Zeoticus Ransomware - How to remove

Zeoticus is a malicious program that encrypts user files, making them impossible to read. It then demands payment for fixing the files – a ransom. This ransom can be thousands of dollars, if not tens of thousands.

Zeoticus uses file extensions 2020END, pandora, young, etc. to mark files that it has encrypted.

There are two versions of Zeoticus – the older Zeoticus and the newer Zeoticus 2.0. Here, I’ll refer to both of them as Zeoticus.

About Zeoticus ransomware:

Type of threat Ransomware,


Zeoticus infection symptoms Files have their names changed and they won’t open,

some programs close on their own,

unfamiliar files show up on their own.

How to get back your data Restore from backups,

use data recovery tools.

How to delete Zeoticus ransomware Use antivirus programs (Spyhunter, others) to find and delete all malware.

How to recognize Zeoticus ransomware

Zeoticus encrypts files and quits programs

Zeoticus ransomware is yet another file-locking extortion program. As ransomware, it’s remarkable for being able to work offline, without an internet connection (Zeoticus 2.0 | Ransomware With No C2 Required).

Before encrypting any files, Zeoticus kills unwanted processes – programs that open and edit files that Zeoticus is planning on encrypting, such as PowerPoint, Word, Wordpad, SQL Writer, etc.

Finally, Zeoticus scans the computer for files and encrypts them.

Encryption is a method of hiding information from everyone except for those who have the decryption key. Encryption helps keep online banking activities, private chats, web search terms, and other information from being read by unauthorized parties (What is encryption? | Types of encryption). For ransomware, this means corrupting file contents.

It changes file names

The encrypted files also have their names changed:

[original file name].[original extension].[random number].[extortionists’ email].[Zeoticus extension]

For example:

[email protected].2020END

At the same time, Zeoticus places ransom notes in various folders. The ransom note, called read README, includes the email addresses of the extortionists. The victim is supposed to contact them to arrange the ransom payment.

Zeoticus' ransom note instructs the victims to buy Bitcoin.

How to get your files back

Backups are the best defense against ransomware. If you have a backup of your files, then all you need to do is clean the infected computer and then restore your data.

Just make sure that the backups are fine. Sometimes, cloud storage or misconfigured cloud backups get infected with ransomware – make sure that this did not happen to you.

But is it possible to recover the data that Zeoticus encrypted?

There is currently no way to break the encryption used by Zeoticus ransomware. File repair might fail to work, since Zeoticus is advertised as encrypting files with stripes. But you could try and use data recovery programs (such as EaseUS) to restore some deleted data.

You might consider paying the ransom. Keep in mind that there’s no guarantee that paying the ransom will restore the encrypted data. And with Bitcoin, there’s no way to get your money back.

If you do decide to pay, keep your identity secret from the extortionists. If you don’t, they might target you again with more ransomware and other malware.

How to remove Zeoticus ransomware

Below are instructions for how you can remote Zeoticus ransomware. It’s helpful to use antivirus apps, such as Spyhunter or another strong antivirus program. Antivirus programs detect Zeoticus ransomware as Malicious, Suspicious, Ransom, FileCoder, Trojan, etc. (Virustotal.com).

Because Zeoticus is ransomware-as-a-service, criminal groups distribute it in their own ways. It’s difficult to predict how Zeoticus is distributed and what other malware it’s bundled with. But it is very important to find out how it got on your device, as that security flaw needs to be patched to avoid future infections.

Check for other infections that might have come alongside Zeoticus. If you find spyware alongside Zeoticus, make sure to reset your passwords and use multi-factor authentication where possible.

Automatic Malware removal tools

Download Spyhunter for Malware detection

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

How to recover Zeoticus Ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again.CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before Zeoticus Ransomware has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3

Step 2. Complete removal of Zeoticus Ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to Zeoticus Ransomware. You can check other tools here.  

Step 3. Restore Zeoticus Ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually Zeoticus Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
Previous version
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover Zeoticus Ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download a data recovery program.
  • Install and scan for recently deleted files. Data Recovery Pro
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.
Leave a Reply

Your email address will not be published. Required fields are marked *