Remove .Damoclis Virus Files From Your Computer

The .Damoclis virus is the newest strain of the Nemesis malware family, possibly an update to previous related samples. As a result of the infection important data has been renamed using the .Damoclis extension. Victims can eliminate the dangerous ransomware and avoid ransom payment by following our removal guide.
Remove .Damoclis File Virus and Restore Data
Recover .Damoclis Files
Skip all steps and download anti-malware tool that will safely scan and clean your PC.

DOWNLOAD .Damoclis Removal Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

How Does .Damoclis Virus Infiltrate the System?

The .Damoclis virus uses many of the distribution strategies of the Nemesis malware family. At the moment the virus samples are still being analyzed and the malware analysts cannot trace down a particular source of infections. It is presumed that the most widely used techniques are being employed as well.

One of them relies on the creation of numerous payloads which contain the dangerous virus. A common way of doing so is using email templates which are generated automatically and sent to the potential victims. Depending on the particular case the following major types can be categorized:

  • Hyperlinks ‒ Links to the .Damoclis virus payload can be inserted in the body of the email messages. The users are fed with social engineering tricks that can be used to manipulate them into interacting with the dangers.
  • File Attachments ‒ The .Damoclis virus can be inserted directly to the messages as file attachments. They can be either the executable file or a payload.
  • Complex Strategies ‒ The attackers utilize social engineering messages which may require interaction or communication with the hackers by the victims to initiate the virus release.

When the hackers utilize payloads they can come under different forms. Usually the .Damoclis virus files are contained in files of user interest. Examples include documents of different types ‒ rich text files, spreadsheets, presentations or databases. They are either uploaded to hacker-created sites or sent via emails.

The payloads can also be deployed on hacker-controlled sites, they are specifically made by the operators to distribute the virus. Strategies include the creation and support of advertising of search engines, portals or single sites. The criminals can utilize browser hijackers as well. They are dangerous browser-based plugins that seek to redirect the users to a hacker-controlled search engine or site, extract information and cause other disturbances. The usual sequence of events that follows is the following:

  1. The browser hijacker upon installation on the target browser starts to modify important settings like the default search engine, new tabs page and default home page to point to the designated address.
  2. Sensitive information is harvested from the victim’s computer which includes history, bookmarks, account credentials, passwords, cookies and etc.
  3. The hijacker code can install malware such as the .Damoclis virus during the infection phase.

Infection Flow of .Damoclis Virus

The .Damoclis virus has been found to be part of the Nemesis malware family. This means that the hacker operators behind it most likely have obtained its code from the underground hacker marketplaces. At the moment their identities are unknown which does not give enough evidence that the same operators have made the new strain. Security experts speculate that the .Damoclis virus can be further upgraded to include additional modules such as the following:

  • Trojan ‒ They can be used to take over control of the affected machines at any given time.
  • Surveillance ‒ Advanced spy mechanisms can be employed which allow the hackers to spy on both the user’s actions, but also mouse movement, keystrokes, device input and other.
  • Additional Malware Delivery ‒ The .Damoclis virus code can be used to install other viruses to the intented targets.

Like Nemesis the .Damoclis virus is made up of a modular engine that can be modified to include different modules. The current configuration is taken from the limited number of associated virus samples. The security analysts discovered that one of the first actions done by the malware is to modify important Windows Registry values. This is done in order to institute a persistent state of execution. When such a condition is created the .Damoclis virus automatically monitors the computer and the user actions for manual removals which are negated. Effectively removal and restore of the computer and the files is possible only by using a professional-grade solution.

Depending on the configuration the .Damoclis virus may also resort to the removal of all found Volume Shadow Copies used by the operating system to create backups. What this means is that data recovery is very difficult and sometimes even impossible. If this module is configured to run with the current attack wave then only the use of a professional-grade data recovery solution can be used as an effective recovery method.

Once this is done the .Damoclis virus continues further. The malware code is stated to execute very time the computer starts. During the initial infection the encryption engine is started which uses the typical strategy of using a prebuilt list of target file extensions. The hackers usually target the most widely used files with the strong cipher: music, archives, documents, videos, photos, backups, databases and etc. As a result all victim files receive the .Damoclis extension>

Once this is done a ransomware note is created in a HOWTODECRYPTFILES.html which can be read using any web browser or text editor. It contains the following message:

Damoclis gladius Ransomware
To decrypt your files you need to buy the special software – <>
To recover data, follow the instructions!

