How to remove Zenis virus and restore encrypted files

If you have suffered from a ransomware and have reasons to expect that it’s the Zenis ransomware – here you'll find useful information. We suggest plain and tested instructions about Zenis elimination and practicable methods to restore the corrupted info.

What is Zenis

Zenis is a scarecrow of our society, and each PC operator knows that if a pop-up says: “files are encrypted” – the things are turning ugly. It’s a right reaction, by the way. An encrypting virus is the most dangerous threat that you might meet in the Net because a common customer literally cannot eliminate it. The single situation when you can beat an encrypting virus is when you aren't dealing with a real virus, but a phoney, that covers your display and tries to lure your money. In any other event, if ransomware was created and secured in a right method – you can just hope that virus researchers will deal with it. If web-criminals failed somehow, and a virus has any flaws, that let you to recover files – we will tell to you what to do in our item.



Regardless of virus' sort, the AES and RSA methods are too complex to bruteforce them. It it requires thousands of years to execute all necessary calculations on a standard device or, maybe, twenty or thirty years if you can use a super-powerful computer. We know only two efficient ways to beat an encrypting virus: to hack into it, or hack its server, to receive a master key. Rare ransomware examples also have a breaker that can cease ransomware's activity completely or to drive it off a particular device. If some parson discovers that switch for this ransomware, or create a decryption tool, we will update this item.

Let's find out, what is ransomware? It is driven by a totally legal encryption system that ciphers the folders on customer’s workstation, so you can't utilize them in any way. That key is encrypted too, but with another method. As usual, web-criminals favour RSA and AES methods, that are famous for their complexity and reliability. The mentioned algorithms and the programs based on them are in free access in the Net, so scammers only have to invent security techniques, to block an admittance to a program, and create the flawless control and update pattern. Some encrypting tools might act independently, and swindlers get a report of another "client" only when he turns to them and transmits his money. Other viruses are work in different way, and send data to thousands URL's, to puzzle the malware-fighters and maximize the efforts needed to defeat a ransomware.


There are several alternatives to examine, before you can give up and await for a decryptor. As we said before, web-criminals make errors, and some characteristics of the OS may assist you to recover data.


  • If you don't employ the Windows through an administrator's account – it's your fortunate day. The point is that the system duplicates any data until they’re deleted or modified. Suchlike files are known as the SVC, and Zenis knows how to destroy them. If you're using the regular entry – the operating system requests for a confirmation at the very second Zenis attempts to delete shadow copies. If you saw such thing and ignored it – then the copies are safe, and might be used to restore the data.
  • A protected copy is the sole 100% efficient manner to get the data back, but you need to remove a ransomware first. Ensure that the ransomware is removed fully, since if it’s not – all info will be encrypted one more time, including the files that are on a flash drive.


If you checked both these opportunities and you have no possibility to restore encrypted files – you have to delete Zenis from the device and wait until a decryption program will be published.

How to remove Zenis

As about the elimination – you can't entirely elude an installation of software. Zenis is too sly and there is a chance pass some remains and then regret it (for instance, when you connect a flash drive with your saved data to a not-fully-clean PC). It also lurks damn good, and you literally can't delete it totally on your own. Knowing this, we have made a solid removal guide which will help you to get rid of this issue. It contains some by-hand stages and one optional antivirus tool step.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter AntiMalware which is not just effective, but also light weight and continuously evolving software which will clear the computer of all viruses. Click the link below to download our tool and get rid of Zenis.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

When you cleared your computer of the virus, you should try to do the data restoration. As you know now, if you logged in from an administrator profile and you granted the ransomware a pass into the computer – there is no manner to recover your files aside from the previously saved copies. If you haven’t done this – you have faint chances for data restoration, but it needs especial recovery program. We suggest you to try Recuva or ShadowExplorer tools. They're simple to download on the registered websites of their creators, with thorough guides.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience