automatically, then Zemana AntiMalware provides 24X7 online assistance from the highly experienced support staff.

Visit the following page to download Zemana Free. Save it directly to your MS Windows Desktop.

Zemana AntiMalware
Zemana AntiMalware
165090 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

Once the downloading process is complete, close all applications and windows on your personal computer. Open a directory in which you saved it. Double-click on the icon that’s called Zemana.AntiMalware.Setup like below.

Zemana Anti-Malware (ZAM) icon

When the setup begins, you will see the “Setup wizard” that will help you install Zemana Anti-Malware on your system.

Zemana Anti Malware (ZAM) SetupWizard

Once setup is done, you will see window as displayed in the figure below.

Now click the “Scan” button to perform a system scan with this tool for the Dodoc ransomware, other malicious software, worms and trojans. Depending on your PC system, the scan may take anywhere from a few minutes to close to an hour. While the Zemana Anti-Malware utility is checking, you can see how many objects it has identified as being infected by malicious software.

Zemana scan for Dodoc crypto virus and other security threats

Once finished, Zemana Free will open a list of all items found by the scan. Once you have selected what you wish to delete from your system press “Next” button.

Zemana Free scan is done

The Zemana will remove Dodoc ransomware, other malware, worms and trojans.

Run MalwareBytes Free to delete Dodoc ransomware

We suggest using the MalwareBytes Anti-Malware. You can download and install MalwareBytes Free to locate and delete Dodoc from your computer. When installed and updated, this free malware remover automatically identifies and removes all threats present on the computer.
MalwareBytes Anti Malware (MBAM) for Windows, scan for ransomware virus is complete

Click the link below to download MalwareBytes Free. Save it directly to your Windows Desktop.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
327309 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

After the downloading process is complete, run it and follow the prompts. Once installed, the MalwareBytes will try to update itself and when this task is finished, click the “Scan Now” button to begin scanning your PC for the Dodoc crypto virus related files, folders and registry keys. A system scan can take anywhere from 5 to 30 minutes, depending on your machine. While the MalwareBytes AntiMalware (MBAM) program is scanning, you can see number of objects it has identified as threat. All detected threats will be marked. You can delete them all by simply press “Quarantine Selected” button.

The MalwareBytes Free is a free program that you can use to remove all detected folders, files, services, registry entries and so on. To learn more about this malicious software removal utility, we suggest you to read and follow the steps or the video guide below.

Remove Dodoc ransomware virus with KVRT

KVRT is a free portable program that scans your machine for adware, trojans and crypto viruses like Dodoc ransomware and helps delete them easily. Moreover, it’ll also allow you delete any harmful internet browser extensions and add-ons.

Download Kaspersky virus removal tool (KVRT) on your Windows Desktop from the following link.

Kaspersky virus removal tool
Kaspersky virus removal tool
129309 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

When downloading is complete, double-click on the Kaspersky virus removal tool icon. Once initialization procedure is finished, you’ll see the Kaspersky virus removal tool screen as displayed on the screen below.

KVRT main window

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button to perform a system scan for the Dodoc crypto malware . This task may take some time, so please be patient. While the Kaspersky virus removal tool program is scanning, you may see number of objects it has identified as threat.

Kaspersky virus removal tool scanning

After the scan is complete, KVRT will show you the results as displayed on the image below.

KVRT scan report

When you are ready, press on Continue to begin a cleaning process.

How to decrypt .dodoc files

You can damage photos, documents and music affected by Dodoc crypto malware, or make them useless forever if you try to find the special code key on your own, which is almost impossible in view of its cryptographic complexity. It is very important to know and understand the level of importance of constantly backing up important files to various media, like an Flash Drive, so that in case of damage to your computer by ransomware you can always extract a copy of encrypted files.

Should you pay the ransom

Never pay the ransom! Some victims, wishing to decrypt encrypted photos, documents and music, pay the ransom amount of money to fraudsters. However, it is important to remember before performing this action that you are interacting with unscrupulous and dishonest people, and the probability that after transferring money they will not provide you with a private key and Dodoc decryption utility to unlock .dodoc files or increase the amount of ransom is high enough.

Files encrypted by Dodoc ransomware virus

Files encrypted by Dodoc ransomware virus

There is no such solution to this problem, which is suitable for everyone. However, paying for the unique key is not an obvious answer. If you pay for it, remember that no one gives you a guarantee that you will receive it. There is also a possibility that even the cyber frauds themselves do not have this key. Most probably, they are just trying to defraud you and use you in order to get money. You should try the steps in this article. The instructions will help you completely uninstall Dodoc crypto malware and you will be able to decrypt some of the blocked data without paying any ransom payment. Given the fact that fighting crypto virus is incredibly difficult, we cannot promise you that you will defuse it. Nevertheless, it is still worth a try.

Dodoc decryption tool

With some variants of Dodoc file virus, it is possible to decrypt encrypted files using free tools listed below.




Michael Gillespie (@) released the Dodoc decryption tool named STOPDecrypter. It can decrypt .Dodoc files if they were locked by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.

STOPDecrypter

Dodoc decryption tool

STOPDecrypter is a program that can be used for Dodoc files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .Dodoc files using this free tool.

  1. Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
    download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip
  2. After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
  3. Further, select ‘Extract all’ and follow the prompts.
  4. Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.

If STOPDecrypter does not help you to decrypt .Dodoc files, in some cases, you have a chance to restore your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given below.

How to restore .dodoc files

In some cases, you can recover files encrypted by Dodoc crypto virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted files.




Recover .dodoc files with ShadowExplorer

The Windows has a feature named ‘Shadow Volume Copies’ that can help you to restore .dodoc files encrypted by the Dodoc ransomware. The way described below is only to restore encrypted files to previous versions from the Shadow Volume Copies using a free tool named the ShadowExplorer.

Installing the ShadowExplorer is simple. First you’ll need to download ShadowExplorer on your computer by clicking on the link below.

ShadowExplorer
ShadowExplorer
439702 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

After the download is complete, extract the downloaded file to a folder on your system. This will create the necessary files as shown on the screen below.

ShadowExplorer folder

Start the ShadowExplorerPortable application. Now choose the date (2) that you wish to recover from and the drive (1) you wish to restore files (folders) from as on the image below.

recover encrypted files with ShadowExplorer utility

On right panel navigate to the file (folder) you wish to recover. Right-click to the file or folder and click the Export button similar to the one below.

ShadowExplorer recover .dodoc files

And finally, specify a folder (your Desktop) to save the shadow copy of encrypted file and press ‘OK’ button.

Recover .dodoc files with PhotoRec

Before a file is encrypted, the Dodoc crypto virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your personal files using file recover applications like PhotoRec.

Download PhotoRec from the following link. Save it on your MS Windows desktop.

PhotoRec
PhotoRec
221346 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

When the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the screen below.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for Windows. It will open a screen as on the image below.

PhotoRec for windows

Select a drive to recover as displayed in the figure below.

photorec choose drive

You will see a list of available partitions. Choose a partition that holds encrypted documents, photos and music as shown on the screen below.

photorec choose partition

Press File Formats button and select file types to restore. You can to enable or disable the restore of certain file types. When this is done, press OK button.

PhotoRec file formats

Next, click Browse button to select where recovered documents, photos and music should be written, then click Search.

photorec

Count of restored files is updated in real time. All restored photos, documents and music are written in a folder that you have selected on the previous step. You can to access the files even if the recovery process is not finished.

When the recovery is done, click on Quit button. Next, open the directory where restored documents, photos and music are stored. You will see a contents as on the image below.

PhotoRec - result of restore

All recovered documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are looking for a specific file, then you can to sort your restored files by extension and/or date/time.

How to protect your machine from Dodoc crypto malware?

Most antivirus applications already have built-in protection system against the crypto virus. Therefore, if your PC does not have an antivirus application, make sure you install it. As an extra protection, use the HitmanPro.Alert.

Use HitmanPro.Alert to protect your computer from Dodoc ransomware virus

HitmanPro.Alert is a small security tool. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.

Click the link below to download the latest version of HitmanPro Alert for Microsoft Windows. Save it on your Microsoft Windows desktop.

HitmanPro.Alert
HitmanPro.Alert
6880 downloads
Author: Sophos
Category: Security tools
Update: March 6, 2019

After the download is done, open the file location. You will see an icon like below.

HitmanPro.Alert file icon

Double click the HitmanPro Alert desktop icon. After the utility is launched, you will be shown a window where you can choose a level of protection, as displayed on the screen below.

HitmanPro.Alert install

Now click the Install button to activate the protection.

 

Virus

 Previous Post

How to remove Tinuntoldrelac.info pop-ups [Chrome, Firefox, IE, Edge]

Next Post 

How to remove Hattontrithanof.info pop-ups [Chrome, Firefox, IE, Edge]

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Debbie’s Dresses Reviews, Scam or Legit, Uncovering the Truth!
MemoCore Review, Scam or Legit? What You Need to Know
Xumeino.co.in Virus Removal Guide
scam alert
How to remove Waddlesestant.com pop-up ads
Jillian Michaels Coffee Trick Recipe Review, Scam or Legit? What You Need to Know

Follow Us

Search

Useful Guides

How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
Malwarebytes won’t install, run or update – How to fix it
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
search.yahoo.com
Remove Search.yahoo.com Redirect Virus ✅ (Quick & Easy) in 2024
remove android virus
How to remove virus from Android phone

Recent Guides

Tinuntoldrelac.info
How to remove Tinuntoldrelac.info pop-ups [Chrome, Firefox, IE, Edge]
1GAdm1HyyN9mAdx7j9WzfJyFtiiWbHNirF email scam
1GAdm1HyyN9mAdx7j9WzfJyFtiiWbHNirF Bitcoin email scam
Save yourself email spam
Save yourself Email Scam (Virus removal guide)
Pro PDF Converter
How to remove Pro PDF Converter [Chrome, Firefox, IE, Edge]
Files encrypted by gorentos2@firemail.cc
Gorentos2@firemail.cc ransomware virus (Restore, Decrypt encrypted files)

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.