Xollam
A new dangerous virus called Xollam that uses a complex encryption algorithm has recently been reported by a number of cyber security professionals. Xollam belongs to the infamous ransomware category of computer infections.
As one of the latest representatives of this category, the cryptvorius has been programmed to secretly scan the entire system for specific file types and to then encrypt them with a complex algorithm that can usually only be reversed if a special decryption key is used. The files that fall in the grasp of the infection immediately become inaccessible and the victims cannot open or use them with any program. In addition, the malware may change the file extension of the targeted files to some weird new one that cannot be recognized by the system.
The Xollam virus
After encoding everything that is stored on the computer, the Xollam virus generates a ransom note. In it, the Xollam virus basically informs the victims about what has happened to their files and asks them to pay a certain amount of money as ransom.
The ransom is usually requested in Bitcoin and is asked to be sent to a given cryptocurrency wallet in exchange for a decryption key for the locked data. According to the notification, users are requested to strictly follow certain instructions in order to successfully conduct the payment. The crooks may give a short deadline for the ransom payment and may threaten that if you don’t pay the required money on time, they will delete all of your files automatically and will destroy the key that can restore them.
Unfortunately, trusting the criminals and fulfilling their ransom demands is not a guarantee for anything. You may send your money and never receive anything in return. Or, you may receive a key that doesn’t work. Or, the crooks may send you another malware piece instead of the decryption key and may start blackmailing all over you again. Therefore, it is not a very good idea to actually go for this option and pay them with your money. Instead, we suggest you focus on the timely and successful removal of Xollam from your system and then some legitimate alternative methods that may help you recover the files that have been encrypted.
The .Xollam file
In the removal guide below, we have published step-by-step instructions for the removal of the .Xollam file. And there’s an added section with recovery suggestions for the data affected by the .Xollam file encryption.
Giving our guide a try will not cost you anything and is a much safer option both for your data and computer. Besides, once you remove the ransomware from your computer, you will have a clean and safe system to restore your files onto. We need to warn you though, that, as much as we want to give you hope, the full recovery from the ransomware’s attack may not be possible in all the cases.
The reason is that, apart from encrypting your data, infections in this category (Zoqw) may have the ability to launch additional malicious processes which may delete the Shadow Copies of your data that have remained in the system after the encryption. If Xollam has done this, then you may not be able to bring your data back unless you have external backups. If this doesn’t work, you can look at the list of decryptors on our site and see if there are any that may help you as this is another possible way of bringing some of your data back without the need to pay the hackers.
SUMMARY:
| Name | Xollam |
| Type | Ransomware |
| Danger Level | High (Ransomware is by far the worst threat you can encounter) |
| Symptoms | Very few and unnoticeable ones before the ransom notification comes up. |
| Distribution Method | From fake ads and fake system requests to spam emails and contagious web pages. |
| Detection Tool |
Remove Xollam Ransomware
Some of the steps will likely require you to exit the page. Bookmark it for later reference.
Reboot in Safe Mode (use this guide if you don’t know how to do it).
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous.
Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:
After you open their folder, end the processes that are infected, then delete their folders.
After you open their folder, end the processes that are infected, then delete their folders.
Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.
Hold the Start Key and R – copy + paste the following and click OK:
notepad %windir%/system32/Drivers/etc/hosts
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Type msconfig in the search field and hit enter. A window will pop-up:
Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.
- Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.
Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.
Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you delete entries not related to the ransomware.
Type each of the following in the Windows Search Field:
- %AppData%
- %LocalAppData%
- %ProgramData%
- %WinDir%
- %Temp%
Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!
How to Decrypt Xollam files
We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.
If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!
Leave a Comment