Severity scale:  

Remove Obfuscated ransomware (Removal Guide) - updated Feb 2019

removal by Ugnius Kiguolis - - | Type: Ransomware

Obfuscated ransomware – a decryptable cryptovirus which is also known as BigBobRoss

Obfuscated ransomwareObfuscated ransomware belongs to the family of file-encrypting malware that infiltrates the system using malicious documents attached to the legitimate-looking email. This notorious cyber threat is also known by another name – BigBobRoss. However, ransomware payload is launched right after you open it and download the file that contains malware script, for example, bedoneupx.exe,[1] to the system. Once this file is launched, your data gets encrypted and all encoded files are marked with .obfuscated or .[id=] appendix. This is the first stage of the cryptovirus attack. Additionally, the malware drops a ransom message Read Me.txt on the screen which states about the encrypted data and how to pay the ransom for the alleged file recovery. Do not trust the test decryption that is offered in this ransom note because contacting cybercriminals supposedly will not give you any value. In fact, both of the virus's versions are decryptable.

Name Obfuscated ransomware
Type Cryptovirus
Also known as BigBobRoss
Danger LEVEL High. This virus locks all found files, gladly, they can be recovered
Ransom note Read Me.txt
Contact email
Main executable bedoneupx.exe
File extension .obfuscated, .[id=]
Distribution method Spam email attachments
Elimination Use Reimage Reimage Cleaner Intego for Obfuscated ransomware removal, then recover your files by contacting Michael Gillespie.

Obfuscated ransomware virus can also be called BigBobRoss ransomware due to the contact email left in the ransom note — There are also a few different payload versions discovered in the wild, but the danger behind the cyber threat remains the same. The most dangerous thing about the ransomware is the file encryption that affects the original code of your photos, audio files, documents, and even archives.

Unfortunately, when your files get the .obfuscated extension, you cannot open or use them. Keep in made, that Obfuscated ransomware can lock a big variety of data, including audio, video, image, text document, archive, virtual drive, template files. We recommend cleaning the system thoroughly and then focusing on the data recovery using backups because it is the safest way.

Obfuscated ransomware developers cannot be trusted because these people only care about your money and there is little to none possibility that encrypted files can be recovered.[2] Use a reputable anti-malware tool like Reimage Reimage Cleaner Intego, eliminate all threats including this cryptovirus and avoid the risk of getting scammed by the crooks. 

For further information, Obfuscated ransomware developers also urge paying the ransom price in Bitcoins. They provide the users which a site where such cryptocurrency can be obtained. It is known that cybercriminals who demand ransom always ask for some type of cryptocurrency (Bitcoin mostly) in order to stay safe and untrackable.

When Obfuscated ransomware is done encrypting your files the ransom note Read Me.txt is displayed on the screen and has the following message:

Hello, dear friend!
1- [All your files have been ENCRYPTED!]

Your files are NOT damaged! Your files are modified only.
The only way to decrypt your files is to receive the decryption program.
your files can not be decrypted without the special program we made it for your computer.


To receive the decryption program Write to our email “”
and tell us your unique ID


Free decryption as guarantee.
We guarantee the receipt of the decryption program after payment.
To believe, you can give us 1 file that must be less than 1MB and we decrypt it for free.
File should not be important to you! databases, backups, large excel sheets, etc.

4- [ Instruction ]

the easiest way to buy bitcoins is LocalBitcoins site. you have to register, click “buy bitcoins”
and select the seller by payment method and price.

please do not change the name of files or file extension if your files are important to you!
Your unique ID : 

Additionally to the first encryption function, Obfuscated ransomware can alter various parts of the system and change various settings:

  • modify Windows Registry Keys;
  • disable security programs;
  • delete shadow volume copies;[3]
  • add files to system folders;
  • run malicious processes in the Task Manager section.[4]

Since victims of Obfuscated ransomware have contributed to the analysis, there are a few versions of the same ransomware that can easily distribute around the world. However, the solution for most of the cryptovirus is the same – anti-malware tools and a full system scan. Expert-tested software is necessary for this process as the user himself/herself might cause even more damage while trying to delete the notorious infection on his/her own.

