How to remove Adylkuzz virus and restore encrypted files

The last week was a serious shock for many people who realized that a single virus could inflict millions of damage to users and organizations around the world. The WannaCry virus has become the most dangerous ransomware ever since the Internet creation, but most users forget that the virus itself is not revolutionary. The only reason for WannaCry's success is the use of vulnerability in Windows OS called ETERNALBLUE, which was published by the Shadow Brokers hacker group a few days before the virus was first seen. This vulnerability was immediately corrected, and the next day Microsoft published a patch that is freely available on the official website. Moreover, this patch fixes the vulnerability even in those versions of Windows that are no longer supported. Alas, overwhelmingly most users do not follow such news, which means that this vulnerability still works and will work for a long time. In this article, we'll tell you about another virus that also uses the ETERNALBLUE vulnerability, but it did not cause such a resonance as WannaCry. This virus is called Adylkuzz.


Adylkuzz is a crypto currency miner virus. It means that Adylkuzz penetrates your PC, installs and starts to use your PC’s resources to mine crypto-currency. If you don’t know what crypto-currency is, we’ll explain it in few words. Crypto-currency is a new type of money that isn’t secured by gold or any national obligations. It exists because of thousands and millions of users every day “mine” it. “Mining” is a complex computational process, and if you’ll mine long enough – you will receive a certain amount of crypto-money. The thing about mining is that the complexity of mining grows in direct proportion to the overall amount of crypto-currency that exists in the system. For example, when Bitcoins appeared, people mined it on home computers and now it is literally impossible, because common home PC will need years of work to mine a single Bitcoin. Scammers solved this problem in a peculiar way: they create a virus that installs all software, necessary for mining, and launches it stealthy on an infected PC. The outcome from a single victim isn’t big, but the more computers they infect – the bigger will be the profit.


This virus is very difficult to detect, because it shows no signs of infection except of slight slowdown of computer’s performance. We should say that it does no significant damage to the system and even protects it from much more dangerous virus – WannaCry ransomware. Adylkuzz literally closes the 445 port after installation, making the infected computer immune to WannaCry. Does this fact make Adylkuzz useful? Absolutely no.


First of all, Adylkuzz isn’t made only for mining. This type of viruses is created to take control over user’s PC, and when Adylkuzz is in the system, it can do anything. Your PC might be used for spam and advertising fraud, it can become a part of a large botnet or even used for some really illegal activity. And if you don’t know about this – you can do nothing to prevent it. Scammers already control your computer, so the best thing you can do is to kick them out. The deletion of Adylkuzz is the only correct answer and you should do it immediately.

How to delete Adylkuzz Virus

The deletion of Adylkuzz can be performed as the deletion of any other virus – manually or with help of an anti-viral tool. The first method requires some skills and experience in virus removal. During the manual deletion you’ll need to perform some actions which, in case of mistake, can bring serious troubles. The best and the safest way to get rid of Adylkuzz is to use a decent anti-viral program. We can recommend you the one, it is called Spyhunter and you can download it by clicking the link below. Fast and effective, it will clean your PC of all viruses and unwanted programs in 10-15 minutes. You won’t need to do anything, just download Spyhunter, install it and run the scanning.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Removal instruction




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

Update the system

If you had Adylkuzz on your PC and removed it – you should install the Microsoft update that disables ETERNALBLUE vulnerability. It is called MS17-010 and can be downloaded via this link. Adylkuzz, while it functioned, closed the port through which it entered the system. Now, when the virus is uninstalled, your system is vulnerable to WannaCry ransomware and other viruses that night use this vulnerability. Please, don’t neglect the basic rules of cyber-security and install all new updates for the OS and antiviral tools that you use.




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [2 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience