How to remove Matrix Ransomware Virus virus and restore encrypted files

Ransomware belongs to the most dangerous viruses, because the harm that it provides can’t be removed with help of common measures. Ransomware penetrates the PC via spam e-mail messages and encrypts all important files, demanding a ransom for their recovery. There are some viruses that are way stronger than other ones, and Matrix ransomware appears to be one of those.

 

Matrix Ransomware Virus ransomware virus

 

Matrix ransomware was first discovered last week and from that time it became known in many countries of the world. This virus has the ransom notes in English and Russian, so we suppose that is was developed by the Russian team of hackers. The program penetrates the system with help of few types of e-mail messages. They are made to look like the real invoices, job resumes and other kinds of business mail, but they have an additional file that, after being executed, launches the download (or installation) of a viral script that encrypts the data. Virus appends the .matrix extension to all encrypted files. When the encryption process is finished, virus places the ransom demanding message with instructions (matrix-readme.rtf) in each folder that contains the encrypted data. The message isn’t very original, it says that the files are encrypted and that they could be recovered only after the payment to specified Bitcoin wallet.

 

Matrix Ransomware Virus ransomware virus

 

There is also a wallpaper that appears on user’s desktop. It is much more interesting, because it has the FBI logo and states that the files were encrypted for violation of some laws. Also it states that on user’s PC were found some illegal files like pornography or child porn, and user is in some way punished. Some users might even believe that such punishment is legal, but it isn’t. The only reason why scammers do this is money, and now we’ve come to an important decision each ransomware victim needs to make: to pay or not to pay.

 

Matrix Ransomware Virus ransomware virus

 

For now there is no way to decrypt the files, encrypted by Matrix ransomware, but they might appear in nearest future: maybe in a month and maybe even earlier. If your files were encrypted and they’re really important you can pay the scammers, but there’s no guarantee that you will get the files back. Scammers are scammers, after all, and they cheat. Even if you will pay the ransom, you might not receive the decryptor, or it might work with errors. Also you should understand that Matrix ransomware was developed and spread so wide because people pay for the decryption of their data. Each dollar that you will give to hackers will motivate them to create new viruses, so this will never end. If you want to do the right thing – don’t pay, and wait until the decryptor will be developed. Just put all the encrypted files in some separate folder and remove Matrix from your PC.

 

How to delete Matrix Ransomware Virus

Except its encrypting abilities, Matrix ransomware is a common virus that can be removed as all other viruses. To do this you should enter the safe mode and run the decent anti-viral tool that will do the job. We advise you to use Spyhunter for this purpose, because it is one of the most efficient and less expensive anti-malware tools. You can learn more about Spyhunter and download the free scanner by clicking the link below.

 

Download Spyhunter - Anti-malware scanner

Why we recommend SpyHunter

Spyhunter removes malware fully

It protects the system against all kinds of threats: viruses, adware and hijackers

24/7 Free Support Team

More about Spyhunter: User manual, System requirements, Terms of service, EULA and Privacy policy


Removal instruction

 

 

 

Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1

 

  • Select Boot tab

Safe mode. Step 2

 

 

  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode

 

Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1

 

  • Select Appearance and Personalization

Show hidden files. Step 2

 

  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3

 

  • Press Ok

 

Step 3. Remove virus files

 

Check next folders to find suspicious files:

  • %TEMP%
  • %APPDATA%
  • %ProgramData%

 

Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder

Hosts_file_location

 

  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:

Hosts_file

 

Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

 

Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files encrypted by Matrix Ransomware Virus

Also, if you want to try other decryption methods, we advise you to follow these instruction. It contains the common methods of file recovery that might be helpful in this situation, but can’t guarantee the success. Remember that the only 100% effective method of recovery is to load backups. If you will create backups and store them on an external drive – your files will be completely safe whatever happens.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1

 

  • Click System and Security

Decrypt files. Step 2

 

  • Select Backup and Restore

Decrypt files. Step 3

 

  • Select Restore files from backup
  • Select checkpoint to restore

 

 

 

Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code
Refresh

 Norton_scan_results

Google_SafeBrowsing_scan_results

AVG_Scan_results

What is HoeflerText and is it dangerous?

 

This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.

 

Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

White Ops unveiled the biggest botnet ever, called Methbot

White Ops cyber-security company revealed the largest botnet in history, called Methbot. In this article you’ll find full information about the net, its width and possible methods to shut it down.

CryptoMix ransomware adds .lesli extensions to files

 This brief article about CryptoMix .lesli ransomware will help you to understand what is ransomware, how you can avoid it, and how to remove it if it’s already on your PC.

 

 

This website uses cookies to improve your experience