You can find out the details/ask questions in the e-mail:
[email protected]
You can find out the details/ask questions in the chat: (not need Tor) (not need Tor)
https://45piyhyier7gcz3d.onion (need Tor)

If the resource is not available for a long time, install and use the Tor-browser:
1. Run your Internet-browser
2. Enter or copy the address in the address bar of your browser and press key ENTER
3. On the site will be offered to download the Tor-browser, download and install it. Run.
4. Connect with the button “Connect” (if you use the English version)
5. After connection, the usual Tor-browser window will open
6. Enter or copy the address https://45piyhyier7gcz3d.onion in the address bar of Tor-browser and press key ENTER
7. Wait for the site to load

// if you have any problems installing or using, please visit the video tutorial
Your personal identification ID: 369209069

Note that the criminals have resorted to the standard practice of using a payment gateway site hosted on the TOR hidden network. The criminals demand a ransom payment of about $500 at the moment the value can be changed at any time.

The victims should not fall for the hacker’s strategy. The best way to effectively remove and restore an infected machine is by following our in-depth .Damoclis virus removal guide below.

Remove .Damoclis File Virus and Restore Data

Please note that paying the requested ransom fee to cyber criminals does not really solve your problem with .Damoclis virus. In fact, you only encourage hackers to continue spreading ransomware this way. Instead, you must remove the threat immediately, and only then look for ways to recover your data with a data recovery tool.

WARNING! Manual removal of .Damoclis virus requires being familiar with system files and registries. Removing important data accidentally can lead to permanent system damage. If you don’t feel comfortable with manual instructions, download a powerful anti-malware tool that will scan your system for malware and clean it safely for you.

DOWNLOAD Anti-Malware Tool

.Damoclis Ransomware Virus – Manual Removal Steps

Start the PC in Safe Mode with Network

This will isolate all files and objects created by the ransomware so they will be removed efficiently. The steps bellow are applicable to all Windows versions.

1. Hit the WIN Key + R

2. A Run window will appear. In it, write msconfig and then press Enter

3. A Configuration box shall appear. In it Choose the tab named Boot

4. Mark Safe Boot option and then go to Network under it to tick it too

5. Apply -> OK

Show Hidden Files

Some ransomware threats are designed to hide their malicious files in the Windows so all files stored on the system should be visible.

1. Open My Computer/This PC

2. Windows 7

    – Click on Organize button
    – Select Folder and search options
    – Select the View tab
    – Go under Hidden files and folders and mark Show hidden files and folders option

3. Windows 8/ 10

    – Open View tab
    – Mark Hidden items option

how to make hidden files visible in Windows 8 10 bestsecuritysearch instructions

4. Click Apply and then OK button

Enter Windows Task Manager and Stop Malicious Processes

1. Hit the following key combination: CTRL+SHIFT+ESC

2. Get over to Processes

3. When you find suspicious process right click on it and select Open File Location

4. Go back to Task Manager and end the malicious process. Right click on it again and choose End Process

5. Next, you should go folder where the malicious file is located and delete it

Repair Windows Registry

1. Again type simultaneously the WIN Key + R key combination

2. In the box, write regedit and hit Enter

3. Type the CTRL+ F and then write the malicious name in the search type field to locate the malicious executable

4. In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Click for more information about Windows Registry and further repair help

Recover .Damoclis Files

WARNING! All files and objects associated with .Damoclis virus should be removed from the infected PC before any data recovery attempts. Otherwise the virus may encrypt restored files. Furthermore, a backup of all encrypted files stored on external media is highly recommendable.

DOWNLOAD Anti-Malware Tool

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

1. Use present backups

2. Use professional data recovery software

Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.

3. Using System Restore Point

    – Hit WIN Key
    – Select “Open System Restore” and follow the steps


4. Restore your personal files using File History

    – Hit WIN Key
    – Type restore your files in the search box
    – Select Restore your files with File History
    – Choose a folder or type the name of the file in the search bar
    – Hit the “Restore” button

Preventive Security Measures

  • Enable and properly configure your Firewall.
  • Install and maintain reliable anti-malware software.
  • Secure your web browser.
  • Check regularly for available software updates and apply them.
  • Disable macros in Office documents.
  • Use strong passwords.
  • Don’t open attachments or click on links unless you’re certain they’re safe.
  • Backup regularly your data.
  • Was this content helpful?

    Author : Martin Beltov

    Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

    Related Posts

    Leave a Reply

    Your email address will not be published. Required fields are marked *