Pezi ransomware (Virus Removal Instructions) - Bonus: Decryption Steps

Pezi virus Removal Guide

What is Pezi ransomware?

Pezi ransomware is a dangerous computer infection that restricts access to personal files and blackmails victims

Pezi ransomwarePezi ransomware - a virus that creates issues with the system after locking commonly used files.

Pezi ransomware is a data locking infection that typically spreads via software cracks or pirated program installers that can be downloaded from insecure third-party sources such as Peer-to-peer networks. Once on the system, the cryptovirus performs full encryption of images, documents, video, audio files, archives, as well as other data, and then appends .pezi marker to them. As a result, users are unable to access their data, as they require a unique key that is stored on a remote server controlled by the attackers.

Once Pezi ransomware is done with encryption,[1] it delivers the ransom note file in the form of _readme.txt. This message encourages people to pay the ransom of $490/$980 for file recovery (depending on how fast users contact criminals via the or email).

While uninstalling malware from the system will not recover access to .pezi files, you should not rush to pay cybercriminals, as there are several alternative methods that could sometimes help you to restore data or at least a portion of it – Emsisoft's decryptor, built-in Windows resources, and third-party tools can all be used for the purpose.

Pezi ransomware is the 228th version of the DJVU virus family, which considered to be among the most prevalent cryptomalware strains currently in the wild. To find out what to do and what not to after being infected, please check all the tips and removal instructions provided below.

Name Pezi ransomware
Family DJVU virus
File marker .pezi is the appendix that gets at the end of every file encrypted by this virus
Ransom note _readme.txt – the file that delivers all the details about possible users' steps and encryption
Contact emails and
Ransom amount $490, although the sum doubles to $980 if no contact is made with cybercriminals within 72 hours after the infection
Distribution Ransomware is known for being distributed mainly via pirating sites, cracks, and cheatcodes – users download malicious files intentionally without realizing that it would result in a ransomware infection
Damage The malware of this type be installed along with other infections and include a data-stealing module that would harvest credentials and other sensitive data from the affected computer. Nonetheless, the highly-likely loss of personal data is the most damaging trait of a ransomware infection
Elimination Pezi ransomware removal is a difficult process, so rely on anti-malware tools and scan system fully, so all malicious files can be eliminated promptly
Repair Since the system is affected by all the malware changes, your device may get damaged, but security tools might fail to fix this damage. Thus, choose FortectIntego or different PC repair application to find and fix the affected system files

Pezi ransomware is the file-encrypting virus that restricts access to commonly used files and marks them using the .pezi extension, hence the given name of the ransomware. This is one of the newest versions and the family that belongs to STOP ransomware, so decryption is hardly possible. Previously, in 2019 many of the malware versions used offline IDs for encoding, so researchers managed to use that to their advantage and helped people to recover data with tools like STOPDecrypter.

Right now it is not possible because online IDs are in use for the most part. Users still can try the Emsisoft Djvu decrypter, but this is also the tool based on offline IDs. A quick indication might be t1 at the end of a victim's key displayed in the ransom note you receive. Unfortunately, there are not many other options for your files, so the best way to recover from the infection is to remove Pezi ransomware and replace affected data with safe copies from data backups.[2]

If you do not have proper files backed up the recovery of encrypted Pezi ransomware files can create some issues. There are some data recovery programs, third-party applications, and system features that could help, but some of the changes that malware does on the machine can trigger issues with functions, programs, and security features.

Pezi virus might disable AV tools, file recovery functions, or even delete some crucial files in the system folders, alter registry entries. All the changes significantly affect the persistence of this threat and leave little to none possibilities for the victim to get their files recovered or malware safely removed.

However, you need to react to this infection and go straight to Pezi virus removal once you receive the following message:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID

Pezi virusPezi ransomware is the threat that makes users frustrated when images, documents, audio, video files become locked and unopenable.

When the Pezi ransomware virus infects the machine, it searches the system for files in .doc, .docx, .xls, .pdf, and other most-commonly used formats to cause maximum damage to the victim. For that, a strong RSA encryption algorithm is used – it cannot be deciphered even by quantum computers. For that reason, once the files are encrypted, you can no longer open .pezi files, as a long key that consists of a long strain of randomly-assigned alphanumeric characters are required. To simply put it, imagine it as a Zip or Rar file that is password-protected, and the only ones who know the passwords are cybercriminals.

By providing test decryption service and restricting access to the most-commonly used files, Pezi ransomware authors ensure that you are more likely to pay up this way. However, experts[3] do not recommend paying these criminals or even keeping contact with them. These people are targeting your money and valuable information, so anything related to cryptocurrency, blackmail, and cyber infections cannot give any positive results.

Pezi ransomware removal is the process that should help you get rid of the malware. Running an anti-malware tool and scanning the system fully can ensure that the virus is terminated as soon as possible. Unfortunately, this is not how you can recover your files because security software relies on cleaning the malware not repairing the damage.

Luckily there are some additional programs that can help with the damage the Pezi virus created. So once your system is again virus-free, find the best tool for you that can optimize the machine, recover files, or indicate damage. PC repair tool like FortectIntego can for great. You need to run the check on the system and repair drivers, registry entries, system files, or any needed parts. As for data recovery, check options below the article.

Ransomware gets injected into the computer silently

The installation of the ransomware payload might happen when the user is installing applications, freeware, or licensed versions of software, cracks, game cheats from torrent sites, pirating services. Various hacked sites and promotional material can trigger infections like trojans or worms that are known for causing ransomware infections.

Ransomware payload file can be disguised as an executable or different system file, so when you install anything it is common to receive such a file without paying much attention. Unfortunately, emails that pose as legitimate notifications from companies or services can include links to malicious sites or trigger direct stops of malware scripts with macro virus functions.

The best way to avoid these infections is by paying attention to various details, including sources that you use for software and other downloads. Pirating is never a good idea because you cannot be sure that all those senders are legitimate and not malicious people. The internet is full of scammers, so emails with financial information should only be trusted when sent from companies and services you use and rely on. Any suspicious email should be considered dangerous.

Move to Pezi ransomware termination as soon as possible

Pezi ransomware virus can run on the machine for a while and cause various issues right away or even damage the system first before your files get encrypted. This makes the process of virus elimination more difficult when the system is affected by the virus in various ways.

Pezi cryptovirusPezi virus is the ransomware that is not decryptable unless offline IDs get used in encryption procedure.

The Pezi ransomware removal is the quickest when anti-malware tools get employed for the job. Once you run the AV detection engine-based application or security tool like SpyHunter 5Combo Cleaner or Malwarebytes, you can check parts of the system where malware may hide its files and add other programs for the purpose of ensuring the persistence.

When you decide to remove Pezi ransomware completely from the system, you need to double-check before doing anything else. It is especially crucial when it comes to data recovery and system alterations. If you add the external device with file backups on the machine that is still affected by the ransomware, your data may get encrypted again. Repair system functions with FortectIntego and rely on the tips below before you try to restore encoded files yourself.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Pezi virus. Follow these steps

Manual removal using Safe Mode

Reboot the machine in Safe Mode with Networking when you want to run the AV tool and remove Pezi ransomware

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Pezi using System Restore

To get rid of the threat, you may need to use System Restore feature

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Pezi. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Pezi removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Pezi from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Pezi, you can use several methods to restore them:

Data Recovery Pro can help with file recovery

The program can restore files affected by the Pezi ransomware or accidentally deleted items

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Pezi ransomware;
  • Restore them.

Windows Previous Versions create an option for data resroting

When System Restore gets enabled, you can rely on Windows Previous Versions and recover files yourself

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer for your files encrypted by Pezi ransomware

Shadow Volume Copies may get affected during encryption, but if not ShadowExplorercan be a reliable method

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption software option for some Djvu versions

Pezi ransomware is not decryptable itself, but this tool may help victims in some cases

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Pezi and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions