How to remove Mole00 virus and restore encrypted files

Ransomware, as the most dangerous type of viruses distributed massively, is on a roll now. It is everywhere and we encounter new ransomware daily. Most of these viruses weren’t even developed properly, they’re just copies of each other, sold in Dark Web and their fair cost is few hundreds of dollars. Anyway, even if ransomware isn’t really impressive, it can infect hundreds of computers before it will be stopped, so we should be aware of ransomware threat and each user should realize how to protect his data from encryption.


Mole00 ransomware virus


We’re talking about the ransomware from CryptoMix family that is now one of the most dangerous threats to users’ computers for last week. In the very beginning of July 2017, the security researchers from STIGroup, Ltd. and Secarma, released the result of their hard work – the decryptor for Mole02 ransomware. But unfortunately, scammers knew that is about to happen, and made new version of ransomware that is now called Mole00. In case of ransomware, the “new version”, generally is not about improving software and making it better – it is about changing few strings of the code, generating new master key and in other ways diminishing the progress of researchers in hacking it. Hackers did that and now the researchers will continue working on the decryptor for new virus.

So, what exactly was changed in Mole00 ransomware, comparing to the older version? Almost nothing, let’s say. It now appends the MOLE00 extension to the encrypted files. The ransom sum is now 1 BTC which is too much, considering of current exchange rate (near $2500 at the moment when the article was written). Virus uses AES and RSA encryption algorithms, and is able to encrypt almost all popular extensions. The encryption process goes down from the Favorites folder and then sweeps the whole hard drive. Now we are sure that this virus actually deletes the shadow copies, so there is no recovery way except the load of decent backups. Still you can easily remove the virus from your PC, using our instructions.

This virus uses the very strong encryption algorithms, which cannot be broken if you have no key. We're trying to say that you only have single really effective way to restore the files: the use of backup. If don't have backups - you can forget about your files, since you can't be certain that hackers that hacked your system, won’t cheat you one more time after receiving a ransom. Your information can be recovered in other ways, but they aren't 100% reliable.

How to delete Mole00 Virus

When the machine is corrupted by ransomware, the priority is not the disposal of the virus, but the decryption of files. Removing the ransomware does not change the state of folders that are already corrupted, however, until the virus lives on your workstation, all new files are at hazard. Regardless of which recovery technique you choose, you still need to eliminate ransomware. If you use the recovery in manual manner or the usage of backups, you should uninstall Mole00 ASAP, and if you prefer to pay those criminals - the malware should be removed after the total file decryption. The deletion can be done by using specific antivirus software, or by-hand. Reliability and swiftness of both manners are the same, but the requirements for your practice and knowledge are significantly different. Manual deletion needs some practice of who performs it. You should know what to do and how to fix a possible error. Deletion via antivirus does not require any skills from its operator. You simply should click on few buttons and wait for a few minutes. Below this paragraph, you will find the complete instructions for uninstalling of Mole00. Our guide is tested many times by tens of thousands of customers, they are completely safe and very simple. However, if you don't like the manual removal, and prefer the great level of defense against any ransomware - you better purchase the worthy anti-viral tool. Download Spyhunter to remove Mole00 virus automatically


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Removal instruction




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot
Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [2 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience