ODCODC Ransomware Removal Guide

ODCODC Ransomware is a major blow to your computer and mostly to your personal files since if this ransomware infiltrates your system, your documents, pictures, and video files get encrypted with RSA-2048 algorithm. This means that normally you will not be able to recover or use your files again unless you pay the demanded ransom fee to the criminals behind this attack. However, we have found a solution that may work for you and in the end you may not even have to say goodbye to your files as these crooks want you to believe. As a matter of fact, criminals rarely decrypt files or give victims the necessary private key. But it is always up to you whether you pay because it is your files, your PC, and your money. We still believe that you should remove ODCODC Ransomware as soon as you notice it on your computer. And, believe it or not, you will notice it right after it finishes its vicious job on your files; but not before.

We have found that this ransomware is mainly distributed via spam e-mail attachments. It may disguise itself as a word document that looks like “textfile.docx.exe.” It is obviously an executable malicious file but you may be tricked into thinking that it is indeed an important document that you must check out right now. Criminals can use made-up sender names and subject lines in order to deceive you and make you believe that this spam e-mail is actually a “must-see” message. Many people fall into the trap of believing that just because they have a spam filter, they can open any e-mail that lands in their inbox. You should be careful about this and only click on mails and attachments that you are certain were meant for you to get. Sometimes it is enough to click on a mail to open it and it can start a malicious code that can drop an infection such as ODCODC Ransomware onto your computer. But most often, you need to download and run the attached infectious file.

Once you have downloaded this disguised executable, you will most probably execute it as well because you may still think that it is important for you to see the content of this file. This is the moment that you actually activate this ransomware infection and the encryption of your photos, videos, and documents starts up right away. This malware claims to use the RSA-2048 built-in Windows encryption algorithm, which is known to be virtually impossible to decipher. After this encryption you will not be able to open, view, or use any of the targeted files. All of them get a "C-email-abennaki@india.com-" string in front of file name and an ".odcodc" extension. Thus, an encrypted file will look something like “C-email-abennaki@india.com-picture.bmp.odcodc.”

ODCODC Ransomware also creates a text file on your desktop called "readthis.txt," which is copied to every folder that has encrypted files in order to make sure that you know what to do next. This is the file that actually contains the information about the encryption and how you can get your files back. This infection does not block your screen with a scary-looking ransom note and does not block any system processes either. Instead a pop-up window will show up on your screen after the entire dirty job is done, which informs you in Russian that the encryption has finished successfully. When you press the OK button, this ransomware even seems to remove itself from your computer, but we still believe it is important to check certain folders and registry keys if you want to make sure that you remove ODCODC Ransomware from your PC without leftovers.

Practically, if you are not suspicious after seeing this pop-up window and you do not see this new text file on your desktop either, the next time you try to open any of the targeted files, you will definitely realize that there is something wrong. You need to be blind not to see the modified file names, for starters, but the files will not even execute. This is when most victims realize that they have to check out this text file. The “readthis.txt” file contains information both in English and Russian languages about the encryption and how you can contact these criminals. In order to prove that you can “trust” them, these crooks offer you to decrypt some of your files for free. You are supposed to send an email to abennaki@india.com to get the details of the payment method, which usually has to be settled in Bitcoins that can range from 100 to 500 US dollar worth. We do not advise you to pay this fee because there is really no guarantee that you will see your files again this way. We believe that you should delete ODCODC Ransomware ASAP in fact.

The truth is that this ransomware does not delete the Shadow Volume Copies of your files, which simply means that it is possible to try to recover your files. You can find information about this on the web, but we do not recommend this to inexperienced computer users. You should ask a friend who has advanced IT knowledge or a professional to help you with this. Another solution is, of course, having a backup copy of your files on an external drive. But in both cases it is important that first you remove ODCODC Ransomware or whatever is left of it. We have included a guide for you to be able to check for this infection at the right places. It is possible that this is not the first and not the last time that such a dangerous malware infection has found a way to your system. Therefore, we suggest that you employ a trustworthy malware removal application to protect your PC.

Remove ODCODC Ransomware from Windows

1. Press Win+Q and type in regedit. Hit Enter.
2. Check if you can find the following entries. If so, delete them:
   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Crr1 (value data “C:\Users\user\AppData\Roaming\cript.bat”)
   HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Crr2 (value data “C:\Users\user\AppData\Roaming\cript.exe”)
3. Close the editor.
4. Press Win+E.
5. Locate %APPDATA%\cript.bat and %APPDATA%\cript.exe. If found, delete these files.
6. Search for and delete all occurrences of "readthis.txt"
7. Empty your recycle bin.
8. Restart your computer.