RSA-4096 ransomware removal instruction. Ways to decrypt the corrupted files

RSA-4096 virus belongs to the most annoying and dangerous type of viruses – ransomware. Ransomware is the most damaging to ordinary users, because of its obscurity and effectiveness. Even an experienced computer operator could fall a victim of ransomware, as it's very difficult to detect before it has done its job.


RSA-4096 encryptor

How RSA-4096 Virus works

It’s the unwanted software, which interrupts to use a PC in some way. It could be the lock of browser, the lock of the whole PC, or the large banner, which interrupts you to click on any icon, even on the “start” button. Or, in the worst case, it is a crypto-locker. This type of ransomware encrypts all files on user’s computer, and demands a ransom to decrypt them. This is how the RSA-4096 virus acts. It crawls through the anti-viral security of your computer (if it has one), installs itself and begins to encrypt all files on your hard drive. Such viruses aren’t the new invention. Actually, the first encrypting virus was created more than two decades ago, but this scheme works pretty well until today.

RSA-4096 encrypts all the files on your PC and deletes the originals, so the encryption couldn’t be reversed in any way accept the decryption with a key. All files become unusable and all you will see – it’s the message from hackers, like “Now all your files were protected by a strong encryption with RSA-4096”. If you see this message, it means that the process is complete, and you have to pay ransom, or totally clean your PC from virus and forget about your data.

How to remove RSA-4096 Virus from the computer

So, the main thing for you is to decide: will you pay the ransom or not. If you will – just do it, but remember about the risks. Hackers don’t care about you and your information, the only thing the care about is money. As soon as you pay them, their job will be done, and they could just forget about you. There’s no need for them to decrypt your files, and you have no leverage over them, to force them to fulfill the terms of the agreement.

If you accepted, that your files are lost, and you won’t pay 500-1000$ for their decryption – you have to clean your PC from virus. This could be done with two techniques: manual and automatic. Manual mode includes sequential removal of all viral components, cleaning the register, and must be held in Safe mode. This method is safe and quick, but if you’re not experienced enough – you may cause some issues with your actions. Any wrong turn might be fatal for your PC, and you have to follow all instructions very closely.

Automatic mode consists of the downloading of anti-viral software, and launching it. Everything else is the anti-viruses job, and it will cope with the virus in a few minutes. Some anti-viral tools are more useful than others, and the best choice in this situation is Spyhunter, the tool from Enigma Software, which could remove literally any virus, adware or hijacker from your PC. So, if you want to purchase Spyhunter – just click the button below. If you prefer to remove the virus by hand – here are the detailed instructions with video-guide. Click here to download Spyhunter and remove virus automatically

Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

Alternative way how to boot computer into safe mode:


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok

Step 3. Remove RSA-4096 files

Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%

Step 4. Clean registry

  • Click Start
  • Type Regedit.exe and press Enter
  • Press Ctrl+F and search for "RSA-4096"
  • Delete items found

How to decrypt your files

This question is the most popular in the comments to all articles about RSA-4096 removal. The answer is: there is no 100% effective way to remove the encryption except the load of backup. If you have no backups on the time, when PC was clean – you could try to use such programs as Recuva and Shadow Explorer. These programs could help you to restore the system or the exact files even if you have no saved copy. But there is no guarantee of success. Additionally, you can try to use Kaspersky ransomware decryptor.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Video instruction





Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 4.10 [5 Votes]


0 #4 Kate 2016-05-31 06:30
Quoting SonyaMSG:
What do I do if there is no "restore" point?

Hello, try to use Recuva and ShadowExplorer
0 #3 SonyaMSG 2016-05-28 02:49
What do I do if there is no "restore" point?
+1 #2 Kate 2016-05-19 13:23
Quoting manikanta:
this is not useful...give me another solution how to restore encrypted files form rsa-4096 cryptolocker.

I can only suggest you to follow these instructions
0 #1 manikanta 2016-05-18 06:59
this is not useful...give me another solution how to restore encrypted files form rsa-4096 cryptolocker.

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience