Ooxa Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Ooxa is a variant of Stop/DJVU. Source of claim SH can remove it.


Ooxa is a Ransomware-based virus that cybercriminals use to extort money and to generate profit from ransom payments. The way Ooxa attacks the system is simple – it sneaks in without being detected and encrypts the files stored there. Then, it asks the victims to pay a ransom to decrypt them.

The Ooxa ransomware will leave a _readme.txt file with instructions

This type of malware is the most troublesome cyber threat you will ever have to deal with. That’s why before you decide how to deal with it, you have to understand that deleting such a program and undoing the encryption that has been placed is generally extremely difficult. Even experts can find the implications of such malware extremely challenging to handle. Therefore, we advise you to seek reliable solutions and alternatives, be they in the form of self-help guides that can help you remove Ooxa or some professional software.

The roles of the viruses based on ransomware depend entirely on their subtype. Security experts recognize ransomware infections that target mobile devices and attack your smartphones and tablets by locking their screens. Then, they ask for a ransom to unlock the screens. Similar screen-locking viruses can restrict access to the screen of your laptop or desktop and block you from using your machine unless you pay a certain amount of money. The most well-known versions of ransomware, however, are the file-encrypting ones. They are, perhaps the worst because they target the files that you store on your computer and typically the ones you use the most. They encrypt them with a secret cryptographic key and then harass you into paying a ransom in order to decrypt them. Ooxa belongs to this subgroup and works exactly in this way.

The Ooxa virus

The Ooxa virus is a form of malware that needs ransom to undo what it has done to your device. The Ooxa virus usually notifies its victims about the effects of its attack via a ransom note.

Ooxa virus
The Ooxa virus will encrypt your files

Sadly, you can never be sure how exactly you have landed your computer with ransomware such as Ooxa, Ggwq, Ggew. There are endless options: viral websites, torrents, shareware and websites for free download. Among the most common sources, however, are the so-called malvertisements, which present fake pop-ups and other online ads programmed to redirect you to contagious websites. You get infected with the virus as soon as you click on such an ad. Fake system update requests are another possible source. Many suspicious update requests appear on your monitor sometimes and they do not come from your OS, they simply pop up, working as fake ads and sneak the virus inside your PC once they have been clicked on. In addition, spam emails and their attachments may typically distribute Ransomware (and in some cases, even Trojans may come along with them) and your device might become compromised just after you open such a message or its attachment.

The Ooxa file encryption

The Ooxa file encryption is a malicious process that cyber criminals initiate to restrict access to your most valuable files. The Ooxa file encryption process runs silently in the system and normally shows no visible symptoms.

There aren’t many options of what you can do next after you’ve seen the ransom note on your screen. You can always ask security professionals with experience and knowledge to help you remove this virus and possibly restore your files instead of sending money to anonymous crooks. You may also decide to go down the self-help road and download a powerful removal tool. It may be paid, but spending your money on it is still better than not receiving a decryption key from the hackers you’ve paid a ransom to. And another alternative is to remove Ooxa by following the steps in the guide below and try out our free file-recovery suggestions.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
Data Recovery ToolNot Available
Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Ooxa is a variant of Stop/DJVU. Source of claim SH can remove it.

Before you begin this guide

You should take note of the following important points before beginning the guide:

Any external devices such as smartphones, tablets, external HDDs, etc. that are still plugged in the infected computer must be disconnected immediately!

Though we advise against it, if the payment of the ransom is the only option you have left, and you are thinking about going through with it, then we recommend you do not perform the removal guide until you’ve performed the payment and, hopefully, recovered your files.

It’s possible that the Ooxa Ransomware may seem to already be gone from your computer – even so, the guide below should still be performed.

Remove Ooxa Ransomware

To remove Ooxa, you can attempt to delete the virus manually, by following the next steps, or use an automatic removal program:

  1. Delete any program that may have caused the virus infection from Control Panel > Uninstall a Program.
  2. Clean the Task Manager from rogue processes.
  3. Delete any malware data that may be stored in these folders: AppData, LocalAppData, WinDir, ProgramData, Temp.
  4. Check the Registry, Task Scheduler, Hosts file, and the List of Startup items for malware-enforced changes, and revoke those changes.

To make sure that you perform every step correctly, refer to the more detailed instructions we’ve provided in the next lines. Also, if you are interested in trying the automatic removal method, we’ve included a powerful anti-malware tool in the next guide that can help you delete Ooxa.

Detailed removal instructions

Step 1

Click the Start Menu, type Programs and Features, press the Enter key, and search the list that pops up for unknown, suspicious, and or untrusted programs that have been installed recently. If there is such a program in the list, right-click it, select the Uninstall option, and perform the steps from the uninstaller (if there are any steps).

While performing the uninstallation process, ensure that you do not allow any data or settings from the unwanted program to remain on your computer by making sure that you use the correct uninstallation settings.

This image has an empty alt attribute; its file name is uninstall1.jpg

Step 2


*Ooxa is a variant of Stop/DJVU. Source of claim SH can remove it.

Start the Task Manager (Ctrl + Shift + Esc), open Processes, and look for any resource-intensive processes with strange names and/or names that seem unrelated to any of the regular and trusted programs that you have on your computer. Also, look for processes that seem related to the program from the previous step. If you find anything questionable, Google it and also scan the files in its location folder to find out if the process is rogue. To access the location folder of a given process, right-click the process entry in the Task Manager and select Open File Location. To scan the files in that folder, use the professional scanner posted below (it’s free to use).

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.
    This image has an empty alt attribute; its file name is task-manager1.jpg

    If there is a malicious process (or processes) in your Task Manager, quit it (right-click > End Process) and then erase its file location folder.

    This image has an empty alt attribute; its file name is task-manager2.jpg

    Step 3

    Next, prevent Ooxa from launching any of its malicious processes again by putting your PC into Safe Mode.

    Step 4

    Search for Folder Options in the Start Menu, open the Folder Options app/icon, and click the View tab. There, find the option labeled Show hidden files, folders, and drives, enable it if it’s not enabled, and click OK.

    After that, click the Start Menu again, type %Temp%, and press Enter. In the newly-opened folder, press Ctrl + A to select everything, then press Del, and click Yes to confirm the deletion of all files and folders contained in Temp.

    In the same way, visit the following four folders, but in them only delete the most recent files and sub-folders – the ones created after the virus infected you. To do this more easily, sort the files in those folders by their creation dates.

    • %AppData%
    • %WinDir%
    • %LocalAppData%
    • %ProgramData%

    Step 5

    If you are on Windows 10, open the Task Manager again and this time select its Startup tab. If you are a Windows 7 user, type msconfig in the Start Menu, click the first item, and open the Startup tab. Once you see the list of Startup items for your PC, search through the entries, looking for ones that are unknown to you and/or that seem untrusted, and uncheck them, after which click OK.

    Next, open the C: drive of your PC, and find the following folder: Windows\System32\drivers\etc. In that folder, double-click on Hosts, then select Notepad, and once the file opens, look at the end of its text, where there are two lines ending in “Localhost“. If anything is written below those lines, copy-paste it in the comments, and we will soon let you know if the copied text is from the virus and if it needs to be removed from Hosts.

    This image has an empty alt attribute; its file name is hosts2.jpg

    Look for Task Scheduler in the Start Menu, open it, and select the Task Scheduler Library folder that you should see in the top-left. Then right-click and Delete any tasks that seem linked to the virus and/or that look suspicious.

    1 6 1024x406

    Step 6

    Find the regedit.exe app in the Start Menu, open it, and when your Admin approval is requested, click Yes. When you see the Registry Editor window on your screen, press Ctrl + F and then type the name of the program from Step 1 in the Find box. Click Find Next and delete whatever gets found (if anything). Select Find Next again so that, if there are any other items related to that program, you’d find them and delete them as well.

    Also perform a search for Ooxa items and delete any related items that may get found.

    This image has an empty alt attribute; its file name is 1-1.jpg

    Lastly, you need to manually find the Registry directories specified below by expanding the folders in the left panel of the Editor. In each of those directories, look for sub-folders with strange names – names that seem like they are consisted of randomly-organized letters and numbers, much like this one: “129eur9u3292t09gu092r3ir09ut2093i2r0“. Should you find anything like this, let us know in the comments and wait for our reply rather than deleting it directly.

