How to remove Zepto virus

Zepto virus


Zepto virus and removal overview

Some viruses have a limited range of extensions, but the Zepto, like its predecessor Locky, encrypts almost all kinds of data that can be stored on the user's computer. Images, video, audio and text files - all this turns into a set of characters, to understand that it is practically impossible. Hackers use just two encryption systems to protect the files from the recovery. First, the data is encrypted using AES-128 algorithm, which itself is a very strong one, and can’t be broken without a decryption key. Thereafter, the obtained key is encrypted using RSA-2048 algorithm. Thus, even if your data remain on your computer, you do not have any access to them, since both applied encryption systems are the best in the world, and are widely used by large corporations, governments and armed forces of various countries to protect secret data. Names of all files are converted to long sets of letters and numbers, looking something like this: G3S8IFGZ-H3TY240B-5S6Q-97KLR564O73U.zepto. In addition, on the desktop and in each folder appears the file, named "HELP_instructions.html", which explains in detail what you need to do to recover your data. The essence of the message is the same: pay us 0.5 BTC (about $ 300), and we will give you your files.


Zepto encryptor

How Zepto works

Zepto is a new product from the group of hackers known by the fact that it has developed Locky virus. Locky still terrorizes many users around the world, but the joint efforts of several large IT-corporations managed to find a way to neutralize it. Hackers decided not to waste time in vain, and then restart the virus with different configuration. It is now called Zepto, and assigns an extension .zepto to all encrypted files. More about .zepto files: How to decrypt .zepto files virus.


Zepto virus


Versions of Zepto

The fact that the new incarnation of Locky virus spread on the web is already causing concern. To win the previous version of the virus, it took several months. Now hackers are ready for the attack, and it will be much harder to get the keys. Therefore, if your data is really important to you (for example, if the Zepto has infected your workstation computer), then be prepared to pay the ransom. If you want to know more about Locky virus - we have a decent article about Locky ransomware Of course, before that, we recommend that you familiarize yourself with the provided data recovery methods.

Zepto virus

How Zepto infected computer

If you have not encountered ransomware earlier, now we will explain to you what's going on with your computer and your data. Zepto virus has penetrated your computer, most likely through an infected attachment in an email. Hackers use few basic configurations of e-mails. The most effective ones are the delivery notes. Such e-mails come with branded headings, and look completely reliable. They say, user had to receive the package, but some mistake occured, and user needs to confirm something, or give more information. Of course, nobody wants to lose the misterious package, because there might be anything. The message is accompanied by an attachment that contains the viral files. If the user is interested enough to open the attachment - the virus succeeded. After penetration, the virus quickly encrypts all your data, making them inaccessible.


Zepto virus

Zepto virus removal

Do not forget about removing the virus. Removing ransomware will not affect encrypted files, however, it is necessary to make before downloading new information to a PC and even more, download a backup. If you do not remove the virus, then all of the data that will appear on the PC will also be encrypted, and your problem will be even bigger. To remove Zepto quickly and painlessly, you can take advantage of our detailed instructions, or just install a decent and effective anti-virus. We propose to use for this purpose Spyhunter, which perfectly copes with such threats. Click here to download Spyhunter and remove virus automatically.

Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

Alternative way how to boot computer into safe mode:


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok

Step 3. Remove Zepto files

Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%

Step 4. Clean registry

  • Click Start
  • Type Regedit.exe and press Enter
  • Check next registry keys:
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit


Video instruction



Zepto virus FAQ

Q: How to protect my computer from other ransomware?

A: There are few things that everyone must know about all ransomware in general and about Zepto in particular. To protect your PC against any ransomware you should follow these simple rules:


  • The anti-viral tool that you have on your PC must always be turned on and up to date. If you will keep your anti-virus ready to action - your PC will always be protected. If you'll receive the message with the request to disable an antivirus - it is, most likely, the message from hackers or an automatic spam message of virus.
  • If you suffered from ransomware once, you'll never want to repeat this, so you should check all files that you are downloading. Especially, if they came from untrusted sources (like e-mails from unknown senders). There are special programs, called "sandboxes". There are plenty of them, and some of them are built in the anti-viral tools. These programs allow you to view the content of the file or archive without running it. Use them to minimize the risk of infection.
  • We all know that mistakes happen, and if the PC is infected, then the only thing that can save your data is the decent backup. If you value your data, you should do backups at least once in a week, and store them on an external media which is disconnected from PC. If you do that - the virus won't be able to infect them, and you won't need to decrypt anything: just remove the virus and keep on working.

Q: How to decrypt .zepto files?

A: Data Recovery is the most difficult part of Zepto problem. Recovery can be performed in several ways, but only one of them is really reliable. This is the restoration using backups. If you have the backups, but you don’t know how to recover your data from them - you just have to read the instructions below and return the files. However, most of users do not have backups, and it is necessary for them to use other recovery methods, which do not guarantee a 100% result. The next way that we can advise is the restoration from the shadow copies. This service is included as standard Windows OS, but in order to more quickly and effectively deal with shadow copies, here are very useful programs such as ShadowExplorer or Recuva. Both of these programs are absolutely safe and secure. To use them correctly, you need to download any of these programs from the official website, and read the instructions posted there.

If the shadow copies are deleted by virus, then you have only a third way, which can be called passive. You just have to wait until the well-known corporations, or groups of enthusiastic hackers will hack Zepto database, and will draw out the keys. To facilitate your search, we advise you to pay special attention to the site of Kaspersky lab, as well as Emsisoft and MalwareHunterTeam sites. Check for updates often, because, most likely, on one of these three sites you will see the first effective tool to decrypt .zepto files.

  • Click Start
  • Click Control Panel
  • Click System and Security
  • Select Backup and Restore
  • Select Restore files from backup
  • Select checkpoint to restore

More information about file restoration:




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 4.50 [8 Votes]


0 #1 BigJonMX 2016-07-14 08:51
According to everyone else on the interwebs its impossible to use ShadowExplorer or Recuva for the above purposes.
So include HowTo or remove

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience