.ovgm Files Virus – What Is It + How to Remove It from Your Computer

.ovgm Files Virus – What Is It + How to Remove It from Your Computer

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article has been created to explain what is the .ovgm files varant of YYTO ransomware virus and how to remove it from your computer plus how you can restore encrypted files.

The .ovgm files virus is a new version of YYTO ransomware, which previously used the .yyto file suffix. The ransomware now uses the .ovgm file extension which is added to the files which are encrypted by this ransomware infection. The malware also drops a README.txt ransom note, whose primary goal is to get victims to pay a hefty ransom fee in BitCoin in order to restore the files that have been encrypted by this variant of YYTO ransomware. If your computer has been infected by this virus, we advise that you read this article and learn how you can remove it from your computer and restore the files, encrypted by it on your PC.

Threat Summary

Name.ovgm Files Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on your computer and then leave behind the .ovgm file extension.
SymptomsThe ransomware virus encrypts the files on your computer and then leaves behind the .ovgm file suffix after which drops the README.txt ransom note on your computer.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .ovgm Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .ovgm Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.ovgm Files Virus – Spread

For this infection to be replicated, it may come as a result of spammed e-mail messages that carry malicious e-mail attachments, like the example e-mail below shows:

In addition to this, the malicious files of the virus may also come as fake files, uploaded on websites and pretending to be:

  • Setups of programs.
  • Software or game cracks and patches.
  • License activators.
  • Key generators.

.ovgm Files Virus – Activity

The .ogvm files virus is the type of malware that encrypts the files on user PC’s. The infection ais to do that by performing several different activities which lead to the files becoming no longer openable. These activities may start via the malware dropping it’s malicious files, that may be of the following file types;

→ .exe, .dll, .tmp, .cmd, .bat

After this is done, the .ovgm files virus may activate the dropped files as an administrator. They are likely located in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

The malicious files may perform different settings on the victims’ computers and these may include creating mutexes and interfering with the Windows registry editor. The .ovgm files virus may create registry entries to make it’s malicious files run automatically on system start. To do this, the malware creates the entries in the Run and RunOnce registry sub-keys, that have the following locations:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

After doing this, the virus may also delete the shadow volume copies of the infected machine, possibly by executing a script in Windows Command Prompt that runs the program as an administrator and deletes the shadow volume copies via the following commands:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

Finally, the ransomware drops It’s ransom note on the victim PC. It is called Readme.txt and looks like the following:
Hello. Your files have been encrypted.

For help, write to this e-mail: codyprince92@mail.com
Attach to the letter 1-2 files (no more than 3 MB) and your personal key.

If within 24 hours you have not received a response, you need to follow the following instructions:

a) Download and install TOR browser: https://www.torproject.org/download/download-easy.html.en
b) From the TOR browser, follow the link: tor web link
c) Register your e-mail (Sign Up)
d) Write us on e-mail: e-mail and tor web link

ATTENTION: e-mail (e-mail and tor web link) accepts emails, only with e-mail registered in the TOR browser at {tor web link}

Your personal key:

Visiting the Tor web page, it asks the victim to login and then it displays the ransom note of the malware with further instructions on how to pay the ransom in BitCoin:

.ovgm Files Virus – Encryption Process

The .ovgm files virus is the type of ransomware infection, whose main goal is to make the files unopenable. This may include the following types of files, for which the virus scans on your computer:

  • Documents.
  • Video files.
  • Audio files.
  • Images.
  • Documents.
  • Archives.

As soon as the .ovgm malware detects the files on your computer system, they may immediately become encrypted and may no longer function. This is because the .ovgm ransomware may use an advanced encryption mode which alters the key structure of the encrypted files, making them seem as if they are corrupt. The files have the .ovgm file extension and may appear like the following:

Remove .ovgm Files Virus and Restore Encrypted Files

The .ovgm file ransomware is the type of virus which cannot be removed conventionally. This is why we advise that you follow the instructions underneath. They can help you delete this infection either manually or automatically, based on your malware-removal experience. If manual removal represents a difficulty for you, you can remove this ransomware automatically, as most security experts advise doing. This method often includes downloading and installing an advanced anti-malware software. Such tool will help you to detect and erase all of the malicious objects related to the .ovgm files virus on your computer system.

In addition to this, the .ovgm files can also be restored if you follow the file recovery methods in step “2. Restore files, encrypted by .ovgm files virus”. They are created so that they help you restore as many files as possible by they are in no way a guarantee to recover all of the encrypted files.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share