b0c.x File Virus (X-Files) Remove and Restore Data - How to, Technology and PC Security Forum | SensorsTechForum.com

b0c.x File Virus (X-Files) Remove and Restore Data

Article, designed to assist with the removal and file recovery of .b0c.x ransomware also known as X-Files ransomware.

A virus from the file encryption kind has been detected by malware researchers. The ransomware is called X-Files and it’s goal is to render the files on the victim’s computer no longer able to be opened. In addition to this the boc.x file virus may notify the user with demands to pay a hefty ransom fee in order to restore the files that have been encrypted by this specific ransomware. Anyone who has become a victim of the X-Files ransomware virus should read the following material to learn more about it, remove the virus files and restore b0c.x encrypted files.

Threat Summary

Short DescriptionThis boc.x ransomware variant encrypts files and asks a ransom payoff for decryption.
SymptomsFiles are enciphered and become inaccessible by any type of software. A ransom note with instructions for paying the ransom may show on the infected PC.
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks, Malicious Executable in Torrent Trackers.
Detection Tool See If Your System Has Been Affected by X-Files


Malware Removal Tool

User ExperienceJoin our forum to Discuss X-Files Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

b0c.x File Virus – Infection Methods

To infect a given computer, the criminals behind X-Files ransomware do not have to specifically target you. Instead, they are focused in performing something quite different – massive spam campaigns via e-mail that have malicious e-mail attachments. These attachments may either be .docx, .pdf, .xls or other documents that have malicious macros and infect when you click on the “Enable Content” button or may be directly malicious files of the following types:

.exe, .vbs, .wsf, .swf, svg, .bat, .js, .hta, .html, .htm

Another method concerning this ransomware infection that is reported by researchers is via fake updates. These updates may be advertised on your computer via dubious websites or as a result of having a potentially unwanted program installed directly on your computer.

The infection can also take place by a fake installer of a program that does not exist, so experts warn to take care when looking for setups of free software for download while online.

After the infection takes place, a malicious executable with a random name may be dropped on one of the following Windows folders:

  • %AppData%
  • %Roaming%
  • %Local%
  • %LocalRow%
  • %SystemDrive%

In addition to this, the X-Files ransomware may also use scripts to modify the Windows Registry Editor and also touch files. The usually targeted sub-keys in the Registry Editor are the Run and RunOnce keys which ensure that the executable runs on system startup and begins encrypting files.

For the file encryption process, X-Files ransomware uses algorithms to change the file type to “X File”. It also adds the b0c.x or .b0c file extension to the encrypted files. What is interesting is that the extension is stuck right next to the original file extension without any dot as a separation, like the following example below:

To encrypt files, the ransomware virus looks for various different files that are widely used. Malware researchers report the following file types to be among the affected ones:

.doc, .docx, .jpg, .jpeg, .pdf, .zip, .xls, .xlsx

These files are actually pictures, documents, Adobe files, text files, database files, music and even archives.

Remove b0c.x X-Files Virus and Restore Your Data

Malware researchers advise to not contact in any way to any cyber-criminals responsible for this virus for several obvious reasons:

A decrypter for free may be released soon, which, if happens, we will update this article with instructions.
Collaborating with cyber-criminals is not a good idea and you may not get your files back after paying the ransom.
By paying you help them spread the malware further.

Instead, recommendations are to remove this ransomware virus by using instructions, such as the ones we provided below. For maximum effectiveness, we recommend downloading an advanced anti-malware program which will make sure to get rid of this ransomware virus swiftly and effectively.

To restore your files, at the moment there is no official decrypter for this iteration of the ransomware virus, but you are welcome to backup the encrypted files. Then you can try to use copies of the backed up files to try and get your data. This can happen by trying out the methods we have suggest in step “2. Restore files encrypted by X-Files” below.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share