How to remove (uninstall) Ransoc

In the development of any technology, there are two stages: first, the technology develops and becomes more complex, reaching a certain level. After that the complication stops, and inventors begin to look for ways to achieve the desired effect with less resources, time and effort. These stages can be traced not only in science and technology, but also in criminal fraud, such as extortion. Today we’ll talk about the ransomware called Ransoc, which uses a new, simple and quick way to trick the user and make him pay.

First viruses tried to trick the users, offering them non-existent goods and services, and then they started to use the super complex cryptographic algorithms. Encrypting ransomware penetrate users' computers, encode the information found using AES or RSA algorithms, and then demand a ransom for decryption. This method is very effective, since the user has virtually no chance to decrypt the data, and he has only two choices: to pay for his own files, or to accept their loss. However, the creation of high quality encrypting ransomware is a rather complicated business that requires specific skills and resources. Ransoc creators have gone further: they receive money from the user, thanks to well-written ransom note, and social engineering tricks.

According to reports from researchers, Ransoc is being distributed through porn sites. This method of propagation, is very effective and automatically gives hackers an advantage. After penetration into the user's computer, Ransoc scans all files that are on hard disk, and collects information about the user from his Skype profile and from accounts in some social networks such as Facebook and LinkedIn. Comparing the information about the user with the contents of his hard drive, the program creates a message that refers uses victim’s name, and alludes to the fact that if he won’t pay the specified amount of money - all his friends and acquaintances, as well as law enforcement agencies will know about what files he stores on his PC. The message appears on the computer screen, and completely blocks it, so that the user could not delete it. The message is replete with references to non-existent laws, according to which the user is obliged to pay hundreds of thousands of dollars for "suspicious activity", "storage of materials, violating copyright law" and other terrible misdeeds.

Each time a message is made from scratch, so the user is assured that his case is really serious. Use of formal terms and the threat of litigation are the very strong leverages. Hackers even decided not to use the safest method of payment - Bitcoin system, and abandoned it in favor of the usual transfer to Visa card. Such payment is much easier to keep track of, but the scammers have relied on the fact that users thatare seen in the possession of pornography or visiting porn sites, will not put themselves under attack, telling everyone about this fraud scheme. In fact, if you are a victim of Ransoc, your anonymity is not in danger. The virus blocks the whole screen, but there is one very simple way to remove it: manually restart the computer, using "reset" button, and run it in safe mode. After that, you will need to remove the registry value that is responsible for launching Ransoc on startup. In most cases the needed string looks like this:


Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.