Zoqw Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Zoqw is a variant of Stop/DJVU. Source of claim SH can remove it.


Zoqw is a money-seeking ransomware infection that uses blackmail to make its victims transfer money to a cryptocurrency account. Zoqw typically takes important user files hostage and locks them down with an encryption that can only be reversed if the victims pay ransom for a decryption key.

Zoqw 1024x628
The Zoqw ransomware will leave a _readme.txt file with instructions

If you have been infected with Zoqw, it seems that some of your most important data has become inaccessible, and it’s more than troubling. Luckily there are some helpful methods that you can use to remove the infection and recover some of the encrypted files. You will find more information about these methods below along with some explanations about the typical behavior of Zoqw, some valuable prevention and protection tips, and, of course, a removal guide to demonstrate to you how to remove the ransomware without harming your system any further.

The Zoqw virus

The Zoqw virus is a ransomware program that likes to “kidnap” different files from your machine by placing an encryption to them. After blocking access to the files, the Zoqw virus displays a ransom notification on the screen and requests a money transfer in order to decrypt the files.

Zoqw Virus 1024x663
The Zoqw will encrypt your files

In many cases, ransomware infects the system by using a Trojan horse that helps it to access the computer without being detected. Once inside, the infection starts to search for the most widely used files and seals them with complex cryptographic code. The hackers who are behind Zoqw, Bpto, Bpws just want your money, and so they program the virus to display a warning message on your machine that if you don’t pay, you will never be able to access any of the encrypted files again. In case you fulfill the ransom demands, however, the crooks promise to send you a decryption key with the help of which you should be able to reverse the applied encryption.

The .Zoqw file decryption

The .Zoqw file decryption is a process that involves a lot of coding and the application of a matching decryption key. If the .Zoqw file decryption is successful, the victims can access their files but, sometimes, the decryption may fail due to code flaws, leaving the files encrypted for good.

Taking the above into consideration, we strongly recommended that you don’t jump into paying the amount the hackers demand. For one, it is not sure that you will really receive a decryption key and for another, as we mentioned, this key may not work due to flaws in the decryption code. Sadly, in both situations, you will only be losing your money. Luckily, you are not alone in the effort to deal with Zoqw. Here we suggest you first remove the ransomware with the help of the instructions below and see if some of our free file recovery methods will work. If you have personal backup copies from where you can get your files, you can use them too. Alternatively, you can check for free decryptors online or contact a local professional for assistance. Prevention, however, is what protects computers best when it comes to online threats. That’s why, do invest in a robust security program to fight viruses and try to limit your interaction with questionable web content, spam, and random pop-ups.


Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Zoqw is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Zoqw Ransomware


During the removal of Zoqw, your computer may need to be restarted numerous times. Therefore, you should bookmark this page with instructions in your browser, or just open it on another device so that you may refer back and forth as many times as necessary.

Afterwards, restart the computer in Safe Mode (click on this link for instructions), and then, once the computer restarts, follow the rest of the instructions from this step.

Use the Windows search bar (in the Start menu or at the bottom left for Windows 10) type msconfig and press Enter. You will open System Configuration in a second.


Choose Startup from the tabs at the top, and uncheck any items that you suspect are not authentic and might be related to the ransomware.



*Zoqw is a variant of Stop/DJVU. Source of claim SH can remove it.

After eliminating the suspicious-looking items from the startup list, close the System Configuration window and press CTRL + SHIFT + ESC from the keyboard.

The next step is to check the Task Manager for suspicious processes, such as those with weird names, high CPU and memory use, and so on, and see if you can identify anything harmful.

If you locate a questionable process in the Processes tab of the Task Manager, right-click on it and select Open File Location from the pop-up list of options.


To be sure that the files of that process are legitimate, you can run them through the powerful free virus scanner below.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If they contain malware, stop the process that uses them and remove the files from their directories.


    Next, you need to access your computer’s Hosts file and check it for any malicious IP addresses. This file may be opened by pressing Windows and R keys together and typing the following into the Run command box:

    notepad %windir%/system32/Drivers/etc/hosts

    Find Localhost in the text and see if any suspicious IPs have been added below, just like on the example image:

    hosts_opt (1)

    Don’t delete anything until you confirm that it is problematic. If you find something unusual in your Hosts file, let us know in the comments, and we’ll respond with recommendations on how to proceed. 


    The next step is to check your system’s registry for malicious entries linked to Zoqw and remove any that you find. To do so, type Regedit into the Windows search bar, and then click on the Registry Editor from the results. 

    After pressing CTRL and F together, type the ransomware infection’s exact name into the  search box that opens in the Registry Editor and hit Enter. Then, press the Find Next button. It’s quite likely that anything that shows in the search results could be linked to the ransomware and should be removed.

    Important! Do not remove anything if you are unsure whether it is part of the infection or not, since this might cause damage to your operating system. Instead, scan your system and registry using a professional removal program.

    Once you’ve closed the editor, go to the Windows search bar, type each of the following search terms one by one and open them. 

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Look for any newly added files and folders in the locations above, and if you find something that you are sure belongs to the ransomware, remove it.

    Remove everything from the Temp folder at the end. The malware may have created temporary files that you don’t need to keep.


    How to Decrypt Zoqw files

    If you want to have a greater chance to recover your encrypted data, make sure that you first get rid of Zoqw and other viruses that might be hiding inside your system. If you are not a professional, it’s recommended to use professional anti-virus software like the one on this page.

    Once you are sure that Zoqw has been entirely deleted from your computer, you can safely proceed to the following file-recovery steps:

    Depending on the ransomware type that has attacked you, the procedure for decrypting encrypted data may be different. Therefore, it is important to determine the ransomware’s version by checking the file extension that has been added to the encrypted files.

    New Djvu Ransomware

    STOP Djvu is the latest Djvu ransomware version that is actively targeting users online. You can easily recognize that you have been attacked with this version because the encrypted files of this ransomware contain the .Zoqw extension.

    Currently, the only chance for decrypting data encoded by STOP Djvu is if those files have been encrypted with an offline key. If this is your situation, you may want to try to decrypt your data using this decryptor:


    On the linked page, the STOPDjvu.exe file may be downloaded by clicking the blue Download button upper right.

    When you save the file on the computer, choose “Run as Administrator” and then press the Yes button to run the software. The decryption process will begin when you’ve read the agreement and the short instructions and clicked the Decrypt button. Keep in mind that this decryptor is unable to decode data encrypted using unknown offline or online keys.

    We would love to know if the instructions above work for you, or if you have any troubles with our Zoqw removal guide. Also, please note that you may save time and remove the ransomware quickly with the help of the anti-virus software on this page. If there are any suspicious-looking files that you want to check, you can use the free online virus scanner from this site.



    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1