If your documents, photos and music does not open normally, .doples file extension added at the end of their name then your PC system is infected with a new malicious software named Doples ransomware.
Files encrypted by Doples ransomware
Once started, the .Doples ransomware will scan the PC for certain file types and encrypt them. It will encrypt almost of files, including:
.ff, .hkdb, .syncdb, .rofl, .dmp, .wmo, .ppt, .mdb, .wps, .wpd, .m2, .pst, .png, .jpg, .wbmp, .m4a, .upk, .wdp, .wps, .apk, .esm, .bkp, .wdb, .xy3, .3fr, .mddata, .yml, .wpd, .zif, wallet, .w3x, .lrf, .wp4, .wotreplay, .fsh, .wpt, .3ds, .vpp_pc, .wpa, .zdb, .wsh, .tax, .xdb, .ltx, .wcf, .xyp, .snx, .wav, .vtf, .wp7, .menu, .zabw, .r3d, .bc7, .kdb, .svg, .xbdoc, .wire, .wri, .wgz, .wn, .desc, .xld, .crw, .kdc, .wp6, .wbz, .ztmp, .yal, .xml, .itdb, .pak, .xar, .csv, .wma, .xdl, .p7b, .xls, .wot, .p12, .nrw, .ai, .wbd, .wpb, .cr2, .epk, .cdr, .wmf, .bkf, .zdc, .mdf, .gdb, .wm, .map, .odc, .wmv, .wma, .pem, .wp5, .forge, .zi, .lvl, .layout, .mdbackup, .sr2, .hvpl, .arch00, .sum, .pkpass, .wbk, .xwp, .xls, .rtf, .mcmeta, .der, .rim, .ysp, .accdb, .wp, .sid, .arw, .bsa, .cfr, .big, .pfx, .xbplate, .webdoc, .jpe, .mef, .bay, .xpm, .p7c, .vcf, .ibank, .eps, .psd, .dba, .mpqge, .gho, .das, .xmmap, .lbf, .pptx, .mov, .rw2, .bc6, .mp4, .vpk, .itl, .vfs0, .avi, .docx, .dbf, .xll, .cer, .wpe, .3dm, .rar, .rwl, .ptx, .wmv, .tor, .pdf, .jpeg, .iwi, .xx, .pef, .fpk, .txt, .iwd, .sie, .re4, .x3f, .litemod, .xmind, .sql, .indd, .kf, .srw, .psk, .pdd, .wsc, .zip, .wsd, .doc, .1st, .webp, .wpw, .xlsb, .blob, .sidd, .qdf, .xf, .0, .rgss3a, .sb, .ybk, .m3u, .dazip, .zip, .css, .x, .sis, .raw, .srf, .xlgc, .fos, .dxg, .wbm, .flv, .x3d, .xlk, .xlsm, .dng, .rb, .ws, .dcr, .zw, .cas, .bar, .xyw, .docm, .crt, .vdf, .odb, .2bp, .d3dbsp, .z3d, .odm, .xlsx, .py, .mlx, .wpg, .db0, .raf, .icxs, .hplg, .pptm, .orf, .7z, .ods, .xlsm, .slm, .x3f, .hkx, .sidn, .xlsx, .z, .ntl, .sav, .itm, .asset, .erf, .js, .wbc, .wb2
Once a file is encrypted, its extension changed to .doples. Next, the ransomware virus creates a file called ‘_readme.txt’. This file contain a guidance on how to decrypt all encrypted documents, photos and music. You can see an one of the variants of the ransomnote below:
‘Doples ransomware’ – ransom note
Instructions which is shown below, will allow you to remove .Doples ransomware virus as well as restore (decrypt) encrypted files stored on your system drives.
Table of contents
- How to remove .Doples ransomware virus
- How to decrypt .doples files
- Use STOPDecrypter to decrypt .doples files
- How to restore .doples files
- How to protect your system from .Doples ransomware?
- Finish words
How to remove .Doples ransomware virus
Using a malicious software removal utility to find and remove ransomware virus hiding on your PC system is probably the simplest way to remove the .Doples ransomware virus. We recommends the Zemana AntiMalware program for Windows machines. MalwareBytes AntiMalware (MBAM) and Kaspersky virus removal tool are other anti malware tools for Microsoft Windows that offers a free malicious software removal.
Run Zemana Anti-malware to remove .Doples ransomware virus
You can remove .Doples ransomware virus automatically with a help of Zemana Anti-malware. We advise this malicious software removal utility because it can easily remove ransomware viruses, trojans, worms and other malware with all their components such as folders, files and registry entries.
Visit the following page to download the latest version of Zemana Anti-Malware (ZAM) for Windows. Save it directly to your Windows Desktop.
164032 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Once the download is finished, close all windows on your PC system. Further, start the install file called Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as on the image below, press the “Yes” button.
It will show the “Setup wizard” which will allow you install Zemana Anti Malware (ZAM) on the system. Follow the prompts and do not make any changes to default settings.
Once installation is finished successfully, Zemana AntiMalware (ZAM) will automatically launch and you can see its main window as displayed in the figure below.
Next, click the “Scan” button to perform a system scan for the .Doples ransomware related files, folders and registry keys. This process may take some time, so please be patient. While the utility is checking, you can see how many objects and files has already scanned.
Once Zemana Anti-Malware completes the scan, Zemana Free will create a list of unwanted programs adware. Review the report and then click “Next” button.
The Zemana Anti Malware (ZAM) will delete .Doples ransomware and other security threats and move items to the program’s quarantine. After that process is finished, you can be prompted to restart your computer.
Run MalwareBytes to remove Doples ransomware
We recommend using the MalwareBytes Free. You can download and install MalwareBytes AntiMalware (MBAM) to scan for and remove Doples ransomware virus from your system. When installed and updated, this free malicious software remover automatically detects and removes all threats exist on the machine.
MalwareBytes Free can be downloaded from the following link. Save it directly to your Windows Desktop.
326384 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After downloading is complete, run it and follow the prompts. Once installed, the MalwareBytes Anti-Malware (MBAM) will try to update itself and when this task is complete, click the “Scan Now” button to search for Doples ransomware virus and other kinds of potential threats. This task may take quite a while, so please be patient. While the MalwareBytes Free application is scanning, you can see number of objects it has identified as threat. You may delete items (move to Quarantine) by simply press “Quarantine Selected” button.
The MalwareBytes AntiMalware (MBAM) is a free program that you can use to delete all detected folders, files, services, registry entries and so on. To learn more about this malicious software removal tool, we advise you to read and follow the step-by-step tutorial or the video guide below.
Double-check for ransomware with KVRT
If MalwareBytes anti-malware or Zemana anti-malware cannot delete this virus, then we recommends to use the KVRT. KVRT is a free removal tool for ransomware, computer viruses, trojans and worms.
Download Kaspersky virus removal tool (KVRT) from the link below. Save it to your Desktop so that you can access the file easily.
129055 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once downloading is finished, double-click on the KVRT icon. Once initialization procedure is done, you will see the KVRT screen like below.
Click Change Parameters and set a check near all your drives. Press OK to close the Parameters window. Next click Start scan button to detect .Doples ransomware virus . Depending on your computer, the scan may take anywhere from a few minutes to close to an hour. While the tool is checking, you can see number of objects and files has already scanned.
Once Kaspersky virus removal tool has finished scanning your system, Kaspersky virus removal tool will produce a list of malicious software as shown on the image below.
Once you’ve selected what you wish to remove from your PC press on Continue to begin a cleaning process.
How to decrypt .doples files
The .Doples ransomware virus encourages to make a payment in Bitcoins to get a key to decrypt personal files.
Never pay the ransom! You might feel that you have no other choice but to pay up and decrypt .doples files quickly. There is no guarantee that the authors of .Doples ransomware virus will live up to the word and give back your documents, photos and music.
Files encrypted by Doples ransomware
With some variants of Doples Ransomware, it is possible to decrypt or restore encrypted files using free tools such as STOPDecrypter, ShadowExplorer and PhotoRec.
Use STOPDecrypter to decrypt .doples files
Michael Gillespie (@) released a free decryption tool named STOPDecrypter (download from download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip).
STOPDecrypter by Demonslay335
STOPDecrypter has been updated to include decryption support for the following .djvu* variants (.djvu, .djvuu, .udjvu, .djvuq, .djvur, .djvut, .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos. STOPDecrypter will work for any extension of the Djvu* variants including new extensions (.doples).
Please check the twitter post for more info.
How to restore .doples files
In some cases, you can restore files encrypted by .Doples ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted files.
Recover .doples encrypted files using Shadow Explorer
If automated backup (System Restore) is enabled, then you can use it to restore all encrypted files to previous versions.
Installing the ShadowExplorer is simple. First you’ll need to download ShadowExplorer on your Windows Desktop from the following link.
438666 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
After downloading is finished, extract the downloaded file to a directory on your PC system. This will create the necessary files as shown in the following example.
Run the ShadowExplorerPortable program. Now choose the date (2) that you wish to recover from and the drive (1) you want to recover files (folders) from as on the image below.
On right panel navigate to the file (folder) you wish to recover. Right-click to the file or folder and press the Export button as displayed on the screen below.
And finally, specify a folder (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Run PhotoRec to recover .doples files
Before a file is encrypted, the .Doples ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your photos, documents and music using file restore apps such as PhotoRec.
Download PhotoRec from the following link. Save it directly to your MS Windows Desktop.
After the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as on the image below.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It’ll show a screen as on the image below.
Choose a drive to recover as shown on the screen below.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music like below.
Click File Formats button and specify file types to recover. You can to enable or disable the restore of certain file types. When this is complete, click OK button.
Next, click Browse button to select where restored files should be written, then click Search.
Count of restored files is updated in real time. All restored personal files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is finished, click on Quit button. Next, open the directory where recovered photos, documents and music are stored. You will see a contents as on the image below.
All restored files are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your system from .Doples ransomware?
Most antivirus apps already have built-in protection system against the ransomware virus. Therefore, if your computer does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Use HitmanPro.Alert to protect your system from .Doples ransomware virus
HitmanPro.Alert is a small security utility. It can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Click the following link to download the latest version of HitmanPro Alert for Microsoft Windows. Save it on your Desktop.
Once downloading is complete, open the directory in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. Once the utility is launched, you will be shown a window where you can choose a level of protection, as shown in the following example.
Now click the Install button to activate the protection.
Finish words
Now your PC should be free of the .Doples ransomware virus. Delete MalwareBytes Anti-Malware (MBAM) and KVRT. We suggest that you keep Zemana Anti-Malware (to periodically scan your personal computer for new malicious software). Make sure that you have all the Critical Updates recommended for Windows operating system. Without regular updates you WILL NOT be protected when new ransomware, harmful software and adware are released.
If you are still having problems while trying to get rid of .Doples ransomware virus from your computer, then ask for help here.
