Meka ransomware (Free Guide) - Decryption Methods Included

Meka virus Removal Guide

What is Meka ransomware?

Meka ransomware is the virus belonging to a family which spreads via pirated files and torrent services

Meka ransomwareMeka ransomware is the virus that blocks cybersecurity sites, disables antivirus tools and makes your data useless. Meka ransomware is the cryptovirus that was reported by users at the beginning of November. It is one of the last ones in the Djvu virus family that came out after a few decryption tools got released. Unfortunately, those programs work for earlier versions, and this one that appends encrypted files with .meka is not included in them. Almost 200 different versions have already been included in the list, so this not a new virus nor the hacker team. However, some features get changed once new versions get released and discovered. Once the proper RSA encryption method got employed, the virus became not that easily decryptable as before.

The particular Meka ransomware virus is the one that has a different file marker that other versions, but ransom note comes in _readme.txt file as previous variants. Contact emails for the developers –,, also remain unchanged for some versions since Coot ransomware. These features are not something crucial, but it indicates that malware code is not much changed from the original releases

Name Meka ransomware
Type Crypto-currency extortion malware[1]
File marker .meka is the extension that comes before the generic one on files that get encrypted and indicates all of them from the untouched data
Ransom note A file that gets placed in various folders and other places all over the machine _readme.txt, contains the payment demanding message and instructions
Family Djvu/STOP virus[2]
Contact emails,
Distribution The main technique used by these particular criminals who developed the threat is infected file distribution. There are many methods of how files get around the world: torrent services, pirated software packages, or spam email campaigns. The main thing is to make the targeted person install, open, or download the needed file. Once that is done, the machine gets infected
Elimination You need a professional anti-malware tool that can run on the machine and check for threats to fully remove Meka ransomware from your device and eliminate any damage or associated files, programs

Meka ransomware virus is nothing else but a product of cyber criminals focusing on money and scaring people. This is a newly discovered threat that people have reported online[3]. But researchers haven't got enough samples to perform in-depth analysis.

However, based on DJVU ransomware creators ant their tactics previously, we can determine some particularly common features that Meka ransomware also should have:

  • Malware gets on the system when pirated software, cracks, or cheatcodes get downloaded and installed. The malicious file gets triggered immediately after the installation and loads ransomware payload on the machine.
  • The infection also includes a secondary download of info-stealing trojan or other malware.
  • Malicious processes take place during the fake Windows updating that masks the screen by claiming your device is scanning at the time.
  • Virus deletes disables and changes many things on the system, so it keeps on running, although the main payload is deleted after the encryption process. This is to keep all the malicious features interrupted.

Meka cryptovirusMeka ransomware is a crypto-currency extortion-based threat that encrypt files and demands payments because cybercriminals behind the program only care for money that can be obtained from you. This is the type of malware that mainly affects Windows devices and damages files in such formats as images, audio, video files, documents, and other data used on a daily basis. However, Meka ransomware is not a simple malware, so encryption is the main process, but not the only one that affects the PC.

Once Meka ransomware encodes those files and delivers the ransom message, additional payloads affect the security tools, registry entries, and other important parts that can lead to the permanently damaged machine. You should get rid of it as soon as the following demand appears on the screen:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours

What to do when ransomware hits

As we mentioned Meka ransomware belongs to another family of malware that is known as the more active and never sleeping one. The whole infiltration of this threat happens immediately once the infected files get on the system, so first thing you can notice is the speed of the machine. However, in most cases, victims cannot spot anything until all files get encrypted and ransom note delivered.

From there machine is fully infected, and Meka ransomware virus can run anything it pleases. This makes the biggest danger because victims mainly focus on their data that gets locked and starts worrying about the decryption, forgetting the system entirely. You should react to the infection immediately to try saving the device from permanent damage and corruption.

As for Meka ransomware removal, you need to get anti-malware tools that can find all traces and malicious files hidden on the network. Then, use FortectIntego to help you recover damaged or corrupted system files on Windows.

However, programs that can remove Meka ransomware are not capable of decrypting and recovering your files, in most cases. Free decryption tools are developed but work for previous versions of the malware or files that got encrypted with offline keys only. The particular application that could restore .meka files is not developed yet. You can try this tool, search for another free program, or wait for another official decryptor.

To have the best options in the future when Meka ransomware decryption tools get released, you should store all files related to the malware on an external device. Then run a proper elimination process and restore files using other methods. As experts[4] always note, to have a virus-free machine, you need to delete everything, but those files may be useful for decryption later on.

Meka ransomware virusMeka ransomware is a threat that has many versions similar to it due to the safe virus family. However, most of the new ones cannot be decrypted.

Be aware of all the possible methods used to spread the malicious payload

Infected file attachments or documents, executables hidden in software packages seem to be the main method that ransomware developers use. However, there are many people who trust spam emails, torrent services, and ignore some major red flags.

Criminals send out spam emails and forge header titles to trick people into believing that emails come from DHL, UPS, eBay, Amazon, or other known companies. Once they fall for the scam and download the file, this is how ransomware payload gets triggered and loaded on the machine.

Pirated software, serial numbers of legitimate games, license keys, cracks, and cheatcodes are also commonly downloaded from torrent or pirating services, so people let malware get on their devices. You should either restrain from anything similar to these networks or keep the AV tool constantly running, so malicious sites and programs get blocked.

To get rid of Meka ransomware virus damage, you should clean the PC fully

The whole process of Meka ransomware removal sounds impossible when you consider that the virus changes various parts of the device besides encrypting physical files found on the computer. To completely clean the system, you need to delete all the associated applications, data, and malware.

It is not that easy to achieve a fully virus-free machine after the infection like Meka ransomware virus, but it is possible. Many anti-malware tools are created with the focus on ransomware-type threats, so you can achieve the best results with those programs.

We also recommend to get professional tools, and then remove Meka ransomware, clean the machine fully and then double-check for virus damage. You should use SpyHunter 5Combo Cleaner, or Malwarebytes at first and then repair the system with FortectIntego. Since decryption tools have many exclusions and may not work with this virus, the best way to recover encrypted data – file backups from external devices.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Meka virus. Follow these steps

Manual removal using Safe Mode

Reboot the machine in a Safe Mode with Networking, so you can freely eliminate Meka ransomware from the system

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Meka using System Restore

System Restore feature is one of the methods within the Windows OS that can be used to fight malware

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Meka. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Meka removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Meka from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Meka, you can use several methods to restore them:

You should try Data Recovery Pro for proper file restoring purposes

When you don't have data backed up, you should try software options like this

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Meka ransomware;
  • Restore them.

Windows Previous Versions – the alternate Windows feature for file recovery

You can recover individual files using this feature when you enabled the System

restore before

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Get rid of Meka ransomware by relying on ShadowExplorer as your tool

You can use this alternate method when Shadow Volume Copies are left untouched

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption tool for Meka ransomware specifically is not developed yet

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Meka and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions