How to remove Matrix Ransomware Virus virus and restore encrypted files

Ransomware belongs to the most dangerous viruses, because the harm that it provides can’t be removed with help of common measures. Ransomware penetrates the PC via spam e-mail messages and encrypts all important files, demanding a ransom for their recovery. There are some viruses that are way stronger than other ones, and Matrix ransomware appears to be one of those.


Matrix Ransomware Virus ransomware virus


Matrix ransomware was first discovered last week and from that time it became known in many countries of the world. This virus has the ransom notes in English and Russian, so we suppose that is was developed by the Russian team of hackers. The program penetrates the system with help of few types of e-mail messages. They are made to look like the real invoices, job resumes and other kinds of business mail, but they have an additional file that, after being executed, launches the download (or installation) of a viral script that encrypts the data. Virus appends the .matrix extension to all encrypted files. When the encryption process is finished, virus places the ransom demanding message with instructions (matrix-readme.rtf) in each folder that contains the encrypted data. The message isn’t very original, it says that the files are encrypted and that they could be recovered only after the payment to specified Bitcoin wallet.


Matrix Ransomware Virus ransomware virus


There is also a wallpaper that appears on user’s desktop. It is much more interesting, because it has the FBI logo and states that the files were encrypted for violation of some laws. Also it states that on user’s PC were found some illegal files like pornography or child porn, and user is in some way punished. Some users might even believe that such punishment is legal, but it isn’t. The only reason why scammers do this is money, and now we’ve come to an important decision each ransomware victim needs to make: to pay or not to pay.


Matrix Ransomware Virus ransomware virus


For now there is no way to decrypt the files, encrypted by Matrix ransomware, but they might appear in nearest future: maybe in a month and maybe even earlier. If your files were encrypted and they’re really important you can pay the scammers, but there’s no guarantee that you will get the files back. Scammers are scammers, after all, and they cheat. Even if you will pay the ransom, you might not receive the decryptor, or it might work with errors. Also you should understand that Matrix ransomware was developed and spread so wide because people pay for the decryption of their data. Each dollar that you will give to hackers will motivate them to create new viruses, so this will never end. If you want to do the right thing – don’t pay, and wait until the decryptor will be developed. Just put all the encrypted files in some separate folder and remove Matrix from your PC.


How to delete Matrix Ransomware Virus

Except its encrypting abilities, Matrix ransomware is a common virus that can be removed as all other viruses. To do this you should enter the safe mode and run the decent anti-viral tool that will do the job. We advise you to use Spyhunter for this purpose, because it is one of the most efficient and less expensive anti-malware tools. You can learn more about Spyhunter and download the free scanner by clicking the link below.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Removal instruction




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files encrypted by Matrix Ransomware Virus

Also, if you want to try other decryption methods, we advise you to follow these instruction. It contains the common methods of file recovery that might be helpful in this situation, but can’t guarantee the success. Remember that the only 100% effective method of recovery is to load backups. If you will create backups and store them on an external drive – your files will be completely safe whatever happens.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience