How to remove Thanatos virus and restore encrypted files

If you have faced an encrypting infection and have causes to assume that it is the Thanatos virus – here you'll find useful information. We provide simple and effective advice for Thanatos elimination and practicable manners to recover the wasted information.

What is Thanatos

Ransomware can be considered a bogey of mankind, and everyone knows that if you cannot open your data and there's a ransom note – it’s time to be anxious. It is a true, by the way. An encrypting virus is the most dangerous threat that you can face on the Internet as a regular customer literally can't remove it. The single case when you can overcome an encrypting virus is when you are not facing a real virus, but a phoney, that blocks your screen and attempts to lure your funds. In any other case, if a virus was created and secured in a proper way – you can only trust that specialists can beat it. If scammers committed a mistake, and there are some flaws, that allow you to restore files – we’ll explain to you what you can do on this page.



So, what we have to say about ransomware? It is founded on a completely legal encryption algorithm that ciphers all data on operator’s machine and makes them unreadable without a key. That key is also encoded with another manner. As usual, these manners are AES and RSA, that have asserted themselves the very complex and reliable. These algorithms and the tools based on them can be easily found in the Net, so scammers just need to invent protective techniques, to restrict an admittance to a program, and make the perfect update and control scheme. Some pieces of ransomware can work independently, and web-criminals get a report about a new victim only when he contacts them and sends the money. Other viruses are highly active, and deliver reports to thousands servers, to confuse the malware-fighters and maximize the work required to beat a ransomware.

Virus sort doesn't really matter, as the RSA and AES methods are very tricky difficult to bruteforce them. It it requires centuries to perform all necessary operations on a usual device and, maybe, few decades in case of usage of a mega-powerful gear. We know only two effective manners to defeat a ransomware: to hack it, or hack its server, to get a master key. In rare cases there is a switch that can stop virus' operation totally or to drive it off the infected computer. If anyone discovers such breaker for this ransomware, or make a decryptor, we'll give you full info in this guide.


There are a few methods to test, before you can yield and look for a decryptor. As it is written in previous paragraphs, Internet-criminals make failures, and certain characteristics of the system may support you to recover data.


  • If your Windows profile doesn't have admin capabilities – you're very lucky. The thing is that your Windows replicates any data prior to their elimination or alteration. These copies are called Shadow Volume Copies, and the malware knows how to erase them. If you are employing the regular account – the OS requests for a authorization at the very second Thanatos tries to remove those copies. If you've seen suchlike confirmation and ignored it – then the copies are secure, and might be used to restore the data.
  • A backup is the sole entirely productive way to get the info back, but you should remove a virus first. Ensure that the ransomware is eliminated totally, as if it isn't – all files will be corrupted again, with those that were saved on an outer hard drive.


If all of these hints didn't work and there is no possibility to recover your files – you have to remove Thanatos from the system and expect when a decryptor will be published.

How to remove Thanatos

As for the elimination – you can't entirely escape an automatic mode. Thanatos is very stealthy and there is a chance pass some elements and then suffer from it (it may happen if you line up an outer drive with your backups to a not-really-purged computer). It also hides damn good, and you just won’t be able to delete it completely with your own hands. Here's your uninstall directions that will assist you to solve this problem. It contains a few manual steps and an optional AV tool stage.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter anti-viral tool which is not just effective, but is modern and constantly advancing software which will clean your system of all viruses. Click the link under this paragraph to buy it and eliminate Thanatos.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

If you uninstalled Thanatos, or at though know how to do that, let’s think over the data recovery. As you know now, if you use an administrator account and you let Thanatos an access into the device – you have no trick to recover the data save for the previously saved copies. If you don't remember this – you have poor fortunes for file restoration, but it will require especial recovery software. We advise you to try Recuva or ShadowExplorer programs. They're simple to get on their official sites, with thorough instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience