GusCrypter ransomware (Removal Guide) - Free Instructions

GusCrypter virus Removal Guide

What is GusCrypter ransomware?

GusCrypter – ransomware which was discovered at the end of October 2018

GusCrypterGusCrypter is ransomware which was discovered in October 2018.

GusCrypter is a ransomware virus which secretly infiltrates the computer system via spam messages and starts modifying the Windows Registry[1]. Once that happens, the dangerous cyber threat uses the AES cipher to lock up all documents that are located on the infected computer. GusCrypter virus, also known as GUScryptolocker and GusCryptor, appears in the computer system as the GusCrypter.exe file. Moreover, this ransomware can be recognized from the .GUSv2 appendix it adds to each encrypted document. After that, the crooks urge for a particular ransom in Bitcoin which should be the price for the decryption tool. All information and contacts are given in the DECRYPT.html message.

Name GusCrypter
Type Ransomware
Starts activity in Windows Registry
Related file GusCrypter.exe
Cipher AES
Extension .GUSv2
Ransom note DECRYPT.html
Removal Get rid of the virus ASAP. Furthermore, install FortectIntego to take care of the damage

Here is the ransom note sample:

YOUR PID: 567890123
the WHAT the NOW?
Us email
the Write your ID AT title of mail and country AT old body of mail and? Answer: wait.
You have to pay some bitcoins to unlock your files!
If you try to unlock your files, you may lose access to them!
No one can guarantee you a 100% unlock except us!

As you can see, crooks claim that no one except they can unlock your encrypted files. However, note that criminals who spread GusCryptor ransomware try to frighten their victims as much as possible. The more they succeed, the bigger the amount of revenue will be. Although the encryption and decryption codes are very difficult to identify, there are better options than transferring the demanded price.

We advise being more clever than the cybercriminals and staying away from any contact. You can never trust a crook like this as there is a very big chance of getting scammed. Moreover, you can face money losses which you definitely do not need. We suggest performing GusCrypter removal as soon as possible and then trying to restore files by using third-party apps.

Note that you first need to remove GusCrypter virus and just then start thinking about data recovery, otherwise, the entire process will end up useless as the virus will easily renew itself with the next computer boot. Furthermore, download and install computer tools such as FortectIntego to take care of all damage that might have been done by the ransomware virus.

In some cases, ransomware[2] such as GusCrypter can easily open paths for other computer viruses. If such a thing happens, your computer system becomes even more vulnerable and the damage might be even harder to take care of. This beforementioned reason should have increased your believing that these cyber threats need to be terminated ASAP.

GusCrypter virusGusCrypter - ransomware which encrypts files by using unique encryption codes.

Avoid ransomware infections and data encryption

According to IT experts[3], our computer’s and files’ safety is in our own hands most of the time. It is commonly known that ransomware viruses are spread through email messages which contain hazardous attachments. Always act carefully with every email letter you receive. Make sure that you identify the sender and check if the text is written properly and makes sense.

Talking about data safety, there also is a possibility to keep valuable files away from the criminals’ eyes. What you need to do is store important documents on a remote server such as iCloud or purchase a USB key. This way all information that is stored on these devices or servers will become unreachable for everyone, except its owner and that means – you.

Terminate GusCryptor ASAP

As soon as you spot the first symptoms, ransomware needs to be eliminated as soon as possible. To remove GusCrypter virus, use trustworthy and expert-tested anti-malware tools. Moreover, you can download and install reliable computer software such as FortectIntego, SpyHunter 5Combo Cleaner, or Malwarebytes. These programs might help you detect all dangerous objects in the computer system.

After performing the GusCrypter removal make sure that you proceed with some system backups. Check if the virus and all ransomware-related components were eliminated successfully. Moreover, do not forget to be careful next time and remember all steps that are needed to avoid similar cyber threats in the future.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of GusCrypter virus. Follow these steps

Manual removal using Safe Mode

Enable the Safe Mode with Networking function on your computer system to deactivate the ransomware virus. Use these instructions if help is needed:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove GusCrypter using System Restore

Activate the System Restore feature on your computer by taking a look at these steps:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of GusCrypter. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that GusCrypter removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove GusCrypter from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If you have been wondering how to restore locked files, you have come to the right place. Complete such process with the help of our below-given methods. We cannot guarantee that these tools will recover all files, but it is definitely worth a try!

If your files are encrypted by GusCrypter, you can use several methods to restore them:

Data Recovery Pro might help you get files back:

If ransomware has encrypted important documents on your computer, this method might let you restore some of them.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by GusCrypter ransomware;
  • Restore them.

Windows Previous Versions feature can help with data recovery:

This tool might be very helpful if used properly. However, it needs one condition to work – you should have enabled the System Restore feature before the virus entered your computer system.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Using Shadow Explorer might let you recover some documents:

Note that this method will work only if the ransomware virus did not erase or damage the Shadow Volume Copies of encrypted documents.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Cybersecurity experts have not yet discovered the original GusCrypter decrypter.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from GusCrypter and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions