How to remove Diablo6 virus and restore encrypted files

Locky ransomware is one of the most famous and most dangerous viruses of latest years. It first appeared a year ago and since then terrorized the Internet, remaining indecryptable. After four updates of the virus its creators stopped the active distribution and disappeared, but few days ago the new version of the virus emerged. Now it is called Diablo6 and so far the encrypted files can’t be recovered via usual recovery methods, and can’t be decrypted.


Diablo6 ransomware virus


In fact, in comparison with the previous versions of the virus, there are almost no changes. More precisely, they are, but these are the standard changes that hackers usually do in order to reduce the probability of decryption and remove the virus from the databases of the anti-virus software. The main changes have affected the method of distribution. Scammers still use e-mails, but their type has changed. Previously, criminals sent out a variety of letters that looked like business documents, accounts, lawsuits, complaints, resume job seekers and so on. The second type of mail was designed for the average user: messages about receiving a package, an error in the distribution, the winnings in the lottery, and so on. The weakness of this approach was that it is very old, and is used by several generations of scammers. In addition, the probability of error is extremely high, since many users simply do not use e-mail for business correspondence, solving their business on the phone or in more modern messengers.


Diablo6 ransomware virus


The latest version of the virus is distributed using much simpler letters. The text of the letter consists of three words: "Files attached. Thanks. "The letter is accompanied by a ZIP file containing the VBS script that loads the virus installation file into the% Temp% folder and then launches it. After that, the virus operates according to the standard scheme: hard disk scanning, file encryption, message display with requirements. Encrypted files acquire the extension .diablo6, and the redemption amount is 0.49 BTC or approximately $ 1600.

How to delete Diablo6 Virus

At the moment, files encrypted with the Diablo6 virus are not decryptable, but experts from leading IT companies and independent experts are working on this. However, you should not wait until a decryption program is created: the virus should be deleted immediately in order to be able to use the computer again. Do not forget that the virus actually took control of the system, and scammers can delete all your data if you do not pay the ransom in the specified time. To prevent this, follow our removal instructions that you will find under this paragraph.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Removal instruction




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files encrypted by Diablo6

In this guide we have already mentioned that the user whose machine is captured with encrypting virus has only one entirely reliable way to restore files: to upload the backups. You should try these ways if there's no another choice, but be ready that they may fail. The main advantage of backup copies is that they are kept on the separate media, and are not available for viral impact.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Other manners depend on the OS in-built services, and their efficiency may be minimized by the virus itself and the lack of skill. We can suggest you two more decryption techniques. You can use the shadow copy service, or a special program to restore the data. Decryption using the special decryptor is very efficient, but unfortunately, such a tool doesn't yet exist. News about the advancement in the creation of the program might be seen on EmsiSoft, MalwareHunterTeam and Kaspersky lab official web-pages. By-hand restore using Shadow Volume Copies might be made immediately. You can use the built-in Windows functionality, however, there are other programs that will make this task simpler. These tools are called Recuva and ShadowExplorer. Both of them are free, you might find them from the official websites, with detailed guide for their use.




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience