Boza Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Boza is a variant of Stop/DJVU. Source of claim SH can remove it.


Boza is a ransomware infection that uses the method of encryption to restrict access to certain files that are stored on a target computer. The creators of Boza use this infection to extort money by threatening the victims to never access any of the encrypted files unless they pay a ransom for a decryption key.

The Boza ransomware will leave a _readme.txt file with instructions

If you are reading this you have probably been contaminated with Boza and have been greeted by a message on your screen that asks you to pay a fixed amount of money to restore your access. Our intention, on this page, however, is to show you ways to avoid that ransom payment and remove Boza from your computer. So, if you are interested to learn how to do that, you should proceed with reading the entire article in order to make the best choice and to find a working situation for your situation. What you will find at the end of the page is a removal guide and a professional program, both of which can help you with this uneasy task.

The Boza virus

The Boza virus is a harmful program that can encrypt a wide variety of digital files and prevent the owners from accessing them. After placing its encryption, the Boza virus will typically provide an option to recover the encrypted files by paying ransom for a decryption key.

Boza Virus
The Boza virus will encrypt your files

Most Ransomware threats often use the help of a Trojan horse virus to exploit the vulnerabilities of a given system and to get inside the computer without being noticed. Once inside, these threats start an in-depth and detailed review of all the files that are stored in the system and create a full list of all of the files that you are using the most. The next step is to encrypt the files from this list. When this is done, a threatening message will be shown on your computer’s screen. It usually says that you must pay a ransom in order to obtain the decryption key for your information.

The Boza file

The .Boza file is a normal user file that cannot be accessed because it has been encrypted by the Boza ransomware. The extension of the .Boza file may contain odd symbols and characters that no software can recognize and open.

It is natural to be scared when faced with a threat like Boza, Kiop or Kitz. We want to warn you, however, that you are dealing not only with the ransomware but also with the criminals behind it who, without a second thought, have restricted access to your files. Therefore, before you decide how to act, it is best to explore all the possible alternatives that you have at hand. Paying the ransom may be the most obvious one but surely isn’t the best because, whether you transfer the money or not, nothing can guarantee that you will receive a decryption key from the criminals. Therefore, what we suggest is to keep your money and try to recover your files from personal backups, system backups, external file copies, and even with the help of professional software. To increase your chances of success, however, don’t forget to remove the ransomware virus from the computer. The removal guide below will help you with this and also will provide you with some file-recovery suggestions.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
Data Recovery ToolNot Available
Detection Tool

*Boza is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Boza Ransomware


You need to carefully follow the steps outlined in this removal guide if you want to be successful in removing the Boza ransomware from your computer. Make sure that any external storage and USB devices are disconnected from the system that is infected, and disable the Internet connection on your computer to prevent the ransomware from interacting with its malicious servers.

In addition, it is strongly recommended that you click on this link and then follow the directions that appear on the screen to restart your computer in Safe Mode. After the reboot, come back to this page and go to the next step.

If you save this Boza removal guide to your bookmarks, you’ll be able to access it with a single click after restarting your computer and pick up right where you left off.



*Boza is a variant of Stop/DJVU. Source of claim SH can remove it.

After completing the first step, and the computer restarts in Safe Mode, go to the Task Manager (to get there, enter Task manager in the Windows search field and press Enter), and then go to the Processes tab. Sort the presently active processes based on how much memory and CPU they are using. If you see potentially malicious processes, its important to view the files associated with these processes. To do that, right-click on each of them and choose Open File Location from the context menu, as shown in this image:


You may perform a check to see if there are any potentially harmful files that need to be deleted by dragging and dropping the contents of the folder into the scanner that is located below.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If the scanner finds malicious files that need to be removed, the first step is to locate the process that they are associated with, right-click on it, and choose “End Process” to stop the process from running. After that, delete the files from the location where they are stored.

    Next, on your keyboard, simultaneously hit the Windows key and the R key to open the Run box, and then type in the following command, then hit Enter:

    notepad %windir%/system32/Drivers/etc/hosts

    On the screen, you should see the Hosts file open. It is recommended that any strange-looking IP addresses discovered in the text under “Localhost” be reported in the comments area located at the bottom of this page. We are going to look more closely at the IP addresses that you post in the comments box, and we will let you know if those IP addresses pose a threat to your computer.

    hosts_opt (1)

    There is a possibility that the System Configuration pane will also include files associated with Boza. To access it, click the search box in Windows, type “msconfig” and then hit the Enter key on your keyboard. Check out the “startup” tab to find out which startup options have already been enabled.

    Remove any checkmarks from the boxes next to startup items if they are related with the malicious software that has to be uninstalled. In the event that you have any questions or concerns, you should always do research on the internet before making any changes.



    Malware may covertly install more dangerous files in the registry, which files give it the ability to remain hidden there for an extended period of time. Because of this, you need to do a comprehensive search inside the registry for files associated with Boza that need to be deleted in order to avoid the threat from emerging once again after restarting the system. In order to launch the Registry Editor, you need to go to the Windows search field, enter “Regedit” and then press the Enter key on your keyboard.

    You may use the CTRL and F keys on your computer to search the Registry Editor for infected files, which can then be removed when the search has been completed. In order to get started with the search, first type the name of the ransomware into the box labeled Find, and then click the Find Next button.

    Attention! A user who has never dealt with ransomware before may have difficulty locating and deleting ransomware-related files from the registry. If legitimate registry entries are erased, there is a possibility that the system may become unstable and suffer damage as a result. If you do not think that you are capable of removing the malware yourself, it is highly recommended that you make use of a virus removal application such as the one that is provided on this website.

    There is a possibility that files associated with ransomware may also be located in the following system locations. In order to access them, put the following search words in the Windows search field on your computer and then hit the Enter key:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    You should go through each of the places for files and folders with random names, and if you discover anything that catches your eye, you should research it online to see whether it actually needs to be removed from the system. If you select everything in the Temp folder on your computer and then press the delete key on your keyboard, you will be able to erase any temporary data that may have been stored there.


    How to Decrypt Boza files

    In certain instances, it may be challenging to decrypt data that has been encrypted by ransomware, even for the most experienced ransomware decryption specialists. As a consequence of this, untrained users may have difficulty dealing with ransomware since multiple versions of ransomware may utilize different file-decryption algorithms, each of which is distinct in terms of how successfully it decrypts the files. The first thing you need to do when confronting ransomware is to identify the specific variant of the malware that has infected your system. You may be able to find this information by looking at the file extensions of the encrypted files.

    It is important to keep in mind that any data that may be restored will be encrypted by the ransomware if it is still present on your machine. Because of this, it is essential to do a thorough inspection of the computer before beginning any data recovery method. Anti-malware software is quite useful in situations like this.

    New Djvu Ransomware

    STOP Djvu is a variant of ransomware that is wreaking havoc on a number of systems and is demanding a ransom from the users of those systems in order to recover the information that has been encrypted. The extension .Boza is typically appended to encrypted files, and it serves as an indicator of the particular ransomware variant that has attacked your system. Those users who have verified that no malicious software is present on their computer system may be able to decrypt the file with the help of a decryption application like the one that can be found at the following link:

    Before beginning the decryption process, however, it is important to carefully go through the terms of the license agreement, as well as any additional instructions that may be linked with the decryptor. It is important to bear in mind that the capability of this program to decode your data is not guaranteed, especially if the files were encrypted using an unknown offline key or an online encryption method.

    In the event that the manual techniques outlined on this page are unable to remove Boza in its entirety, you will likely need to resort to using antivirus software. If you are concerned about the reliability of a particular file, you may use our completely free online virus scanner to do a manual scan on it. If you have any concerns about these instructions for removal, please feel free to leave them in the comment section below, and a member of our team will try their best to respond to you as soon as possible.


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1