.Moss Virus


.Moss is a very dangerous and harmful type of computer malware that targets the files of the attacked user. .Moss uses a new and advanced encryption algorithm to make the users files inaccessible and then asks for a ransom payment to release them.

.Moss Virus

The .Moss virus ransom note

Most users who get a threat like .Moss or .Lyli on their computers dont realize that their systems have become infected until it gets too late and their files can no longer be accessed through regular means. At that point, the virus itself reveals itself to the victims by displaying a large pop-up on their screen or by generating a notepad file somewhere on the computer (usually on the desktop or inside the directories where the encrypted files are stored).

The banner or the notepad file is supposed to tell the user about what has happened to their files and to request a ransom payment from them in exchange for the key that can supposedly release the encrypted data. This is the point where most people panic and those who can afford it and who really need their files back follow the ransom payment instructions from the virus message and send their money to the hackers behind the malware. This is not the best course of action in such a situation, however, because the payment of the ransom can never truly guarantee that you will get hold of the decryption key. It is always a better approach to give yourself some time (even if the ransom note gives you a certain deadline) to assess the situation and look for other options.

The .Moss virus

The .Moss virus is a malware program and a representative of the file-attacking virus category known as data-encrypting Ransomware. The goal of the .Moss virus is to extort money from you by not letting you open or use your most important files until you pay a ransom.

Obviously, if none of the files that the virus has managed to encrypt are particularly important to you, youd have no reason to pay the requested money and since the Ransomware itself cannot harm your computer, the problem wouldnt really be that big. All youd need to do in such a situation is remove the threat (removal instructions available below) so that it doesnt encrypt any potentially important data in the future. This could also be said about users who have previously backed up their files and can easily restore them from the backup location once the Ransomware is removed.

The .Moss file decryption

The .Moss file decryption is the method used to bring back data encrypted by Ransomware to its accessible state. The .Moss file decryption cannot be completed if you dont have the decryption key held by the hackers but there may still be some alternatives.

.Moss Virus

The .Moss File

Even without a key, you may still get the chance to restore some data without paying the ransom. We will show you some possible alternative solutions in our next guide but, before you get to them, you will first have to eliminate the Ransomware itself. Instructions on how to achieve this will be provided to you down below.



Name .Moss
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Ransomware viruses are stealthy threats that rarely show their presence when they first arrive on the computer. In most cases, users notice them only once their files have been encrypted, as Ransomware doesn’t typically show symptoms during the encryption process.
Distribution Method Anything from spam messages to fake update requests and clickbait links can be used to spread Ransomware but Trojan horse backdoors seem to be the current most popular distribution method for this sort of viruses.
Data Recovery Tool Not Available
Detection Tool

 .Moss Virus File Removal

.Moss Virus

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

.Moss Virus


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

.Moss Virus

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
.Moss Virus
Drag and Drop File Here To Scan
.Moss Virus
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

    .Moss Virus

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    .Moss Virus

    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:

    .Moss Virus

    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

    .Moss Virus

    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

    .Moss Virus 

    How to Decrypt .Moss files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment