How to remove File Spider and restore encrypted files (Updated)

That entry is dedicated to ransomware called File Spider that infects machines around the world, but focus on Serbia and Herzegovina. In this article, you will find information about its essence, and how to eliminate malware from your system. Besides, we'll tell you how to restore the cyphered files and is it possible.



Ransomware can infect system through windows exploits and trojans, but it is not about File Spider. This perilous program infects system via phishing e-mails with fake debt at a local bank. The letter text is on serbian language. Document contains malicious macros with Powershell and after user opens it, virus create Spider folder in application data and put there enc.exe file. Enc.exe file opens website with free javascript, downloads malicious javascript and then launches another two files (enc.exe and dec.exe) which encrypt data. Virus creates HOW TO DECRYPT FILES.url in each folder with encrypted files. This file contains link to the video with removal instructions. When virus encrypt all files, it shows to the victim message with ransom requirement.



During encryption process a unique key has been generated, used to encrypt your files, and then destoyed. To decrypt your files you need that key. We call that key a Decryption Key. You can not use the key from other PC, it wont work, you need a key coresponding to your PC. Your Decryption Key, required for decryption process, can be generated only from something that we call a ID Code, you will find that code below.

This is your ID Code, copy it carefully.



Enter your Decryption Key and click Start Decrypting, seat back and relax, in few minutes you will have full access to all your files!

Decryption Key:

[ ... ]

0 Files decrypted. [Start Decrypting]


When encrypting files, File Spider switches the extension of files to .spider, and the amount of ransom is 0.00725 BTC. Hackers use RSA-2048 encryption algorithm and its impossible to brutforce decryption key. The only method to decrypt the information is to obtain encryption keys via flaws in the virus code. But you can restore files using backups.


Well, before common instruction of ransomware removal, read the advices not to be victim again. Unfortunately, most people realize the importance of PC knowledge just after ransomware infection. It's very easy to decrease the chances to get ransomware if you follow these tips.



  • Be careful with the messages that contain files. The #1 model of scam e-mails is the notification about prize gaining or parcel receiving. You also should keep an eye on business correspondence, particularly if the sender and the content is unknown.
  • Do not accept any alterations to the computer, coming from unknown programs. The simplest way of data recovery is the recovery from Shadow Copies, and scammers have added the deletion of shadow copies in the basic functionality of malware. Anyway, deleting of copies requires administrator rights and acceptance from the user. The moment of thinking before accepting the changes can save your information and your money.
  • Keep an eye on the performance of your workstation. Information encryption is a sophisticated act that uses a high amount of hardware resources. When the ransomware starts to operate, the PC slows down, and the encrypting process is visible in Process Manager. You can recognize this moment and switch off the system before information will be fully encrypted.



We draw your attention to the fact that deleting ransomware is just a first and mandatory turn for the safe operation of the system. To recover the information you should familiarize with the tips in the below paragraph of our entry. To remove File Spider, user has to launch the system at safe mode and run the scanning via antivirus software. We do not recommend you to remove ransomware manually, because it has many protection mechanisms, which can counteract you. Qualitative encrypting viruses are able to totally erase corrupted data, or part of it, when trying to uninstall the virus. To neutralize this, follow the advices below.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

After erasing the ransomware from the system, you should get back the encrypted data. It's impossible to decrypt the files, but we'll recover them through OS functionality and the additional programs (Recuva and Shadow Explorer). There are the few exceptions, but most of the time file restoration takes plenty of time and efforts. If you want to restore files from backups, follow this instruction:

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore
Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience