DetoxCrypto Ransomware Removal Guide

It is rather disturbing, but it is possible to get infected with DetoxCrypto Ransomware when you try to download Pokemon GO. This ransomware program has at least two versions, and one of them is known to pose as an installer file for Pokemon GO. Of course, you should know by now that the game is compatible with mobile devices, not desktop computers, but there are quite a few users who could still be tricked into downloading this infection. In this description, we will describe the malicious program in greater detail, and we will tell you how to remove it from your computer.

The other DetoxCrypto Ransomware variant is called Calypso, but it seems that the Pokemon GO version of this infection is more wide-spread. Just like most of the ransomware programs, this new infection gets around via spam campaigns. The spam emails that distribute the program look like they have been delivered by a reliable social network. In our samples, we have seen messages that featured icons from Twitter, Instagram, Amazon, PayPal, Facebook, and so on. If you are an avid social network user, you might feel inclined to open and download everything these sites have to offer. However, it is very common that such companies inform users that they NEVER send any kind of attachment.

When this program finally gets installed on your computer, it scans your system looking for compatible file types. By compatible, we mean the file types it has to encrypt. According to our research, DetoxCrypto Ransomware targets a lot of extensions, such as .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2, and the like. Also, the ransomware should use the AES and RSA ciphers to encrypt your data. It would mean that the program encrypts your data with the AES algorithm, and then encrypts the AES encryption key itself with the RSA algorithm. This kind of practice makes it virtually impossible for user to decrypt their files without the original decryption key, which you can get only from the cyber criminals behind this infection.

Once the encryption is completed, the program should save the encryption key, count the number of affected files, set new wallpaper and then run the Pokemon.exe file. It should also play some audio, which would also make it more intimidating, but this is where we have to stop and take a look at our findings.

The point is if DetoxCrypto Ransomware were really able to encrypt your files, then we would be in deep trouble. However, during our tests, we have found that none of the files on our test-beds were affected by this infection. It is possible that the command and control server of this infection is dead, and so the application can no longer drop its payload. This makes it easier to remove DetoxCrypto Ransomware and protect your system from other intruders.

Simply follow the instructions below to get rid of the infection. If you feel that you cannot do it on your own, feel free to use a powerful antispyware tool of your choice. There is always a chance you may have more unwanted apps on-board, so this is where you take care of them, too.

How to Delete DetoxCrypto Ransomware

1. Locate and remove the recently downloaded Pokemon file.
2. Press Win+R and the Run prompt will open.
3. Type %USERPROFILE% into the Open box and click OK.
4. Open the Downloads folder and remove the Pokemon folder.
5. Press Win+R again and type %APPDATA%. Press OK.
6. Navigate to Microsoft\Windows\Start Menu\Programs\Startup.
7. Remove the Pokemon.exe file.