How to Remove Dodoc Virus Files (STOP Ransomware)

Remove Dodoc Virus


This article explains the issues that occur in case of infection with Dodoc virus ransomware and provides a complete Dodoc virus removal guide. When following the steps below you will also find how to potentially recover .dodoc files.

The Dodoc virus files is a data locker ransomware. It is based on the code of the infamous STOP ransomware. Once loaded on a target machine, the threat becomes able to interfere with essential system settings. After applying malicious changes, the ransomware reaches personal files and encodes them with a hardly breakable cipher algorithm. As a result, valuable files remain inaccessible. They all have the extension .dodoc at the end of their names. Hackers attempt to blackmail you into paying ransom fee by leaving the ransom message _readme.txt

Threat Summary

NameDodoc Virus
TypeRansomware, Cryptovirus
Short DescriptionA version of the STOP/DJVU ransomware that is designed to encrypt valuable files stored on infected computers and then extort a ransom from victims.
SymptomsImportant files are encrypted and renamed with the extension .dodoc
A ransom message forces victims to contact hackers in order to receive instructions on how to pay a ransom ($490 – $980).
Distribution MethodSpam Emails; Email Attachments; Corrupted Websites; Software Installers
Detection Tool See If Your System Has Been Affected by Dodoc Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Dodoc Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Dodoc Virus – Update August 2019

The good news for all victims of STOP Dodoc ransomware is that the security researcher Michael Gillespie found weaknesses in the code of this variant and released an updated version of his STOP ransomware decrypter.

So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free Dodoc decryption tool and learn how to proceed with the decryption process.

Decrypt Files Encrypted by STOP Ransomware

Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of Dodoc ransomware infections.

Dodoc Virus Ransomware – How the Infection Works

The Dodoc virus has been reported to be a strain of the vicious

STOP ransomware. Security researchers reported that the threat has been released in active attack campaigns.

A common technique used for the spread of ransomware threats like Dodoc is the so-called malspam. This technique enables hackers to launch massive email spam campaigns against users worldwide. The emails that are part of such campaigns usually have the following elements:

  • A link to compromised web page that is set to download and execute infection files directly on the PC. The URL address may be presented in the form of an in-text link, banner, image, button or full URL address.
  • A malicious file attachment that is stated to be a legitimate document. It could be uploaded in a .rar or .zip archive. Such a file could be set to evade active security measures and trick you into running the ransomware on your PC.

The moment the payload file of STOP Dodoc runs on the system, the ransomware becomes able to apply a vast number of malicious modifications that disrupt system security, support its persistence and enable it to corrupt valuable files.

When Dodoc virus ransomware reaches the encryption phase it activates a built-in cipher module. This module scans the system for specific types of files that are often used for the storage of important personal information.

Unfortunately, it is likely that all common files that are listed below are among the targets of this nasty ransomware:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

The encryption process has a damaging impact on valuable personal files. That’s why they all remain inaccessible when encrypted. Additionally, their names are changed to display the extension .dodoc

Here is an example of an image file encrypted by Dodoc virus:

Finally, the ransomware drops a ransom message file – _readme.txt in an attempt to blackmail you into contacting hackers for more details on a ransom payment process. When opened the ransom message presents the following information:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Our Telegram account:

Your personal ID:

dodoc virus ransom message readme txt sensorstechforum

According to the details presented in the ransom message, when you pay the ransom you will receive a decryption tool for encrypted files. You should NOT under any circumstances pay any ransom sum to cybercriminals. This action does not guarantee the recovery of your .dodoc files.

Remove Dodoc Virus Files (STOP Ransomware) and Restore Data

The so-called Dodoc virus is a threat with highly complex code that plagues the whole system in order to encrypt personal files. Hence the infected system could be used in a secure manner again only after the complete removal of all malicious files and objects created by Dodoc ransomware. That’s why we recommend that all steps presented in the Dodoc removal guide below should be completed. Beware that the manual ransomware removal is suitable for more experienced computer users. If you don’t feel comfortable with the manual steps navigate to the automatic part of the guide.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for four years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share