Deos Ransomware

Deos Ransomware is a recently found computer infection that can lock your computer’s screen and prevent you from using it altogether. However, the program claims to encrypt your files which is not true. Nevertheless, you have to remove it to ensure your computer’s security as it has a function for file encryption that is not active in the current iteration. This program will run each time you start up your PC, so you will not be able to use it. We have tested Deos Ransomware and found a way to get around its lock screen. Consequently, you can delete it manually or install an anti-malware program to remove it for you.

Apparently, this program can infect your computer in a number of possible ways, but more on that later. If it manages to get onto your PC, it will first executes a command "shutdown -a" so that you would not close the program. Furthermore, once executed, the malware drops a file in the Startup folder to run it each time you boot up your PC. It locks the screen by placing a window on the desktop, and you cannot minimize or close it. The text on the window says that your files have been encrypted, but the good news that this program, at least for the time being, does not do that.

We have found that this program was written in the .NET Framework 4 programming language. Our in-depth analysis has revealed that this program features the Exclusive-OE Function (XOR) that can be used to encrypt your files. However, testing has shown that the current iteration does not do that. The ransomware simply does not execute XOR, so it does not encrypt any files which is good news if your PC has been infected by Deos Ransomware. Nevertheless, this program runs a check of %TEMP%, %USERPROFILE%\Videos, %USERPROFILE%\Pictures, %USERPROFILE%\Music, %USERPROFILE%\Documents, %APPDATA%, and %USERPROFILE%\Desktop directories and enumerates all files present in their folders. We have received reports that suggest that future iterations will be able to encrypt some file formats. Apparently, this program will be able to encrypt .txt, .html, .zip, and .rar.

While there is not much information on the distribution channels of Deos Ransomware, we believe that its developers might use several channels. Email spam is the most likely method as it is the easiest way to infect the computers of unwary users who willingly open the attached malicious files. The developers might also use various security exploits to infect websites that secretly download this ransomware when you interact with Flash or JavaScript-based content. On top of that, they may have this program included with keygens or software cracks featured on websites that host pirated content or certain torrent websites.

In closing, Deos Ransomware is one nasty computer infection that is a bit tricky to get rid of but fear not because there is a simple way you can get rid of it. While this program does not allow you to use your PC, you can bypass it by booting your PC in Safe Mode. In this mode, only the most necessary programs are launched. Hence, this ransomware will also not be launched, so you will be able to go to its locations and delete its files or get an anti-malware program such as our featured SpyHunter antimalware program to remove it for you. Please check the instructions below for more information.

Boot your PC in Safe Mode with Networking

Windows XP

1. Open the Start menu and click Restart.
2. Press and hold the F8 key while the computer restarts.
3. On the Advanced Boot Options screen, highlight the Safe Mode with Networking using the arrow keys.
4. Press Enter.
5. Log on to your computer.

Windows 7 and Vista

1. Restart the computer.
2. Press and hold the F8 key as your computer restarts.
3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.
4. Log on to your computer with a user account that has administrator rights.

Windows 10/8.1/8

1. Press the Windows Key.
2. Type Change advanced startup options in the search window and press Enter.
3. Select the Restart now option under Advanced startup.
4. Select Troubleshoot.
5. Select Advanced options and go to Startup Settings.
6. Click the Restart button.
7. Select Enable Safe Mode with Networking by pressing 5.

Delete Deos Ransomware manually

1. Simultaneously hold down Win+E keys.
2. Enter the following file paths in the address box and hit Enter.
   • %ALLUSERSPROFILE%\Start Menu\Programs\
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\
   • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\
3. Right-click the malicious files and click Delete.
4. Empty the Recycle Bin.