Mole03 ransomware / virus (Recovery Instructions Included) - Free Guide

Mole03 virus Removal Guide

What is Mole03 ransomware virus?

Mole03 ransomware appears, starts asking for ransoms

Mole03 virus

Mole03 ransomware is a computer virus that comes from CryptoMix malware family[1]. The virus appends .mole03 extension to encrypted files, whereas previous modifications used to append .mole00 or .mole02 file extensions to files. The ransomware is currently distributed via EiTest campaign.

Just like previous CryptoMix variants (Zayka, Noob, and CK), the ransomware drops the _HELP_INSTRUCTION.TXT file on the system. The note states that victim’s files were corrupted using RSA-2048 and AES-128 cryptography algorithms. The criminals urge the victim to install Tor browser and access particular .onion websites in order to find data recovery instructions.

The payment website asks to enter victim’s ID (provided in the ransom note) and email address. The criminals promise to contact the victim within 24 hours with instructions on how to recover data. The price for data recovery solution, according to criminals, is 1.0 Bitcoin.

The new CryptoMix variant attacks victims who visit compromised Internet sites via Google Chrome or Internet Explorer browsers. In case the user uses Google Chrome, the malicious script in compromised Internet sites launches the fake “HoeflerText wasn’t found” pop-up[2], urging to install a malicious file that contains the ransomware.

If the victim uses Internet Explorer, the malicious script reroutes him to a tech support scam site, stating that victim’s PC is infected with YahLover.worm and that the issue can be solved only by calling “Microsoft Technical Department at 877-804-5390.”

If your files were compromised by this disastrous virus, we highly recommend using anti-malware software to remove Mole03 first. It is must-do task before trying any data recovery solutions we provide. It goes without saying that we do not recommend paying the ransom because it does not guarantee a successful data recovery.

For Mole03 removal, we strongly recommend using FortectIntego or SpyHunter 5Combo Cleaner software. Before you allow one of these programs do the magic, you need to reboot your PC into a specific mode first. You can find clear instructions on how to do it below the article.

.mole03 file extension virusMole03 ransomware is sometimes referred to as .mole03 file extension virus. Once it compromises the computer, victim's files become inaccessible. The ransom note left on the system explains how to restore them.

Distribution of the ransomware

This particular ransomware variant is mostly distributed using a technique that was previously employed in Spora ransomware campaign. The attackers compromise thousands of legitimate websites by adding a malicious script to them. This script identifies visitor’s web browser type and in case it detects Google Chrome, a deceptive pop-up appears on the screen.

The pop-up message states that “The “HoeflerText” font wasn’t found” and that the victim has to install it in order to view website’s content. However, the file behind this pop-up actually carries a malicious payload that is set to damage all victim’s files. At the moment, one of websites known to be compromised is one-hour[.]fr. If you are a French computer user, we suggest looking for help on website[3].

You should never install software from unknown websites. Keep in mind that the bogus “HoeflerText” pop-ups can bother not only Chrome but also Mozilla Firefox users. In case your website was compromised, you need to delete the malicious code by yourself or with the help of an expert.

Remove Mole03 ransomware and restore encrypted files

You must remove Mole03 virus. To do this, follow instructions provided below the article. You have to have an up-to-date security software with malware removal capabilities and have your computer run in a Safe Mode with Networking.

Once everything’s set, you can launch a full system scan and wait until the security product detects all malicious components. You might need to perform several scans. Once the security software detects the infection, remove it with the help of the software.

It is the easiest way to complete Mole03 removal. Besides, you should not attempt to delete this virus manually because it is a highly sophisticated ransomware example.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Mole03 virus. Follow these steps

Manual removal using Safe Mode

To remove Mole03 virus from your PC and recover files that were corrupted, carry out the given instructions.

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Mole03 using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Mole03. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Mole03 removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Mole03 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

Speaking of data recovery, we must say that the only 100% efficient way to restore encrypted files is to know the decryption key. Unfortunately, it is currently kept in cybercriminals' server, and although you can try paying the ransom, we do not recommend doing it because there's a great chance to lose your money the way you lost your files.

You can use data backup, if you have one. If you don't, we can only suggest trying these data recovery solutions. We must point out that CryptoMix ransomware has been cracked in the past, so it might happen in the future as well.

If your files are encrypted by Mole03, you can use several methods to restore them:

Data Recovery Pro trick

Data Recovery Pro software is an easy-to-use tool that helps to recover files that have been damaged, deleted, or corrupted. Please remember that it is not the official Mole03 decryptor, therefore it might fail to recover some files. However, it is worth trying this tool whatsoever.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Mole03 ransomware;
  • Restore them.

Test free CryptoMix decryptor

CryptoMix decryptor by Avast was designed to decrypt files marked with .cryptoshield, .rdmk, .scl, .lesli, .code, .rscl, .rmd (earlier ransomware versions). We have hopes that the decryptor will be updated to decrypt the latest ransomware variants.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Mole03 and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

Removal guides in other languages