    • HKEY_CURRENT_USER > Software
    • HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
    • HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main

    If Ooxa is still in the system

    As was already noted at the beginning of this guide, you can also try to use the specialized malware-removal tool linked on this page to eliminate Ooxa. We strongly recommend this course of action if you haven’t been able to manually remove the virus – sometimes threats like Ooxa get entrenched too deep within the system and also get supported by other hidden malware, so deleting the virus manually may not always be a viable option.

    How to Decrypt Ooxa files

    To decrypt Ooxa files, you must first get rid of any and all malware that may be in your system. After that, you can use a free decryptor tool to extract the needed private code and use it to decrypt Ooxa files.

    If you have completed the guide and are certain that no more malware is left on your PC, then you can proceed to the decryption instructions. If you are still not certain that your computer is malware-free, you can use our free malware-scanner to test any suspicious files in your system for malware code.

    Before you start the decryption process, know that you will need several pairs of files – one of the files in each pair must be encrypted by Ooxa, while the other must be the original and unencrypted version of the first file. We recommend searching for the original and accessible versions in other devices such as external HDDs,, tablets, and phones, as well as in online cloud storage or even email accounts. If you’ve found such file pairs, you can then begin with the decryption.

    1. Click on this link, select the first of the Choose File buttons, and navigate to and open the encrypted file version of one of the file pairs.
    2. Use the second Choose File button to navigate to and open the original version from the same file pair.
    3. Select Submit to begin the extraction of the needed decryption code. If an error occurs, try to extract the decryption code using another file pair.
    4. Once the code is extracted, go to this page and download the decryptor tool available there.
    5. Right-click the downloaded app, select the Run as Administrator option, then agree to the Terms of Use, and click on OK.
    6. Select a disk or specific directory where your encrypted files are, and then click Decrypt to start the process of unlocking the files.
    What is Ooxa?

    Ooxa is a serious and highly-problematic piece of PC malware that will put your files in an inaccessible state. Ooxa is capable of doing this through the use of a secret encryption algorithm that gets applied to the files once the malware attacks you.

    During the encryption process, the Ooxa malware generates a special key – that key is only available to the hackers, and it is the thing that can set your data free and make it accessible and usable again. Needless to say, the cybercriminals behind the malicious program want to use this key as leverage to blackmail you for a ransom payment. If you agree to pay and send them the demanded sum, they’d supposedly provide you with the aforementioned key. However, whether that would truly happen if you do pay the ransom remains unknown, which is why it’s generally not advisable to go straight for the ransom payment before having explored the other available options.

    Is Ooxa a virus?

    Ooxa is a virus program from the Ransomware family, capable of locking all important data on your computer via an advanced encryption algorithm. The end goal of the cybercriminals behind Ooxa is to extort money from you by blackmailing you for the decryption key.

    If you have been hit by Ooxa but the files that got locked had been previously backed up, and you have accessible copies of them in your backup locations, then the problem isn’t so significant and can be dealt with relatively easily. The same applies if the files that the virus has locked aren’t of significant importance to you. In both of those cases, it’s enough to simply remove the virus, which is far easier and more manageable than actually having to unlock the files that it has encrypted.

    On the other hand, if any important files have been locked that don’t have backup copies, then you’d have to choose between performing the ransom payment or trying some alternative options.

    How to decrypt Ooxa files?

    To decrypt Ooxa files, it is best if you explore the different alternative variants and try them all before you decide whether to pay the ransom. Only consider the ransom payment as a way to decrypt Ooxa files if you’ve run out of other options.

    The obvious reason we recommend refraining from the payment option at least until you’ve exhausted all other variants is that sending your money to the hackers guarantees only that the sum you transfer would be gone for good – it doesn’t guarantee that your files will be restored. Oftentimes, users pay the ransom only to eventually realize that no key would be sent to them or that the key they have received is corrupted and cannot unlock their files.

    Obviously, if you are desperate to restore your most important files and have tried everything else without success, you can still try with the ransom payment, but you should always carefully consider the pros and cons of such an action to determine whether the data you may lose would be worth the risk of wasting a considerable amount of money.


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1