You need to remove Obfuscated ransomware using professional tools so that every related file can be deleted from the system entirely. Also, remember that the name of a threat may differ depending on the antivirus program you are using. You should follow the suggested steps of your anti-malware tool.

Obfuscated virusObfuscated ransomware is a file-encrypting cyber threat also known as BigBobRoss

We want to remind you that Obfuscated ransomware is a ransom-demanding virus and its developers cannot be trusted. Even though the crooks offer 1 file for free decryption to prove that the decryption key is real, there still is no need of contacting them. First of all, you risk being left with no money. Second, cybersecurity experts have already released a decryption tool for .obfuscated files.

Researchers[5] note that Obfuscated ransomware can be detected as:

  • TR/Encoder.cjfbq;
  • TR/Crypt.XPACK.Gen;
  • Trojan.Ransom.Filecoder;
  • Trojan.Heur.RP.7mqaaiAmoeki;
  • Win32:Malware-gen;
  • TR/FileCoder.iirhw;
  • Gen:Trojan.Heur.RP.7mqaaiAmoeki (B);
  • etc.

Make sure to check if the system is malware-free after the automatic Obfuscated ransomware removal. You can do so by scanning the device again or with an alternative antivirus tool. This way you can be sure that data backups can be used to restore encrypted files. If you have no backups and still want to recover locked data, check our tips below the article.

Obfuscated ransomware virusObfuscated ransomware cryptovirus delivers a ransom note in the text file containing payment instructions. It infects the system with the main executable bedoneupx.exe.

Email attachments help infect the system with malware

There are many other variants of ransomware-type threats that get on the network using Word, Excel or PDF documents attached to the email spam. This is a common technique used by malware developers and distributors. When the email poses as a legitimate notification from companies like PayPal, FedEx or Amazon people tend to open them without consideration.

However, when the email is opened, and the attached file downloaded, malicious script is automatically launched on the device. The payload might also inject the system via the direct link on the PDF file or the email itself. You can avoid the infiltration if you pay more attention to the content of your email box. You should delete suspicious emails or the ones you were not expecting to get in the first place.  

Continuously, ransomware infections are commonly distributed thru unprotected networks such as Torrents and The Pirate Bay. While downloading certain applications, movies, and TV series from these websites, you take risks of infecting your computer system with malware. We suggest staying away from third-party sources and downloading content only from primary distributors.

Get rid of the Obfuscated ransomware virus during a thorough system clean

The main tip we can give you when dealing with Obfuscated ransomware virus is to employ professional programs designed to terminate threats like this. Reputable anti-malware gives you the advantage because it can indicate possible risks and remove them from the computer once and for all. Eliminating the cyber threat on your own, you risk causing more damage to your system.

Remove Obfuscated virus using Reimage Reimage Cleaner Intego or SpyHunter 5Combo Cleaner and scanning the system entirely. This should take less than 15 minutes, and your device is safe to use again. Remember, wait until the process is finished and do not forget to refresh your entire computer system after the elimination just to ensure that the cyber threat has been taken care of properly.

Note that you need to perform Obfuscated ransomware removal before any data recovery attempts so that your computer is clear and safe. If you plug in the external device with your file backups on the infected system, ransomware encrypts your data once again. So, make sure that you accomplish your goals as required.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Obfuscated virus, follow these steps:

Remove Obfuscated using Safe Mode with Networking

To disable Obfuscated ransomware, reboot the system to the Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Obfuscated

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Obfuscated removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Obfuscated using System Restore

System Restore feature may help when you want to get rid of ransomware faster:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Obfuscated. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Obfuscated removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Obfuscated from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Obfuscated, you can use several methods to restore them:

Data Recovery Pro is a good alternative when you have no backups

You can use Data Recovery Pro for accidentally deleted files too

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Obfuscated ransomware;
  • Restore them.

Windows Previous Versions feature helps when Obfuscated ransomware encrypts your important data

Windows Previous Versions can only be helpful when System Restore is enabled

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Use ShadowExplorer for the file recovery

If the ransomware virus left Shadow Volume Copies untouched, you could recover data using ShadowExplorer

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Obfuscated ransomware decryptor is available

If you got infected with this ransomware virus, don't be scared because it seems that it is decryptable. For that, contact virus researcher Michael Gillespie.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Obfuscated and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding Obfuscated ransomware