Pxj ransomware (Removal Instructions) - Recovery Instructions Included

Pxj virus Removal Guide

What is Pxj ransomware?

Pxj ransomware is crypto-malware that threatens to delete decryption key if victims will not pay a ransom within a week

Pxj ransomwarePxj ransomware is a type of malware that renders all personal files useless until a ransom is paid for the attackers

Pxj ransomware is a malicious program designed to lock all pictures, videos, music, documents databases and other personal files on the infected computer. For that, the malware uses a combination of sophisticated encryption algorithms AES + RSA, and also appends .pxj extension to each of the files, restricting access to them. For example, a file “picture.jpg” is turned into a “picture.jpg.pxj,” and the original file type icon dispersal, leaving a blank one instead.

Upon infiltration, Pxj virus also drops a ransom note LOOK.txt – it serves as a message designed to inform users about the infection, and what they have to do next. According to cybercriminals, victims need contact hackers via xvfxgw3929@protonmail.com or xvfxgw213@decoymail.com emails, and then purchase decyption tool from them. However, we suggest not to try fulfilling threat actors' demands, despite that they are threatening to permanently remove Pxj ransomware decryption tool from their servers after seven days – there may be other methods that could help you with data recovery.

Name Pxj ransomware
Type File locking virus, crypto-malware
Distribution Spam email attachments and hyperlinks, software cracks/pirated program installers, fake updates, exploits, etc.
Encryption method Malware uses RSA + AES ciphers to lock pictures, music, videos, documents and other personal files
File extension A marker .pxj is appended to every non-system and non-executable file
Main executable sav.exe
Ransom note Ransom note LOOK.txt is dropped into most of the folders, as well as desktop
Contact Malicious actors ask uses to contact them via xvfxgw3929@protonmail.com or xvfxgw213@decoymail.com email
File recovery The only secure way to recover encrypted data is by using backups; without them, only hackers behind ransomware have the key that can unlock files, although this method is not recommended. We highly suggest you try alternative data recovery methods listed below
Malware removal To get rid of ransomware, you need to scan your machine with anti-malware software. In some cases, accessing Safe Mode is required – check the instructions below
System fix Malware can corrupt certain system files during the infection process. To revert virus damage, use PC repair software FortectIntego

Discovered by a security researcher that uses pseudonym dnwls0719 at the end of February 2020, Pxj ransomware does not seem to have any connections to other ransomware strains. Its analysis on Virus Total shows that multiple AV engines detect the threat as follows:[1]

  • Ransom.FileCryptor
  • Trojan:Win32/Genasom!MSR
  • Trojan.Ransom.Genasom
  • Trojan.GenericKD.33369615
  • Win32:Malware-gen
  • A Variant Of Win32/Filecoder.OAU
  • Trojan.Win32.Encoder.hcnyni, etc.

As evident, most of the AVs detect the executable as a generic malicious file, meaning that it was not present in malware databases (heuristic detection).[2] Because of this, it is not exactly clear how Pxj ransomware virus propagates, but it is highly likely that malicious actors implement a variety of attack vectors, including spam emails, web injects, software cracks, exploits/vulnerabilities, etc.

Once executed, the Pxj ransomware creates multiple new folders in User, Temp, and Desktop folders, and performs the necessary system changes that are needed to ensure a successful data encryption process and malware operation. For example, it deletes Shadow Volume Copies by using “vssadmin.exe delete shadows /all /quiet” command to prevent a quick file recovery using automatic Windows backups.

Pxj ransomware virusPxj ransomware is a file locking virus that uses RSA + AES encryption algorithms to encrypt data on the host machine

Once the preparations are complete, Pxj ransomware encrypts the most commonly used file types in order to maximize the damage caused to the victim. After the encryption, users can see the following ransom note “LOOK.txt” which is opened automatically:


All your files like photos, databases, videos, documents and other importants are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.

You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only one for free. File must not contain valuable information.

If you do not contact us within 3 days, the price will double every day.
And if you do not get in touch for a week, your files will be lost forever.

Our mail address:

Reserved mail address:

While we stand by the statement that paying the ransom to cybercriminals might be a huge mistake, it is also true that deciphering encrypted files requires a unique key that they store on a remote server. In other words, only Pxj ransomware developers have the key that can unlock data on your device. Nevertheless, some alternative methods are worth checking out – we provide all the details below, although keep in mind that there is no guarantee that they will be effective when trying to decrypt Pxj ransomware-locked files.

Nevertheless, before you attempt that, you should make a copy of all your important files that were encrypted, as any type of modifications may permanently damage them, and then even a working Pxj ransomware decryption tool will not be able to recover the data.

After you copy files, it is equally as important to perform comprehensive Pxj ransomware removal by using a reputable anti-malware tool. Many people get confused when they deal with a ransomware infection, and wrongly believe that its removal will restore encrypted files. It is not possible, as security software is not designed for such purposes. What is possible, however, is rebuilding the Windows operating system and ensuring its stability – we advise using FortectIntego for that.

Ransomware intrusion prevention methods

Malicious actors behind ransomware chose this malware type because it is extremely lucrative, and while not all the victims pay ransoms, those that do are enough to make it worthwhile. Many developers/distributors also employ ransomware-as-a-service scheme to make the malware more prevalent or go “big game hunting” – attack high profile corporations, businesses, and cities to extort a large sum of money from one attack.[3]

Unfortunately, security researchers have also observed a particularly alarming trend among ransomware developers – they threaten to publish the information they collected during the attack.[4] As a result, ransomware can not only leave victims without file access but also compromise their personal safety by selling the data on the underground hacking forums.

Pxj ransomware encrypted filesOnce Pxj ransomware encrypts data, it loses its icons and is no longer accessible - it requires a unique key that is stored by the attackers on a remote server

Therefore, it is imperative to ensure that ransomware does not enter the computer and/or its connected networks in the first place – precautionary measures should be used for that. As a home user, you should apply the following practices to reduce the infection risk to a minimum:

  • Install comprehensive security software with real-time protection feature;
  • Update your operating system and the installed applications as soon as security patches are released;
  • Protect all your accounts with alphanumeric passwords and never reuse them;
  • Do not open spam email attachments that ask you to enable macro function;
  • Never download software cracks/keygens or pirated program installers.

Additionally, by regularly backing your most important files, you can negate the impact of ransomware infection substantially.

Remove Pxj ransomware and only then attempt file recovery

For those who are facing the Pxj virus for the first time (or any ransomware), the cause of actions could be confusing, as many questions arise. For example, “should I pay for the decryption tool?” or “can I recover my files for free?”. As previously mentioned, paying cybercriminals is not a good idea, and should only be applied if absolutely necessary – it can result in monetary loss. First, we suggest you make copies of encrypted files, remove Pxj ransomware, and the try alternative recovery methods listed below.

For Pxj ransomware removal, you should employ powerful anti-malware software that could delete all the malicious files on your system. Note that some ransomware viruses self-delete after encrypting files, so there is nothing to eliminate afterwards. Nevertheless, we highly suggest scanning the machine with multiple AVs to ensure that malware is gone.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Pxj virus. Follow these steps

Manual removal using Safe Mode

In case Pxj ransomware is tampering with your security software, you should access Safe Mode with Networking and perform the scan from there:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Pxj using System Restore

System Restore might be successful when trying to eliminate the infection as well:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Pxj. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Pxj removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Pxj from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Pxj, you can use several methods to restore them:

Data Recovery Pro software might be what you need

If you used your computer very little after the infection, there is a chance that at least some of your data can be restored by Data Recovery Pro.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Pxj ransomware;
  • Restore them.

Make use of Windows Previous Version feature

This method can only be applied if you have an active System Restore point prepared, although this can sometimes also be eliminated by ransomware.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

In some cases, ShadowExplorer might be able to recover all .Pxj files

If Shadow Volume Copies were not deleted by the virus, you can use ShadowExplorer to recover your files.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryption tool is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Pxj and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions