FreezedByWizard Files Virus – How to Remove It

FreezedByWizard Files Virus – How to Remove It

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

.FreezedByWizard files virus ransomware note

What is .FreezedByWizard files virus .FreezedByWizard files virus is also known as .FreezedByWizard ransomware and encrypts users’ files while asking for a ransom.

The .FreezedByWizard files virus is an unique ransomware which has just been detected by security researchers. It has shown some unique characteristics, namely the manipulation of system settings and a two-step file encryption. During the operation of the modules an interim extension is used to “lock” the files before the final .FreezedByWizard extension is applied to all processed files. A ransom note is crafted automatically in order to blackmail the victims into paying the hackers.

Threat Summary

NameFreezedByWizard files virus
TypeRansomware, Cryptovirus
Short DescriptionA data locker ransomware designed to damage computer systems and encrypt valuable personal files.
SymptomsImportant files are locked and renamed with the .FreezedByWizard extension. Ransom message insists on payment for a files decryption tool.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by FreezedByWizard files virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss FreezedByWizard files virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.FreezedByWizard Files Virus – Distribution and Impact

The .Freezing files virus is a newly discovered threat which is being spread using popular delivery tactics. At the moment there is no information available about the hacking group that is behind the ongoing attacks. We anticipate that the widely used distribution tactics are being used. A preferred method to infect computer users is to coordinate email campaigns and creating multiple hacker-controlled sites. They will use familiar looking, stolen and fake content in order to confuse the recipients into interacting with them. Furthermore they can be hosted on similar sounding domain names.

Another strategy is to embed the virus installation code into various file carriers — the hackers may choose to insert the malware into macro-infected documents or installers of popular software. To make the infections more widespread the files may be uploaded to file-sharing networks (like BitTorrent) where all kinds of pirate and risk files are commonly found.

As soon as the main infection is started a built-in sequence of malicious actions will be started. The first module that is run is the one that is responsible for the protection of the engine — the virus will bypass running security software. It will also hookup to running processes which can make it much more easier to harvest sensitive information from the compromised hosts. The gathered information can be related to the identity of the victims or the machine host.

The .Freezing files virus can also interact with the operating system and third-party applications leading to data loss, unexpected errors and other issues. This particular malware has been found to be able to interact with the Windows Registry and Mount Manager — this means that it can spread to removable devices and the internal networks. Payload delivery has also been detected — other viruses, Trojans and etc.

The encryption process is different from other common viruses. It uses a strong cipher to process certain data — backups, archives, databases, documents, multimedia files and etc. What’s distinct about it is the fact that while the engine is running the files receive a temporary lock extension called .Freezing. Once it has completed running the final .FreezedByWizard extension is applied. The related ransomware note .FreezedByMagic.README.txt. It is also known under the following name:

  • Encoder.28632
  • Trojan.GenericKD.32087672
  • ML.Attribute.HighConfidence
  • CIL.StupidCryptor.Heur
  • MSIL/Filecoder.TG

Remove .FreezedByWizard Files Virus and Attempt to Restore Data

The so-called .FreezedByWizard files virus is a threat with highly complex code that heavily damages both essential system settings and valuable data. So the only way to use your infected system securely again is to remove all malicious files and objects created by the ransomware. For the purpose, you could follow our step-by-step removal guide.

In the event that you want to attempt to restore .FreezedByWizard files with the help of alternative data recovery methods, do check step four – Try to Restore files encrypted by .FreezedByWizard files virus. We remind you to back up all encrypted files to an external drive before the recovery process.


Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share