Severity scale:  
  (89/100)

Mole03 ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

Mole03 ransomware appears, starts asking for ransoms

Mole03 virus

Mole03 ransomware is a computer virus that comes from CryptoMix malware family[1]. The virus appends .mole03 extension to encrypted files, whereas previous modifications used to append .mole00 or .mole02 file extensions to files. The ransomware is currently distributed via EiTest campaign.

Just like previous CryptoMix variants (Zayka, Noob, and CK), the ransomware drops the _HELP_INSTRUCTION.TXT file on the system. The note states that victim’s files were corrupted using RSA-2048 and AES-128 cryptography algorithms. The criminals urge the victim to install Tor browser and access particular .onion websites in order to find data recovery instructions.

The payment website asks to enter victim’s ID (provided in the ransom note) and email address. The criminals promise to contact the victim within 24 hours with instructions on how to recover data. The price for data recovery solution, according to criminals, is 1.0 Bitcoin.

The new CryptoMix variant attacks victims who visit compromised Internet sites via Google Chrome or Internet Explorer browsers. In case the user uses Google Chrome, the malicious script in compromised Internet sites launches the fake “HoeflerText wasn’t found” pop-up[2], urging to install a malicious file that contains the ransomware.

If the victim uses Internet Explorer, the malicious script reroutes him to a tech support scam site, stating that victim’s PC is infected with YahLover.worm and that the issue can be solved only by calling “Microsoft Technical Department at 877-804-5390.”

If your files were compromised by this disastrous virus, we highly recommend using anti-malware software to remove Mole03 first. It is must-do task before trying any data recovery solutions we provide. It goes without saying that we do not recommend paying the ransom because it does not guarantee a successful data recovery.

For Mole03 removal, we strongly recommend using Reimage or Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus software. Before you allow one of these programs do the magic, you need to reboot your PC into a specific mode first. You can find clear instructions on how to do it below the article.

Distribution of the ransomware

This particular ransomware variant is mostly distributed using a technique that was previously employed in Spora ransomware campaign. The attackers compromise thousands of legitimate websites by adding a malicious script to them. This script identifies visitor’s web browser type and in case it detects Google Chrome, a deceptive pop-up appears on the screen.

The pop-up message states that “The “HoeflerText” font wasn’t found” and that the victim has to install it in order to view website’s content. However, the file behind this pop-up actually carries a malicious payload that is set to damage all victim’s files. At the moment, one of websites known to be compromised is one-hour[.]fr. If you are a French computer user, we suggest looking for help on LesVirus.fr website[3].

You should never install software from unknown websites. Keep in mind that the bogus “HoeflerText” pop-ups can bother not only Chrome but also Mozilla Firefox users. In case your website was compromised, you need to delete the malicious code by yourself or with the help of an expert.

Remove Mole03 ransomware and restore encrypted files

You must remove Mole03 virus. To do this, follow instructions provided below the article. You have to have an up-to-date security software with malware removal capabilities and have your computer run in a Safe Mode with Networking.

Once everything’s set, you can launch a full system scan and wait until the security product detects all malicious components. You might need to perform several scans. Once the security software detects the infection, remove it with the help of the software.

It is the easiest way to complete Mole03 removal. Besides, you should not attempt to delete this virus manually because it is a highly sophisticated ransomware example.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Mole03 ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Mole03 ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual Mole03 virus Removal Guide:

Remove Mole03 using Safe Mode with Networking

To remove Mole03 virus from your PC and recover files that were corrupted, carry out the given instructions.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Mole03

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Mole03 removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Mole03 using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Mole03. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Mole03 removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Mole03 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Speaking of data recovery, we must say that the only 100% efficient way to restore encrypted files is to know the decryption key. Unfortunately, it is currently kept in cybercriminals' server, and although you can try paying the ransom, we do not recommend doing it because there's a great chance to lose your money the way you lost your files.

You can use data backup, if you have one. If you don't, we can only suggest trying these data recovery solutions. We must point out that CryptoMix ransomware has been cracked in the past, so it might happen in the future as well.

If your files are encrypted by Mole03, you can use several methods to restore them:

Data Recovery Pro trick

Data Recovery Pro software is an easy-to-use tool that helps to recover files that have been damaged, deleted, or corrupted. Please remember that it is not the official Mole03 decryptor, therefore it might fail to recover some files. However, it is worth trying this tool whatsoever.

Test free CryptoMix decryptor

CryptoMix decryptor by Avast was designed to decrypt files marked with .cryptoshield, .rdmk, .scl, .lesli, .code, .rscl, .rmd (earlier ransomware versions). We have hopes that the decryptor will be updated to decrypt the latest ransomware variants.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Mole03 and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References

Removal guides in other languages