Remove .dmo Files Virus (Ransomnix Ransomware)

Remove .dmo Files Virus (Ransomnix Ransomware)

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article will help you to remove .dmo files virus efficiently. Follow the ransomware removal instructions provided at the end of it.

The so-called .dmo files virus is a cryptovirus that encrypts your website by locking certain files, whether on your computer or cloud-hosted website. Following infection, it demands money as a ransom for files recovery. Files will receive the .dmo extension. The threat is reported to be a strain of Ransomnix ransomware. As previous Ransomnix ransomware variants .dmo files virus leaves a ransom note message by replacing the main Web page on your website. Keep on reading the article and see how you could try to potentially recover some of your files if they are located on your PC or restore backups.

Threat Summary

Name.dmo Files Virus
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files by placing the .dmo on your computer system and demands a ransom fee for their recovery.
SymptomsThe ransomware leaves your files encrypted and then requires ransom fee via ransom note.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .dmo Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .dmo Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.dmo Files Virus – Distribution Tactics and Detailed Analysis

The so-called .dmo files virus is a new strain of

Ransomnix ransomware has been released in active attack campaigns. Its infection files could be spread via massive spam email campaigns, malvertising, and freeware packages.

The primary method is considered to be malspam. This method is realized via email messages that attempt to deliver the malicious code on your device. Usually, these messages have several common traits like a link to a corrupted web page, a file attachment or both. In the event that you follow the link and visit the presented web page or open the attached file on your computer, you will unnoticeably activate the ransomware payload.

The moment this event occurs, the threat becomes able to seek for ways to evade detection and then pass through several attack stages. The .dmo files virus aims to encrypt your files and leave them inaccessible. Following data corruption, it opens a ransom note, with instructions inside it, about the compromised computer machine. The extortionists want you to pay a ransom fee for the alleged restoration of your files.

After encryption the Ransomnix .dmo virus may show the following ransom message:

The following email address is used for contacting the cybercriminals:

  • Email:

The ransom message has the following contents:

Dear manager,
your database server has been locked, your databases files are encrypted and you have unfortunately “lost” all your data, Encryption was produced using unique key AES-256 generated for this server.
To decrypt files you need to obtain the decryption key and tool.
All encrypted files ends with .dmo
To obtain the program for this server, which will decrypt all files, you need to write me to email: “”
Before payment you can send us one small file (100..500 kilobytes) and we will decrypt it – it’s your guarantee that we have decryption tool. And send us your userkey
We don’t know who are you, All what we need is some money.
Don’t panic if we don’t answer you during 24 hours. It means that we didn’t received your letter and write us again.
You can use one of that bitcoin exchangers for transfering bitcoin:
You dont need install bitcoin programs – you need only use one of this exchangers or other exchanger that you can find in for your country.
Please use english language in your letters. If you don’t speak english then use to translate your letter on english language.
You don’t have enough time to think each day payment will increase and after one week your key will be deleted and your files will be locked forever.


The note of the Ransomnix .dmo ransomware virus states that your files are encrypted. You are demanded to pay a ransom in Bitcoin to allegedly restore your files. However, you should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that. Adding to that, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal activities. That may even result in you getting your files encrypted all over again after payment.

A full list with the targeted extensions of files which are likely to be encrypted by .dmo files virus is not yet available. However, if the list becomes complete, the article will get updated accordingly.

Logically, the following file types will get encrypted:

→.html, .htm, .asp, .php, .css, .web, .website, .muse, .site, .ewp, .suck, .weblock, .whtt, .gne, .ece, .epibrw, .jnlp, .jhtml, .jws, .lasso, .mspx, .mht, .nxg, .obml, .obml15, .obml16, .ognc, .rhtml, .php, .php2, .php3, .php4, .php5, .phtm, .phtml, .vbhtml, .stm, .wn, .zhtml, .web, .webarchive, .webarchivexml, .webbookmark, .webhistory, .jws

However, it is possible that not all from the file extensions listed above could be searched for to get associated files encrypted and also files with other file types to get encrypted as well as the listed ones.

In any case, we advise to restore your website from a backup (if you have such available) and afterward patch your website by installing all relevant and security patches for your CMS, including plugins. To be on the safe side, you should also change all of your passwords.

Remove .dmo Files Virus and Restore Data

If your computer system got infected with the .dmo files virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You could remove the ransomware by following the step-by-step instructions guide provided below.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share