Bozq Virus

Ransomware
by Lidia Howler
October 31, 2022
Anti-virus offerOFFERWe tested that Spyhunter successfully removes parasite* and we recommend using it. Manual removal without a program may take hours, it can harm your system if you are not careful, and parasite may reinstall itself at the end if you fail to delete its core files.
Download SpyHunter (Free Remover)
7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Bozq is a variant of Stop/DJVU. Source of claim SH can remove

Bozq

Bozq is a ransomware-based piece of code designed to require ransom from its victims in exchange for restoring access to their previously encrypted files. Typically, Bozq firstly encodes the files that are of great value to the user with complex cryptography and then demands a money transfer to decrypt them.

DJVU 1 1024x641
The Bozq virus file ransom note

Ransomware describes a range of fraudulent computer programs that deny targeted users access to their digital data. Bozq is one such malware piece that usually encrypts a variety of files, which then can take a lifetime to recover. The hackers who control this piece of malware typically demand a ransom payment in order to send the victims a secret decryption key. Nevertheless, even if you are ready to transfer the required money, you will have no assurance that the files that have been encrypted are going to be successfully decrypted and made available to you. Therefore, at the end of the following post, we have created a removal guide to help you remove Bozq and potentially get back some of the files it has encrypted through system backups.

The Bozq virus

The Bozq virus is a malicious infection from the ransomware type which is programmed to prevent users from accessing the information stored on their computer. The ultimate goal of the Bozq virus is to blackmail its victims to pay ransom in order to access their files again.

Bozq more frequently infects the computer via an infected file that gets clicked on by the unsuspecting web users. This could be a fake advert, an infected email attachment, an executable file that has been compromised or even a web link that carries the infection. Once inside, the malware creates a list of the most commonly used data by searching all of the hard drives and other connected storage devices. Then the nasty virus encrypts this data and displays a scary ransom message on the screen. Sadly, the infection normally becomes apparent only after essential files have been encoded and the threatening message has appeared on your computer.

The Bozq file encryption

The Bozq file encryption is a secret process aimed at encoding user files and rendering them inaccessible. The Bozq file encryption is carried out in the background of the system and can complete its agenda under the nose of most security programs.

Bozq File

If you are hesitant whether to pay the ransom that Bozq demands or not, you should take into account that, according to some laws, making such a payment can be regarded as criminal activity. In doing so, you basically would encourage the hackers behind the ransomware to pursue their illegal practices and attack more and more web users who are willing to pay. Therefore, it is much better to seek some legitimate solutions to deal with the infection and recover your files by other means. What we suggest is to remove the infection from the computer with the help of the steps shown in the guide below. This will allow you to later use the instructions in the file-recovery section or even connect your personal backup sources to the clean computer.

SUMMARY:

NameBozq
TypeRansomware
Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Bozq is a variant of Stop/DJVU. Source of claim SH can remove

Bozq Virus Ransomware Removal

Step1

Completing the instructions in this removal guide from beginning to end is crucial if you’re trying to remove Bozq effectively. For your convenience, we suggest bookmarking this page, so you can have quick access to the steps, as well as restarting the computer in Safe Mode to make it simpler to identify ransomware-related files and processes that are running on the system.

Once the computer reboots, return to this removal page that you have bookmarked and complete the following instructions:

Type msconfig in the search bar of the Start menu. Press Enter and then choose the Startup tab in the System Configuration window:

msconfig_opt

Make a thorough examination of the computer’s startup items, looking for anything that doesn’t seem to be connected to any legitimate software or activity. By unchecking the corresponding checkboxes, you may deactivate any suspicious-looking entries that have an “Unknown” Manufacturer or entries that you don’t trust.

After you’ve verified that only legitimate programs are enabled there, click Ok and exit the System Configuration window

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

*Bozq is a variant of Stop/DJVU. Source of claim SH can remove

Next, you’ll need to go through your computer’s processes one by one and end any that are associated with Bozq.

CTRL + SHIFT + ESC may be used to open the Task Manager. Then choose Processes from the tabs at the top.

Find processes with random names or processes that use a lot of resources, right-click on each of them and choose Open File Location to view their files:

malware-start-taskbar

Next, use the free online virus scanner below to check whether the files you’re looking at are dangerous or not.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Full ScanUpload New File
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    These files may need to be deleted from the File Location directory promptly if they are flagged as malicious. But before that, select the process they belong to from the Processes tab, right-click on it and choose the End Process option to stop it from running.

    Step3

    Changes to other system files are possible as a result of certain malware attacks. Thus, in the event that you’ve been infected with Bozq, you should do the following:

    Use the Windows and R key combination and copy + paste the line below in the Run command box that opens on the screen:

    notepad %windir%/system32/Drivers/etc/hosts

    Click the OK button and open the Hosts file.

    Next, locate Localhost by scrolling through the file’s content. Afterwards, look to see if any suspicious IP addresses have been added below:

    hosts_opt (1)

    If you discover anything worrisome (like the Virus Creator IPs in the sample image above), please copy any IP addresses that look suspicious to you from your file, and paste them in the comments’ section. A member of our team will check them and give you their recommendations. 

    If there is nothing unusual in the file, close it and proceed to the next step.

    Step4

    *Bozq is a variant of Stop/DJVU. Source of claim SH can remove

    One of the most critical steps in dealing with the ransomware infection is to thoroughly inspect your computer’s registry for any suspicious entries, which should be deleted if they are found. 

    Begin by selecting the Start menu (bottom left) and entering Regedit in the Windows search bar. After pressing Enter to activate the Registry Editor, press CTRL and F at the same time on the keyboard. You’ll see a Find box on the screen at this point. Once you’ve entered the ransomware’s name, click the Find Next button to begin searching for registry entries that are a match. 

    Be very cautious when deleting items that aren’t directly connected to Bozq; else, your system might suffer irreparable harm. If you aren’t certain about the files that you need to delete, please use a professional removal tool to clean the registry safely.

    After that, check each of the locations listed below to see whether anything new has been added to them. Simply type each of them in the Windows Search field and open the folders:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    The Ransomware may have infected the directories with files that are named in a strange way, and deleting them may be necessary. Also, you need to remove any temporary files produced by the ransomware when you access the Temp folder by selecting all of its content and deleting it.

    Step5

    How to Decrypt Bozq files

    Ransomware victims’ primary worry after removing the infection from their computer is how to regain access to their encrypted data. But this is something that has to be addressed carefully.

    It is highly recommended that you use professional anti-virus software, such as the tool that you can find on this page, for removing Bozq and other malware. If you are certain that Bozq has been effectively deleted from your PC, you may want to refer to the following instructions:

    Decrypting encrypted data varies depending on the version of the ransomware that has attacked you. Look at the extensions of the encrypted files to figure out what’s the ransomware’s version.

    New Djvu Ransomware

    STOP Djvu is the latest Djvu ransomware strain. The victims can easily recognize the infection  because the files that it encrypts come  with the .Bozq extension added to them. Presently, to decrypt data encoded by STOP Djvu, your only chance  is if those files have been encrypted using an offline key. This decryptor may help you recover your files:

    https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

    The STOPDjvu.exe file may be downloaded by clicking the Download button on the provided link.

    After you have downloaded the file, select “Run as Administrator”, then press the Yes button to start the software. Click the Decrypt button to begin the decryption procedure once you’ve read the license agreement and the short instructions. This decryptor can’t decode data encrypted using unknown offline keys or online encryption, so bear that in mind.

    If you have any troubles with this manual removal guide, please leave us a comment, and we will do our best to reply you shortly. Also, don’t hesitate to use the anti-virus software on this page to remove Bozq completely or check any suspicious-looking files with the free online virus scanner


    About the author

    blank

    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    View all posts

    Leave a Comment