Weui ransomware (Virus Removal Guide) - Recovery Instructions Included

Weui virus Removal Guide

What is Weui ransomware?

Weui ransomware – crypto-malware that might result in a complete loss of pictures, documents and other files

Weui ransomwareWeui ransomware - a virus that asks for money directly from the people via ransom note.

Weui ransomware is a cryptovirus that encrypts victims' personal data and demands a ransom. The malware belongs to the ever-growing Djvu ransomware family, which has over 250 variants threatening everyday computer users since December of 2018, with viruses like Lisp, Vvoa, Iiss, and many others.

As soon as ransomware gets access to a computer, it starts the encryption process instantly. During this process, all files are appended with a .weui extension and thus are rendered inaccessible. Since the latest version from this family are using an army-grade RSA encryption algorithm, it's very hard to decrypt the data without the necessary tools.

When all personal files, like pictures, documents, archives, etc., are renamed and encrypted, Weui virus generates ransom notes (_readme.txt) and places them in every folder so that the victims could find them easily. Within these notes cybercriminals state instructions and their demands. They also leave two emails for communication purposes – helpmanager@mail.ch and restoremanager@airmail.cc.

name Weui ransomware
Type Ransomware
Family Djvu ransomware
Ransom note _readme.txt
Ransom amount $980 if the victims are not hasty and don't contact/pay within 72 hours of infection. If the users are quick, a 50% discount is given, lowering the ransom to $490
Appended file extension .weui is appended to all non-system files
Criminal contact details As usual with Djvu family viruses, two emails are provided to establish contact: helpmanager@mail.ch, restoremanager@airmail.cc
Virus removal Professional anti-malware software should be used to eliminate the virus from the system fully
System Clean-up The FortectIntego system tune-up tool should be used after malware's elimination to find and fix any system issues the virus might have caused

Ransom notes among the viruses from this lineage differ very slightly if at all. First, the creators of Weui file virus explain that all personal data was encoded and that the only method to unlock it is by purchasing their decryption tool. Then they offer a free decryption of one file to prove to the victims that the necessary tool really exists. They even provide a link to a video where such a tool can be seen in action.

The middle part of the ransom note is all about the ransom amount. The price of the Weui ransomware decryption tool is $980. But if the victims are hasty and contact the hackers within 72 hours of the attack, the cybercriminals are nice enough to offer a 50% discount, reducing the ransom amount to $490. The preferred payment method isn't mentioned, but we can speculate that the ransom will be asked to forward using cryptocurrency Bitcoins.

The last part of the Weui ransomware money extortion note consists of two emails (helpmanager@mail.ch and restoremanager@airmail.cc) that the cybercriminals provide to establish contact and an appointed unique victim ID. No threats not to try renaming files or use third-party decryption tools are submitted.

Weui ransomware virusWeui ransomware - threat that triggers changes to common files and to system functions.

We always advise against dealing with the cybercriminals and suggest to remove Weui ransomware instead. Professional anti-malware software like SpyHunter 5Combo Cleaner or Malwarebytes should be trusted with this process as manual removal could be a lengthy and difficult task even for experienced computer users.

When Weui ransomware removal is done with, and the device is virus-free, experts[1] recommend using a powerful system tweaking tool like the FortectIntego app, to restore any changes that the cryptovirus might have caused to the system registry, its files, and settings. Only after a system tune-up, the victims should restore their data from backups.

Weui virus developers send this message with their ransom notes:


Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

Evading .Weui file virus and other versions of Djvu family

Nowadays, there are various types of malware[2] circulating around the internet. From sensitive information collecting keyloggers to irritative adware. These kinds of malware could be distributed in various ways. But Djvu family ransomware, including the .Weui file virus is typically spread with game/software cracks.[3]

These illegal activation toolkits are used to unlock commercial, licensed software and the hackers love to exploit it. They name the ransomware payload file as a new game or expensive software crack and upload it to file-sharing platforms like The Pirate Bay, BitTorrent, and alike. So the .Weui ransomware virus executable is downloaded alongside other pirated files.

Weui file virusWeui ransomware - an infection that starts with file-locking.

As soon as such a tool is downloaded an infection and encryption starts immediately and within a few minutes, all data on the computer could be rendered useless. Please refrain from using cracks. Instead, support your beloved game or desired software creators by purchasing their products either directly from them or from official distributors. You can avoid such Weui ransomware removal.

How to recover .weui files? Here are a few answers to this very important question

Without a doubt, it must be scary to see .weui virus files on your computer, especially if contents are important, e.g., related to work or school projects. Cybercriminals are preying on this fact; that is why ransomware targets the most common file types on a Windows computer – .doc, .zip, .jpg, .mp4, and many others.

Many users mistakenly believe that they can get their data back as soon as they eliminate the infection from the system. However, this is a very misleading assumption, as file encryption and virus infection are independent processes, although the former is not possible without the latter. This means that even if you delete the infection from your computer, it will not remove .weui extension from your files.

Once files are locked by ransomware, there are very few chances to recover them without using backups. Unfortunately, not many people are practicing keeping data backups, resulting in devastating consequences in case of a ransomware attack.

If you have no backups but want to recover .weui files, you should not rush paying criminals. There are several other methods that could help you, although keep in mind that the chance of success is relatively low. Here are a few options that you have (you need to backup the encrypted data, delete the malware and only then try them):

  • Use Emsisoft's decryption tool. This option is only available for those who have their files encrypted with an offline ID (which you can find out after employing the tool). Keep in mind that it might take some time before a decryption key is available, as a victim of the same malware version needs to pay the ransom, retrieve the key from criminals, and then share it with the researchers so they can update the decryption tool.
  • Try third-party recovery software such as Data Recovery Pro. In some cases, you might be able to restore at least some copies of files from your hard drive with recovery tools.
  • In case malware failed to delete Shadow Copies, you should be able to retrieve .weui files either manually or by using automated programs for the purpose. To find out more, check the bottom section of this article.

Guidelines for Weui virus removal and system health check

Paying off the criminals and regaining access to the encrypted data might seem like the easiest way out, but by doing it victims endorse and motivate cybercriminals to expand their attacks and research new, more sophisticated malware and spreading techniques. People should focus on Weui ransomware removal instead.

We strongly advise to remove Weui ransomware with the help of reliable and powerful anti-malware software like SpyHunter 5Combo Cleaner or Malwarebytes. Run a full system scan with any of these apps, and they should be able to locate, isolate, and delete the cryptovirus immediately.

As already mentioned, Weui file virus elimination won't decrypt your files. But if you had backups don't rush to use them right away. First, you need to perform a full system scan with a system tune-up app like the FortectIntego to make sure the virus didn't do any harm to system files, and its settings. If it did, system repair apps will take care of it. Only then you're safe to retrieve info from your backups.

If you didn't keep backups, and there's no public decryption tool available, then export all encrypted files to offline storage, like USB drives or any other, and get back to us later. We always update our readers with all the latest news on ransomware, its prevention, and available decryption methods. You could also try some of our suggested data recovery methods listed at the bottom of this article. Remember to clear the malware first and ensure that Weui virus is not going to renew the infection.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Weui virus. Follow these steps

Manual removal using Safe Mode

When or if the anti-virus app fails to remove .weui virus from your system, try doing it in Safe Mode with Networking

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Weui using System Restore

Using System Restore to delete the virus

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Weui. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Weui removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Weui from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Weui, you can use several methods to restore them:

.Weui file recovery might be done with Data Recovery Pro

This third-party app might be a useful tool to recover some lost data.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Weui ransomware;
  • Restore them.

Data restore with the help of Windows Previous Version

This Windows OS feature could be able to restore files version prior to infection.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Using Shadow Explorer for file recovery

Shadow Explorer could retrieve some data from Shadow Copies.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Possible decryption methods for Weui ransomware

One company is dedicated to helping the victims of the Djvu ransomware family attacks. They always update their decryption toolkits so the users wouldn't have to pay the ransoms ever again. Since this a brand new cryptovirus, the decryption tool might not be able to help you still can download and try it out.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Weui and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions