Zeoticus 2.0 ransomware (Virus Removal Guide) - Removal Instructions

by Julie Splinters - - 2020-12-18 | Type: Ransomware

Zeoticus 2.0 virus Removal Guide

Description Quick solution Instructions Prevention

What is Zeoticus 2.0 ransomware?

Zeoticus 2.0 ransomware — a file-locking computer virus that changes the desktop wallpaper to present its ransom demand

Zeoticus 2.0 ransomware Zeoticus 2.0 ransomware is a data-locking computer virus that demands Bitcoins for a decryption tool

Zeoticus 2.0 ransomware is a cryptovirus designed to encrypt files on a targeted computer and leave a ransom note that demands cryptocurrency as a ransom. The name for this virus stems from a character in a Japanese manga/anime series known as School DxD High.

The “2.0” indicates that this malware is an update to the Zeoticus ransomware that was first spotted by researchers back in December 2019. Like its previous version, this cyber threat also used AES coding algorithm to encrypt personal files, although there are a few differences too.

When Zeoticus 2.0 virus appends filenames, it does it by adding a triple extension – a sequence of 19 random numbers, outsourse@tutanota.comcriminal contact email, and .2020END extension (hence the malware might be referred to as 2020END ransomware). Afterward, the desktop wallpaper is changed in order to redirect victims to read the created README.html ransom note.

name	Zeoticus 2.0 ransomware
Type	File locking virus
Ransom note	Changed desktop background and README.html
Appended file extension	19 random characters.outsourse@tutanota.com.2020END extension is added to all encrypted files
Criminal contact details	outsourse@tutanota.com, outsourse@cock.li
Virus removal	Ransomware like this should be eliminated from all devices with a reliable anti-malware application ASAP
System health	Take care of the registry of your system by performing a system tune-up with a robust ReimageIntego app

Cybercriminals love Bitcoins because it's fast, reliable, and anonymous. The same goes for developers of Zeoticus 2.0 virus. In the ransom note, they instruct their victims on how to buy that cryptocurrency because that's how the payment ought to be made (although the ransom size isn't specified). Hackers in the README.txt state the following:

—-===Zeoticus 2.0===—-

WARNING!
I am truly sorry to inform you that all your important files are crypted.
If you want to recover your encrypted files you need to follow a few steps.
You need to buy bitcoins and send them to the address you receive by mail.
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register,
click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
write to Google how to buy Bitcoin in your country?
in order to guarantee the availability of our key
we can decrypt one file for free
the size of the files <1 mb, doc.docx.cls.xlsx.pdf.jpg.bmp.txt file format
other formats will not be free decryption
after payment we will send a decryption program
Do not try to decrypt your files with programs by the decoder,
you will only damage your data and lose them forever.
Only we can decrypt your data, write to the original mails specified in this file,
otherwise you will become a victim of scammers.
outsourse@tutanota.com
outsourse@cock.li
—

All further ransom details would be provided to the victims if they contact the assailants by any of the two (or both) given emails – outsourse@tutanota.com, outsourse@cock.li. We strongly advise against making contact with the cybercriminals and against paying the ransom, and there are numerous reasons for that:

Victims could lose their money
Sent payments increase cybercriminals motivation and finance new attacks
Funds might be used to research new ways of attacking and new ransomware
The delivered decryption tool (if delivered at all) might not work.

That's why victims should remove Zeoticus 2.0 ransomware from their infected computers. Anti-malware software is vital not only for eliminating viruses but for preventing them access to computers too. Keeping virus databases up-to-date is essential because cybercriminals spawn new viruses each day.

According to VirusTotal,^[1] 49 out of 69 anti-virus engines apprehended one of the malware's sample. That's why we suggest entrusting Zeoticus 2.0 ransomware removal to time-proven anti-malware apps like SpyHunter 5Combo Cleaner or Malwarebytes. Choose to perform a full system scan and let the software do the rest.

Zeoticus 2.0 ransomware is the second version of a new crypto-malware strain that firs showed up in January 2020

When you get rid of the infection, you should take care of your device's overall health. We recommend using powerful system repair tools like the ReimageIntego app to scan for any system irregularities caused by the cryptovirus and revert them with a push of a button.

Changed desktop background carries this message:

Dear [username]
All your files has been encrypted
Toss a coin to us and get decryptor tool
All information how to make it you can find in README file

Simple steps to improve cybersecurity level for home users

Tech giants like Microsoft, Google, and others are constantly implementing new security measures to make the internet a safer place. But unfortunately, malware developers are bending over backwards to bypass these measures. That's why we compiled guidelines of a few simple steps that would greatly increase your cybersecurity level and might prevent you from ever having to deal with cybercriminals (or at least minimize the damage):

Purchase a trustworthy anti-malware application and keep its virus database updated at all times.
All software, including the operating system, must be up-to-date.
Always keep backups of all essential data. In case ransomware slips by your security, you can easily remove it and restore the data.
Learn how to recognize phishing emails. Never open any links or download any attachments in emails that you don't know the sender.
Try to avoid torrent sites. They might be riddled with different kinds of malware^[2]

Zeoticus 2.0 ransomware is a virus that might result in a complete personal data loss

Remove Zeoticus 2.0 ransomware with anti-malware software

The longer malware stays in a computer, the more damage it could do. Cryptoviruses are capable of replicating themselves to other computers or storage devices connected in a network. So users should focus on immediate Zeoticus 2.0 removal before more harm came their way.

Although manual deletion is possible, it might seem like a tough cookie to crack even for highly-experienced users. So remove Zeoticus 2.0 with the help of reliable anti-malware tools like SpyHunter 5Combo Cleaner or Malwarebytes. But export all encrypted files to an offline storage device before doing that. There's no decryption tool available right now, but there's always hope.

Ransomware is capable of making serious changes to the system registry and other key settings, which might lead to crashes, severe lag, and other abnormal behavior. Experts^[3] recommend using the ReimageIntego app to restore your device's health so you could enjoy it anew.

Offer

do it now!

Download
Reimage Happiness
Guarantee Download
Intego Happiness
Guarantee

Compatible with Microsoft Windows Compatible with macOS

What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.

Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

press

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.

Download SpyHunter 5 Review »

Malwarebytes

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Download Combo Cleaner Review »

Getting rid of Zeoticus 2.0 virus. Follow these steps

Manual removal using Safe Mode

If the virus prevents from removing it while Windows in normal mode, try doing it in Safe Mode with Networking

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment.

Windows 7 / Vista / XP

Click Start > Shutdown > Restart > OK.
When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
Select Safe Mode with Networking from the list.

Windows 10 / Windows 8

Right-click on Start button and select Settings.
Scroll down to pick Update & Security.
On the left side of the window, pick Recovery.
Now scroll down to find Advanced Startup section.
Click Restart now.
Select Troubleshoot.
Go to Advanced options.
Select Startup Settings.
Press Restart.
Now press 5 or click 5) Enable Safe Mode with Networking.

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
Click on More details.
Scroll down to Background processes section, and look for anything suspicious.
Right-click and select Open file location.
Go back to the process, right-click and pick End Task.
Delete the contents of the malicious folder.

Step 3. Check program Startup

Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
Go to Startup tab.
Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

Type in Disk Cleanup in Windows search and press Enter.
Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
Scroll through the Files to delete list and select the following:

Temporary Internet Files
Downloads
Recycle Bin
Temporary files
Pick Clean up system files.
You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

%AppData%
%LocalAppData%
%ProgramData%
%WinDir%

After you are finished, reboot the PC in normal mode.

Remove Zeoticus 2.0 using System Restore

System Restore – another viable option for infection elimination

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
1. Click Start → Shutdown → Restart → OK.
2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
3. Select Command Prompt from the list
Windows 10 / Windows 8
1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
2. Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
1. Once the Command Prompt window shows up, enter cd restore and click Enter.
2. Now type rstrui.exe and press Enter again..
3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Zeoticus 2.0. After doing that, click Next.
4. Now click Yes to start system restore.
Once you restore your system to a previous date, download and scan your computer with ReimageIntego and make sure that Zeoticus 2.0 removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Zeoticus 2.0 from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Zeoticus 2.0, you can use several methods to restore them:

Recover your data

File retrieval with Data Recovery Pro

This third-party app might help to recover .2020END extension files.

Download Data Recovery Pro;
Follow the steps of Data Recovery Setup and install the program on your computer;
Launch it and scan your computer for files encrypted by Zeoticus 2.0 ransomware;
Restore them.

Recovering encrypted files with Windows Previous Version feature

With the help of the Windows Previous Version feature, users might be able to restore .END2020 extension files.

Find an encrypted file you need to restore and right-click on it;
Select “Properties” and go to “Previous versions” tab;
Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Shadow Explorer recovers files From Shadow Volume Copies

If ransomware didn't delete Shadow Volume Copies then this app might restore data from them.

Download Shadow Explorer (http://shadowexplorer.com/);
Follow a Shadow Explorer Setup Wizard and install this application on your computer;
Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryption tool is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Zeoticus 2.0 and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author

Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References

^ Virustotal. Virustotal. Suspicious file analysis.
^ Roger A. Grimes. 9 types of malware and how to recognize them. Cso. Security news, features and analysis.
^ Odstranitvirus. Odstranitvirus. Spyware and security news.