How to remove Donut virus and restore encrypted files

If you have faced a ransomware and have reasons to expect that it is the Donut program – on this page you'll find useful information. We offer plain and safe advice about Donut uninstalling and potential methods to get back the corrupted files.

What is Donut ransomware

Ransomware is a roadkill of our society, and we all know that if you can't open the data and there's a ransom note – it’s time to be anxious. It’s a true, by the way. Donut infection is the worst thing that can happen to you in the Net as a common customer has no resources to get rid of it. The only situation when you can overcome an encrypting virus is when you are not facing a true virus, but a fake, that covers your screen and attempts to trick you into making a payment. In any other case, if ransomware was developed and tuned in a proper method – you can just hope that malware fighters can beat it. If scammers failed somehow, and there are any drawbacks, that let you to restore information – we’ll explain to you what to do in this guide.



Ransomware is driven by an absolutely legal coding system which ciphers all folders on customer’s machine, so you can't use them in any way. The key is encrypted too, but with another method. In most cases, fraudsters choose RSA and AES manners, that have asserted themselves the very hard-to decrypt and sustainable. These algorithms and the tools built upon them can be easily found in the Web, so hackers just have to invent defensive mechanisms, to restrict an inlet to a ransomware, and create the safe control and update scheme. Some pieces of ransomware can work in standalone mode, and web-criminals know about another victim only when he writes them and sets off the ransom. The best viruses are highly active, and deliver files to hundreds addresses, to confuse the security specialists and maximize the time required to defeat a ransomware.


Here we've gathered some methods to check, prior to yielding and expecting for a decryption software. As it is written in previous paragraphs, scammers make errors, and some peculiarities of the operating system may help you to get back your information.


  • If you've made a copy of your data, stored on the outer drive – just eliminate a ransomware and load it. Make sure that Donut is uninstalled totally, because if it’s not – all information will be corrupted instantly, with those that were stored on an outer hard disc.
  • If your Windows record has no admin authorization – it's your happy day. The catch is that the Windows replicates any files before their uninstalling or alteration. Those backups are called Shadow Volume Copies, and the ransomware has the methods to erase them. If you're using the user's account – the operating system requests for a confirmation at the exact second Donut attempts to erase SVC. In case you've seen suchlike request and declined it – then the SVC are alright, and you should download a topical software to restore the data.


In case you revised both these opportunities and you have no way to restore your data – you have to eliminate the ransomware from the system and expect when a decryptor will be developed.

How to remove Donut

Unfortunately, there’s no possibility to totally elude an installation of an antiviral. This ransomware is very sly and there is a possibility to miss some parts and then regret it (it may happen if you attach an outer data storage with the backups to a not-totally-cleared machine). It knows how to hide damn good, and you literally can't eliminate it entirely with your own hands. Here's your elimination guide which will assist you to get rid of this problem. It contains some manual phases and one extra antivirus software step.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter AntiMalware which is not simply efficient, but is fast and continuously evolving tool that is able to clean the computer of all viruses. Click the link below to use it and uninstall Donut.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

As you eliminated the ransomware, or at though know how to do that, let’s think over the file recovery. As we said earlier, if you logged in from an administrator profile and you let Donut an access to the computer – you have no trick to get back the information save for the previously saved copies. If you that didn't happen – you have feeble fortunes for data restoration, but it needs peculiar recovery software. The best ones of them are ShadowExplorer and Recuva tools. You can get these programs simply on the registered sites of their creators, with close guides.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience