ODCODC Ransomware Removal Guide

ODCODC ransomware is a bilingual win-locker. The insidious program uses English and Russian for its ransom message. Russia is among the countries where the virus is widely distributed. The origin of ODCODC ransomware cannot be confirmed without identifying its developers. However, the ransom message leads us to believe it was created in India. The e-mail account the cyber criminals use appears to be a clue for the program’s background. The win-locker infects documents, images, videos, audios, archives, custom programs and other files. The only data the clandestine program leaves behind are the components, required for the operating system (OS) to run properly. The targeted file types include the following: .txt, .pdf, .doc, .docx, .rar, .zip, .exe, .xls, .xlsx, .ppt, .pptx, .pak, .exif, .raw, .csv, .ini, .wps, .js, .psd, .jpg, .jpeg, .gif, .png, .bmp, .tif, .tiff, .ai, .reg, .sys, .qic, .bin, .wsc, .mdb, .db, .arw, .ps1, .bat, .lnk, .m3u, .m4a, .mp3, .flac, .wav, .wma, .mid, .sql, .vb, .crw, .bkp, .sln, .avi, .mov, .mkv, .mpg, .mpeg, .flv, .ogg, .srf, .eps, .dll, .dat, .dng, .iff and others. ODCODC ransomware creates a ransom note, titled readthis.txt. The message states that your files have been irrevocably changed and cannot be accessed. You will be asked to pay a ransom to have them restored.

There are a couple of techniques, used for spreading ODCODC ransomware. The sources for the virus are more diverse. The win-locker can travel with an infected file, hide behind a corrupted website or a compromised link. When attaching itself to another file, the nefarious program uses spam e-mails. The download and install of the win-locker is initiated through a malicious macros. To trigger the process, the virus just needs you to open the host file. This is why you should do a checkup of your in-box items before accessing any files from them. Be warned that spammers often misrepresent existing companies and entities, like the national postal services, established courier firms, social networks, e-commerce platforms, banks and government institutions. You need to look up all details, contained in the e-mail. For starters, check the account the message has been sent from. It should match the official contacts of the represented entity. The physical address, telephone number, fax and other coordinates should also correspond. The other way for ODCODC ransomware to penetrate your system is through a drive-by installation. This can be triggered through a corrupted website or a compromised link. You need to be cautious about your sources. Do your research on a website, if you are uncertain about its reliability.

ODCODC Ransomware
Download Removal Tool for ODCODC Ransomware

ODCODC ransomware locks files with the RSA-2048 cipher. In most cases, the virus uses the XOR algorithm. The .odcodc suffix is added to each encrypted file. Win-lockers are created to raise revenue. ODCODC ransomware tries to make people pay the cyber criminals by convincing them the only way to get their data back is by cooperating. The hackers tell users to pay a certain ransom. They provide an e-mail address as a form of contact. Some variants of the virus also include a reserve address. The main account of the hackers behind ODCODC ransomware is abennaki@india.com. The secondary address is transcript@india.com. The win-locker also assigns a unique ID for each infected computer. To prove they posses the technology to decrypt files, the developers give users the chance to have some of their data recovered for free. It is not stated how many files you can have restored. No limitations are listed for file type and size. In any event, it is not advised to try making a deal with cyber thieves. There have been reports of people paying the ransom and not having their data restored. The requested sum is $500 USD. Since it has to be paid in bitcoins, there is no way to track down and identify the recipients. It is best to remove ODCODC ransomware on your own terms and attempt to recover your data afterwards.

In order to delete a win-locker and all of its components, you need to use a professional AV program. There is a full guide on how to uninstall ODCODC ransomware below. The virus may have been able to delete some or all of your shadow volume copies. The restoration may be impossible or incomplete. If you are lucky enough to discover the win-locker timely, you could recover all your data. A program which can be of help is Shadow Explorer. You can download it from: shadowexplorer.com/downloads.

ODCODC Ransomware Removal Instructions

Windows 8

1. Navigate to the Start menu and click on the Windows key.
2. Open the web browser.
3. Type: http://www.xp-vista.com/download-instructions in the search bar of your web browser.
4. Download SpyHunter and install it on your PC.
5. Scan the system with the antimalware tool and erase any infected files and viruses.

Windows Vista and Windows 7

1. Reboot your PC computer and press the F8 key.
2. Go to Windows Advanced Options and select Safe Mode with Networking, press Enter.
3. Type: http://www.xp-vista.com/download-instructions in the search bar of your web browser.
4. Download SpyHunter and install it on your PC.
5. Scan the system with the antimalware application and erase any infected files and viruses.

Windows XP

1. Reboot your PC and press the F8 key.
2. Go to Windows Advanced Options and select Safe Mode with Networking, press Enter.
3. Type: http://www.xp-vista.com/download-instructions in the search bar of your web browser.
4. Download SpyHunter and install it on the computer.
5. Scan your system with the antimalware tool and delete any infected files and viruses.
6. Go to the Start Menu and then click Run.
7. Type “msconfig” in the search bar and click OK.
8. In the System Configuration Utility go to the “Startup” tab and select the option “Disable All”.
9. Press OK and reboot your PC.

By

Speak Your Mind

*