How to remove AutoWannaCryV2 virus and restore encrypted files

If you've suffered from a ransomware and have grounds to suppose that it’s the AutoWannaCryV2 virus – here you'll find useful information. We provide simple and safe advice about AutoWannaCryV2 uninstalling and potential methods to recover the encrypted information.

What is AutoWannaCryV2

AutoWannaCryV2 can be considered a bogey of mankind, and each PC operator knows that if you see the inscription “files are encrypted” – it’s time to be scared. It is a valid reaction, by the way. Ransomware threat is the most dangerous thing that can happen to you in the Web because a regular man has no power to remove it. The single situation when you can beat ransomware is when you’re not dealing with a real virus, but a fake, that covers your display and tries to deceive you into making a payment. In all other cases, if a virus was developed and maintained in a proper way – you should only hope that malware researchers can beat it. If scammers failed somehow, and a virus has any flaws, that let you to get back files – we will tell to you what to do in this guide.



So, what is ransomware? It is based on an absolutely legal encryption system which changes the folders on customer’s workstation and makes them useless without a key. The key is also encrypted with another algorithm. As usual, these manners are AES and RSA, which have asserted themselves the very hard-to decrypt and fail-safe. The mentioned methods and the software based on them can be easily found in the Net, so web-criminals just have to add security techniques, to restrict an access to a program, and make the reliable update and control scheme. Some pieces of ransomware may act off-line, and scammers know about another victim as late as he approaches them and forwards the money. The best encrypting viruses are more active, and deliver files to hundreds addresses, to puzzle the researchers and maximize the efforts required to beat a virus.

Ransomware type does not actually matter, as the RSA and AES methods are too complex to bruteforce them. It can take hundreds of years to carry out all necessary operations on a regular computer and, maybe, twenty or thirty years in case of usage of a super-efficient gear. The best way to neutralize a well-made ransomware is to hack it, or hack the Command & Control website, to receive encryption keys. Rare ransomware examples also have a breaker, allowing to stop virus' operation totally or to make it pass a particular device. If someone discovers that switch for AutoWannaCryV2, or publish a decryption software, we will give you complete information in this article.


Here you can see some possibilities to inspect, before yielding and expecting for a decryptor. As we said earlier, scammers also fail, and certain specialties of your operating system can serve you to recover data.


  • If you've made a copy of your info, stored on the outer media – you can delete AutoWannaCryV2 and load it. Ensure that AutoWannaCryV2 is uninstalled completely, as if it’s not – all data will be encrypted instantly, with the files that were stored on an outer hard drive.
  • If you employ an account without administrator rights – it's your lucky day. The point is that your Windows replicates all files until their elimination or change. Suchlike copies are known as the SVC, and AutoWannaCryV2 knows how to eliminate them. If you're using the usual account – the system requests for a confirmation at the very moment AutoWannaCryV2 attempts to delete those copies. If you've seen such request and ignored it – your copies are secure, and might be used to restore the data.


In case you tested both these opportunities and you have no possibility to recover your files – you have to uninstall AutoWannaCryV2 from your machine and expect when a decryption software will be developed.

How to remove AutoWannaCryV2

As for the uninstalling – there’s no chance to completely elude an installation of software. AutoWannaCryV2 is incredibly stealthy and there is a possibility to miss some parts and then regret it (it may happen if you attach a flash drive with your backups to a not-completely-clean machine). It also lurks pretty well, and you just won’t have a chance to delete it fully on your own. Here's your removal guide which will suit all your needs. It contains some by-hand steps and one optional anti-viral software stage.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter AntiMalware that is not just efficient, but is light weight and constantly developing tool that is able to clean the system of all viruses. Push the button below to purchase Spyhunter and get rid of the ransomware.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

As you removed the virus, or at though know how to do it, let’s think about the info restoration. As you know now, if you use an admin entry and you let the ransomware an access to the computer – there is no trick to recover your data aside from the backups. If you use a regular entry – you have feeble odds for file recovery, but it will require especial recovery tool. We recommend you to try ShadowExplorer and Recuva tools. You can find these tools simply on the registered pages of their creators, with close instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience