How to remove Zzzzz virus and restore encrypted files

Locky ransomware is known as the most dangerous virus of this type, and its developers are very productive. They release new versions of Locky ransomware each month, and they don’t seem to stop, because for now, the code of this virus isn’t broken, and it’s one of the most effective ransomware viruses all over the Web. The latest version of Locky is called Zzzzz, and it’s strange, because we know how these guys love Nordic mythology. We expected that new version will be called Tor or Freya, but we were so wrong! Anyway, the virus might be called as it’s developers wish, but it’s still dangerous and this article is about Zzzzz, the ways to remove it and the possible methods to decrypt .zzzzz files.



The monthly update of Locky ransomware isn’t related to its functions and most of users don’t even see any difference between Odin and Locky, or between Locky and Aesir. All changes that malware developers do are inside the code and their task is to neutralize the progress of malware researchers in cracking Locky’s code. According to this, there is almost nothing to talk about, especially if you know what is ransomware, or you encountered it before. In this case you should just proceed to the removal instructions and recovery tips. But if you’ve never been victim of ransomware – you should read this article closely, because here we will describe the pros and cons of Zzzzz virus, the ways to stop it and to prevent it penetrating your PC.



The ways of infection

Ransomware is a type of viruses that cause massive damage to user’s data if user is gullible enough to let the virus enter the system. So, if you will act carefully – ransomware just won’t infect the system, and you’ll have nothing to worry about. All versions of Locky use only one method of infection – the infection through e-mail spam. Hackers create hundreds of fake mailboxes and send hundreds of thousands of messages with the viral script attached to them. Most of the messages look like the notification from large online shop or delivery system, such as FedEx, Amazon, eBay, Aliexpress etc. These messages have almost the same content, and, in general, they state that user won something, or user received a package, and needs to obtain it in the nearest company office. Of course there is no prize and no package, but the script that user executes by clicking on the attachment, launches the download of Zzzzz virus and its installation. After the installation virus sets the scheduled task to run after the next reboot, and goes into sleep mode. Next time when user turns on or reboots his PC is the last time when it is possible to stop the virus. Ransomware starts looking for the most important files, encrypts them, and after that – encrypts the rest. During this process computer’s speed is lower than usual, because part of its resources is involved in encrypting. If user will notice this – he might unplug the PC, or turn in of through on/off button, and run it in Safe mode. Ransomware can’t work in safe mode, so it will be easy to remove it, and some files might be intact.

How to delete Zzzzz Virus

The removal of ransomware is very simple, and it has no difference from removal of any other program, except that it must be performed in safe mode. If you want to ensure the safety of your PC – you better use an antivirus to remove Zzzzz. Anyway you will need an AV-tool to scan the system after the deletion. We have something to offer – it’s Spyhunter. This antivirus is one of the most famous for its high efficiency and low price.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Removal instruction




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot



How to restore files with Zzzzz extension

The file recovery is the most difficult part of this case. For now, .zzzzz files can’t be decrypted, so if you did no backups – your files are gone. There always is hope that malware fighters will crack the code, and we will see the decent decryptor – but we don’t know when it will happen, so the wisest choice is to store the encrypted files somewhere until the decent decryption tool will be released. If you need more info about data recovery – feel free to visit our specialized article about how to restore the files encrypted by ransomware. If you have backups, just restore your files:

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore





Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience