How to remove David virus and restore encrypted files

If you've encountered an encrypting program and you're certain that it’s the David program – on this site you'll receive help. We offer simple and efficient tips about David uninstalling and practicable manners to recover the spoiled info.

What is David

Ransomware is a scarecrow of mankind, and everyone knows that if a pop-up says: “files are encrypted” – the things are turning bad. It is a true, by the way. An encrypting virus is the worst threat that you can meet on the Internet because a common man has no resources to remove it. The exclusive event when you can defeat ransomware is if you are not facing a true virus, but a fake, that blocks the screen and tries to lure your funds. In any other case, if ransomware was developed and tuned in a right way – you should only expect that ransomware fighters can beat it. If web-criminals committed an error, and there are some flaws, that allow you to get back data – you'll find a solution in our article.



So, what is David? It consists of a completely legitimate encryption algorithm which encrypts all data on operator’s machine, so you can't use them in any approach. The key is encrypted too, but with another method. As usual, swindlers choose RSA and AES algorithms, which have demonstrated themselves the very complex and reliable. These methods and the programs based on them are freely available in the Web, so scammers only have to add defensive mechanisms, to block an admittance to a virus, and make the safe update and control system. Some pieces of ransomware might function off-line, and fraudsters get a report about another "client" as late as he turns to them and transmits the funds. The complex encrypting viruses are work in different manner, and deliver reports to hundreds servers, to puzzle the malware-fighters and throw them off virus’ track.

Virus kind does not really matter, as the AES and RSA algorithms are too complex to decipher them directly. It it requires centuries to make all required calculations on a common machine or, maybe, twenty or thirty years if you will use an industrial computer. There are two effective ways to defeat an encrypting virus: to hack it, or break into the Command & Control website, to receive encryption keys. Rare viruses also have a switch that can stop virus' activity completely or to scare it off a particular device. If anyone discovers such breaker for David, or publish a decryptor, we'll update this item.


There are several alternatives to inspect, before giving in and expecting for a decryption software. As we said before, scammers also fail, and some specialties of the system may serve you to recover information.


  • If you use an account with no administrator capabilities – you may compliment yourself. The catch is that the OS duplicates all data until their deletion or modification. Those copies are called SVC, and the ransomware knows how to eliminate them. If you are using the usual profile – the operating system asks for a confirmation at the exact second David attempts to remove those copies. If you've seen suchlike request and reversed it – then the copies are fine, and you can download a topical program to get back the files.
  • A backup is the only entirely productive way to restore the data, but you need to uninstall a malware before. Make sure that the malware is uninstalled totally, because if it isn't – all data will be messed up again, with the files that are on a flash disc.


If all of written above hints didn't help and there is no way to restore the information – you better uninstall David from the device and wait until a decryption tool will be created.

How to remove David

Unfortunately, there’s no possibility to fully avoid an installation of an AV-tool. This virus is incredibly tricky and there is a chance miss some elements and then regret it (for instance, when you connect a flash drive with the backups to a not-fully-purged machine). It also conceals damn well, so you just won’t have a chance to get rid of it completely on your own. Knowing this, we have developed a decent elimination guide that can help you to solve this problem. It consists of some by-hand phases and one optional anti-viral software phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter anti-viral software that is not simply efficient, but is light weight and continuously evolving tool which can clear your PC of all viruses. Click the link under this paragraph to purchase it and get rid of the ransomware.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

Since you got rid of the ransomware, it's time for the data restoration. As we said earlier, if you use an administrator account and you gave David a pass into the device – there is no trick to restore your information except for the previously saved copies. If you use a usual account – you have feeble chances for file recovery, but you will need especial recovery program. The most popular ones of them are ShadowExplorer and Recuva programs. You can find these programs easily on the official sites of their creators, with thorough instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience