Severity scale:  

Remove Virus-encoder ransomware (Virus Removal Guide) - updated May 2019

removal by Jake Doevan - - | Type: Ransomware

Virus-encoder ransomware is a relatively old data locking malware that recently came back with its newest version that attaches four random letters to files after the encryption

Virus-encoder ransomware

Virus-encoder ransomware is a dangerous cyber-threat that focuses on locking data on the host computer and then demand ransom from its owner for the decryption tool. Initial release dates back to 2016, however, the malware recently made a comeback with the new version, dubbed GetCrypt ransomware.

Just as all file-locking viruses, Virus-encoder ransomware uses a sophisticated file locking technology that uses ancryption algorithms.[1] The original malware used AES + RSA ciphers, while the new version resorts to RSA + Salsa20. Regardless of which encryption method is used, victims cannot access their pictures, music, videos, and other data anymore, which is marked by a random extension at the end of each file.

Questions about Virus-encoder ransomware

As explained by cybercriminals in a ransom note # DECRYPT MY FILES #.txt, users need to email them via, and, later via to be able to retrieve the data with the unique decryption tool that is stored on a remote server and cost a specific amount of Bitcoins. However, experts suggest avoiding any contact with the criminals and rather focus on Virus-encoder ransomware removal.

Name Virus-encoder
Also known as GetCrypt
Type Ransomware
Infiltration Rig exploit kit, 
Cipher AES, RSA, Salsa20
Ransom note # DECRYPT MY FILES #.txt
Removal  Use anti-malware software, such as SpyHunter 5Combo Cleaner
File decryption Make use of Emsisoft's decryptor
Recovery To restore Windows system files, scan it with Reimage Reimage Cleaner Intego

There are a variety of methods Virus-encoder ransomware could get into your machine, including via spam emails, fake updates, unprotected RDP,[2] software cracks, etc. Nevertheless, security researchers observed the latest samples of the virus being distributed via Rig exploit kit.[3]

Once inside the system, Virus-encoder virus will show the following ransom note

Attention! Your computer has been attacked by virus-encoder!

All your files are now encrypted using cryptographically strong algorithm.

Without the original key recovery is impossible.

To get the decoder and the original key, you need to email us at

Our assistance is not free, so expect to pay a reasonable price for our decrypting services. No exceptions will be made.

Later versions of Virus-encoder ransomware drop a very similar note, although the contact emails are different. Regardless of what type of message you receive, you should not get in contact with cybercriminals as it can result in money loss. Quite often, bad actors are simply not interested in sending the decryptor for the paid money and choose to ignore victims. In some cases, virus authors themselves are incapable of restoring the encoded data.

Therefore, it is best to ignore the criminals and remove Virus-encoder ransomware from your device entirely. For that, you need to employ reputable anti-malware software, because deleting the virus manually is practically impossible for a regular user. After that, experts[4] recommend scanning the device with Reimage Reimage Cleaner Intego to fix broken Windows system files, such registry.

After you terminate the infection and fix Windows system, you can connect your backup device to restore your personal files. In case you did not have any prepared, there are alternative methods that you can try – such as third-party recovery tools. Additionally, if you are infected with the latest version of  Virus-encoder ransomware, you can also try the official decryption tool that was recently released by Emsisoft security researchers.

Virus-encoder ransomware virusVirus-encoder is a ransomware-type virus that locks up all personal data on the device and then demands ransomware for the decryption tool

Ransomware-type virus propagation methods and how to avoid them

Virus-encoder can infiltrate your computer via several different ways. For example:

  • It can infect your computer if you tend to open unknown email letters from unknown senders AND especially if you download the attachments from such messages. It is the most common way of the virus-encoder distribution. Such emails are often sent to business people.
  • If you tend to surf through unreliable websites, if you are browsing through a site that shows an enormous amount of ads, suggests to fill various surveys or offers to install free software, you should know that such web page is not worth your trust. Sometimes even one click can initiate execution of a malicious program.
  • If you tend to install new programs on your computer carelessly, always check if the website that provides the download link is reliable. Also, when installing new programs, select the Advanced or Custom installation setting, and deselect every statement that suggests installing unfamiliar applications.

Terminate Virus-encoder ransomware with the help of reputable security application

Virus-encoder ransomware removal should not be executed manually – cryptoviruses usually make significant changes to the Windows operating system, and restoring all the settings and fixing infected system files is not an easy task. Therefore, you should rather trust reputable security software that can do the job for you automatically.

If Virus-encoder virus is tampering with your security software, you should access a safe environment where the functionality of the threat will be disabled. Please follow the instructions below to find out how to remove Virus-encoder ransomware in the Safe Mode with Networking.

If you got infected with the latest variant of the malware, there is a good chance you can recover your files with the help of Emsisoft's decryption tool. If your System is infiltrated by the older version – you can try alternative solutions, such as recovery software. We provide all the download links and usage instructions below.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Virus-encoder virus, follow these steps:

Remove Virus-encoder using Safe Mode with Networking

If Virus-encoder ransomware is preventing your security software from running correctly, enter Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Virus-encoder

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Virus-encoder removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Virus-encoder using System Restore

You can also use System Restore to terminate the virus:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Virus-encoder. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Virus-encoder removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Virus-encoder from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Virus-encoder, you can use several methods to restore them:

Make use of Data Recovery Pro for file decryption

This software might be able to recover at least some files that are locked by the ransomware.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Virus-encoder ransomware;
  • Restore them.

Windows Previous Versions feature might be useful

This option is only viable if you had System Restore point enabled before the attack.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

In some cases, ShadowExplorer might get all your files back

ShadowExplorer is very likely to restore all your files if the malware failed to delete Shadow Volume snapshots.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Make use of Emsisoft decryption tool

Download Emsisoft's decrypter and recover your files for free if you are affected by the latest version of Virus-encoder ransomware.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Virus-encoder and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions


  1. JessicaMaela says:
    November 10th, 2015 at 10:53 am


  2. mother says:
    November 10th, 2015 at 10:54 am

    this virus has destroyed my sons computer! he has lost all the files for his school, he had a lot of word and pdf files! filthy cyber-criminals, screw you!!!

  3. mojOdojo says:
    November 10th, 2015 at 10:55 am

    Have you tried to recover your files from external disks? your son did not save files for school on some usb or similar disks?

  4. 102073 says:
    November 10th, 2015 at 10:58 am

    This ransomware is frightening! Guys, I have dealt with a ransomware before, I know that the consequences of dealing with one can be really really sad. Do not hesitate and get anti-malware! It will keep your computer safe.

Your opinion regarding Virus-encoder ransomware