How to remove RED virus and restore encrypted files

If you have suffered from a ransomware and have causes to assume that it is the RED ransomware – here you will receive help. We propose plain and efficient advice on RED uninstalling and potential ways to recover the wasted info.

What is RED

RED is a roadkill of mankind, and every PC operator knows that if you see the inscription “files are encrypted” – it’s time to worry. It’s a correct reaction, unfortunately. RED infection is the ugliest thing that can happen to you in the Web since a regular person has no power to delete it. The exclusive event when you can beat an encrypting virus is if you are not facing a true virus, but an imitation, that blocks the display and tries to deceive you into paying a ransom. In any other case, if a virus was created and adjusted in a right way – you can just trust that specialists can deal with it. If web-criminals failed somehow, and there are some vulnerabilities, that give you an ability to recover information – you'll find a cure in the following entry.



Regardless of ransomware’s sort, the RSA and AES algorithms are very complex to bruteforce them. It can take hundreds of years to carry out all necessary calculations on a usual computer or, maybe, 2-3 decades in case of usage of a super-efficient gear. The best manner to defeat a high-quality ransomware is to find vulnerabilities in its code, or hack its database, to get encryption keys. In some cases there is a switch that can stop ransomware's activity in full or to make it pass the infected machine. If someone finds that switch for this virus, or develop a decryption program, we will update this item.


Let's find out, what we have to say about RED? It is built upon an absolutely legal encryption system which encrypts all files on operator’s computer and makes them useless if you have no key. The key is encrypted too, but with another manner. In most cases, web-criminals favour RSA and AES algorithms, which are known for their complicacy and reliability. These methods and the tools built upon them are in public access in the Web, so swindlers only have to create security techniques, to block an inlet to a virus, and make the reliable update and control pattern. Some pieces of ransomware might act on their own, and swindlers get a report of another "client" as late as he contacts them and sets off the ransom. Other ransomwares are work in another manner, and deliver reports to hundreds addresses, to puzzle the security specialists and maximize the efforts needed to defeat a virus.


Here you can find several things to test, before giving up and expecting for a decryptor. As it is said in previous paragraphs, scammers also fail, and certain specialties of the system may support you to recover files.


  • If you have a backup, stored on the outer drive – just eliminate a ransomware and load it. Make sure that the ransomware is uninstalled completely, because if it isn't – all info will be corrupted one more time, including the files that are on an outer hard disc.
  • If your Windows entry doesn't have administrator authorization – it's time to compliment yourself. The point is that the OS creates copies of any files prior to their uninstalling or alteration. Suchlike copies are known as the Shadow Volume Copies, and RED has the manners to delete them. If you're using the user's account – the OS asks for a confirmation at the very second RED attempts to delete shadow copies. If you've seen such confirmation and declined it – then the SVC are safe, and might be used to restore the information.


If both of these hints didn't work and there is no possibility to get back corrupted data – you should eliminate the malware from the PC and expect when a decryption tool will be developed.

How to remove RED

As about the removal – there’s no chance to fully elude an installation of software. This ransomware is very tricky and you can miss some remains and then suffer from it (it could happen if you attach an external data storage with the backups to a not-really-purged computer). It also conceals damn good, and you just can't delete it fully by hand. According to this, we’ve made a decent deletion instruction which can suit all your needs. It contains some by-hand phases and an optional anti-viral software phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter anti-viral program which is not just efficient, but also fast and constantly advancing antivirus which will clear the system of all perilous programs. Click the link under this paragraph to test Spyhunter and delete RED.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

When you eliminated the virus, you should try to do the file restoration. As we said before, if you use an administrator profile and you let RED a pass into the PC – you have no way to restore the information aside from the backups. If you use a regular account – you might have a chance, but it will require topical recovery tool. The best ones of them are Recuva or ShadowExplorer programs. They're easy to get on their official sites, with thorough guides.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience