Severity scale:

(66/100)

EDocTransfer. How to remove? (Uninstall guide)

removal by Alice Woods - - 2018-10-01 | Type: Malware

4459 views

Special Offer

EDocTransfer ransomware uses sophisticated techniques to infiltrate computers and hide from its victims. Use Reimage to determine whether your system is infected and prevent the loss of your files.
Download Reimage repair Download Reimage repair

More information about Reimage and Uninstall Instructions. Please review Reimage EULA and Privacy Policy. Reimage scanner is free. If it detects a malware, purchase its full version to remove it.

EdocTransfer is a malicious site that seeks to infect its visitors with malware

EdocTransfer scam

EdocTransfer virus is a malicious domain that must be avoided. According to the latest researches, this domain is associated with various phishing campaigns^[1] used by Internet frauds to infect their visitors with malware. EdocTransfer.com domain was noticed for the first time in phishing campaigns delivering deceptive Google Docs sharing links to victims.^[2] Soon after that, users reported about redirects to this malicious website.

Name	EdocTransfer
Type	Malware
Popularity	High. Keeps spreading around for more than a year
Emails involved into phishing	inbound-digitalfax@edoctransfer.com, docusign@edoctransfer.com, heather.cole@edoctransfer.com
Main dangers	The loss of personal information, infiltration of virus
Elimination	To get rid of this virus, run a full system scan with Reimage.

Users have reported phishing emails sent by inbound-digitalfax@edoctransfer.com and heather.cole@edoctransfer.com. If you received an email from any of these senders, make sure you get rid of them immediately and don't even think about opening attached files or links that are included to the email message.

The indicated email address is known for sending fax-themed spam messages containing malware or links to EDoc Transfer phishing websites. You can run into severe cyber threats such as ransomware or Trojans by interacting with these message’s contents, so we advise staying away from them. One click can throw you onto compromised domains, and it is only a matter of time until criminals steal your private information or contaminate your computer with malware.

EDoc Transfer virus poses a serious threat to your computer and your privacy, so make sure you avoid links associated with its name. As we have mentioned previously, you can find out that someone is trying to trick you into visiting such domain by hovering your mouse over questionable links (buttons or ads). Once you hover the mouse over the provided link – the information pop-up shows google.edoctransfer.com domain, which is clearly not a Google Docs link.

If you accidentally visited the previously-known domain, make sure you check your computer with an up-to-date anti-malware software immediately. Reimage or Plumbytes Anti-MalwareMalwarebytes Malwarebytes can help you fix your computer and leave it spotless. Bear mind that you should not attempt to remove EDoc Transfer virus manually as it can be a highly sophisticated malware variant.

EdocTransfer phishing scam attempts to trick user to visiting dangerous websites that can be serving malware or asking for private information.
Method 1. (Safe Mode method)
Select 'Safe Mode with Networking'
Method 1. (Safe Mode method)
Select 'Enable Safe Mode with Networking'
Method 2. (System Restore method)
Select 'Safe Mode with Command Prompt'
Method 2. (System Restore method)
Select 'Enable Safe Mode with Command Prompt'
Method 2. (System Restore method)
Enter 'cd restore' without quotes and press 'Enter'
Method 2. (System Restore method)
Enter 'rstrui.exe' without quotes and press 'Enter'
Method 2. (System Restore method)
When 'System Restore' window shows up, select 'Next'
Method 2. (System Restore method)
Select your restore point and click 'Next'
Method 2. (System Restore method)
Click 'Yes' and start system restore
Slide 1 of 10
Distribution of EDoc Transfer malware

The malware can sneak into your computer system right after clicking on a link that leads to edoctransfer.com domain. Cybersecurity experts from Novirus.uk^[3] report that users should beware of Digitalfax delivery spam and EdocTransfer James Shelton spam.

It has been discovered that fraudsters use James Shelton’s name in their email spam campaigns (this non-existent person is presented as the sender of the email);
Cybercrooks also compose “Digitalfax delivery” emails and suggest victims to open a malicious link provided in the message or a file attached to the email;
Finally, users should beware of EdocTransfer subpoena spam, which deceptively suggests opening orders to attend a court.

Remove EdocTransfer malware

Users who accidentally fell victims to EdocTransfer virus should immediately scan their computers to find malware dropped from dangerous sites they were redirected to or malicious email attachment that the user unknowingly opened.

It is a must to remove EdocTransfer as soon as possible. You can never know what kind of malware sneaked into your computer, especially because such files tend to use names of legitimate files and programs. To cleanse the system, consider running a system scan with one of the provided security programs. It will finish EdocTransfer removal for you.

Offer

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.

do it now!

Download
Reimage (remover) Happiness
Guarantee Download
Reimage (remover) Happiness
Guarantee

Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions

What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.

Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.

read press mentions »

Alternative Software

Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.

Download Malwarebytes Review »

Alternative Software

Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

Download Combo Cleaner Review »

To remove EDocTransfer, follow these steps:

Remove EDocTransfer using Safe Mode with Networking

To determine what virus has infiltrated your system, thoroughly check your computer for malware. An easy and quick way to do it is to prepare your computer by restarting it into Safe Mode and then using a reliable anti-malware software for EDocTransfer malware removal.

Step 1: Reboot your computer to Safe Mode with Networking

Windows 7 / Vista / XP
1. Click Start → Shutdown → Restart → OK.
2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
3. Select Safe Mode with Networking from the list
Windows 10 / Windows 8
1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
2. Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Step 2: Remove EDocTransfer

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete EDocTransfer removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove EDocTransfer using System Restore

Step 1: Reboot your computer to Safe Mode with Command Prompt

Windows 7 / Vista / XP
1. Click Start → Shutdown → Restart → OK.
2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
3. Select Command Prompt from the list
Windows 10 / Windows 8
1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
2. Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
1. Once the Command Prompt window shows up, enter cd restore and click Enter.
2. Now type rstrui.exe and press Enter again..
3. When a new window shows up, click Next and select your restore point that is prior the infiltration of EDocTransfer. After doing that, click Next.
4. Now click Yes to start system restore.
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that EDocTransfer removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from EDocTransfer and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

About the author

Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

References

^ Jim Finkle, Alastair Sharp. Spam campaign targets Google users with malicious link. Reuters. Business & Financial News, US & International Breaking News.
^ Phishing Simulation Examples. Hofstra University. Information Technology, Security Information.
^ NoVirus. NoVirus. Malware, Spyware and Security News.