How to remove NazCrypt virus and restore encrypted files

If you have encountered an encrypting infection and have reasons to suppose that it is the NazCrypt ransomware – in our guide you'll find help. We offer plain and tested instructions on NazCrypt deletion and possible ways to restore the spoiled files.

What is NazCrypt

Encryption virus is a worricow of our society, and every user knows that if you can not open your files and you see a ransom note – it’s time to worry. It is a true, unfortunately. An encrypting virus is the worst threat that you may face on the Internet because a common customer literally can't delete it. The only situation when you can overcome ransomware is if you are not facing a real virus, but a fake, that covers the display and tries to trick you into paying a ransom. In all other cases, if ransomware was created and tuned in a right manner – you can only trust that specialists will beat it. If swindlers made a mistake, and there are some vulnerabilities, which allow you to recover data – you'll find an answer in the following guide.



Let's find out, what is NazCrypt? It consists of a totally legal cryptography system which ciphers all folders on user’s workstation and makes them useless without a key. Of course, a key is also encrypted with another method. As usual, scammers choose RSA and AES methods, which have proven themselves the most complex and reliable. The mentioned algorithms and the software built upon them are in free access on the Internet, so swindlers only have to develop mechanisms of protection, to block an admittance to a ransomware, and create the perfect update and control scheme. Some viruses might function on their own, and swindlers know of another "client" not before he approaches them and forwards the money. Other viruses are function in another way, and send data to hundreds URL's, to confuse the researchers and maximize the time needed to beat a virus.


NazCrypt adds next text to user's computers:


Your important files have been encrypted with NazCrypt ransomware. Send $300 worth of bitcoins to address *** to retrieve your files back!!


Ransomware sort is not significant, as the RSA and AES algorithms are very complex to bruteforce them. It will take hundreds of years to make all needed calculations on a standard device or, possibly, 2-3 decades if you will use an industrial gear. The best manner to beat a decent virus is to find flaws in its code, or hack the Command & Control website, to get encryption keys. Rare viruses also have a breaker, allowing to cease ransomware's activity in full or to drive it off a particular PC. If someone discovers such switch for NazCrypt, or publish a decryptor, we'll update this guide.


There are a few things to check, prior to giving up and expecting for a decryptor. As we said before, web-criminals make errors, and some specialties of your system may support you to recover data.


  • A backup is the sole completely productive way to recover your information, but you should delete a ransomware first. Ensure that the ransomware is eliminated in full, since if it’s not – all information will be encrypted again, including those that are on a flash disc.
  • If you employ an profile with no administrator rights – today’s your happy day. The point is that your OS duplicates all files until they’re destroyed or altered. These copies are called SVC, and the virus knows how to destroy them. If you are using the user's account – the system asks for a confirmation at the very second NazCrypt tries to delete shadow copies. In case you saw suchlike confirmation and reversed it – your SVC are alright, and might be used to recover the data.


If you checked all these opportunities and there is no way to recover the files – you better remove the virus from your computer and wait until a decryption software will be published.

How to remove NazCrypt

Unfortunately, you can't totally elude an automatic mode. NazCrypt is very tricky and you will definitely miss some elements and then suffer from it (it might happen if you line up an external drive with your saved information to a not-totally-purged computer). It also hides damn good, so you just can't uninstall it entirely in manual mode. Here's your elimination specification that will suit all your needs. It consists of a few by-hand steps and one optional anti-viral software step.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

We suggest you to try Spyhunter AntiMalware which is not only efficient, but also modern and continuously evolving antivirus which can clean your PC of all viruses. Press the button below to download our tool and uninstall NazCrypt.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

When you eliminated the ransomware, it's time for some info restoration. As we said in previous paragraphs, if you use an administrator entry and you gave the virus a pass into the device – there is no trick to recover the files save for the backups. If you use a usual profile – you have feeble chances for file recovery, but you will need peculiar recovery tool. The most effective ones of them are Recuva or ShadowExplorer programs. You can download these programs simply on the registered pages of their owners, with close guides.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience