How to remove Bgtx virus and restore encrypted files

This virus belongs to the Dharma family. Bgtx in only a new extension for the very old ransomware type. Criminals did not make any changes exept of new letters in extension and new ransomware note that stsrts to look next:


Here you can see the Bgtx ransomware message:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail This email address is being protected from spambots. You need JavaScript enabled to view it.

Write this ID in the title of your message -------

In case of no answer in 24 hours write us to theese e-mails:This email address is being protected from spambots. You need JavaScript enabled to view it.

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

Free decryption as guarantee

Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)


And after that scammers give an instruction how to buy bitcoins. An encrypting virus is the ugliest threat that you can face in the Web because user literally cannot get rid of it. The only situation when you're able to beat ransomware is if you are not dealing with a real virus, but a fake, that covers the display and tries to lure your funds. In any other case, if ransomware was developed and tuned in a proper manner – you can just trust that specialists will defeat it. If web-criminals made an error, and there are some drawbacks, that let you to recover information – you'll find a cure on this page.


It consists of a totally legitimate encryption algorithm that ciphers the data on operator’s PC, so you can't utilize them in any approach. That key is also encrypted with a different algorithm. As usual, web-criminals choose RSA and AES manners, which have demonstrated themselves the very hard-to decrypt and reliable. These methods and the programs built upon them can be easily found in the Net, so swindlers only have to invent security techniques, to block an inlet to a ransomware, and make the perfect update and control pattern. Some encrypting programs can work independently, and scammers know about another victim only when he turns to them and sets off his funds. The best viruses are very active, and send files to thousands servers, to puzzle the researchers and throw them off virus’ track.



Bypassing the virus' kind, the RSA and AES methods are too complicated to bruteforce them. It can take centuries to perform all needed operations on a regular machine or, possibly, twenty or thirty years if you will use a mega-powerful gear. There are two solid ways to beat a ransomware: to find flaws in its code, or hack the Command & Control website, to find a master key. Some viruses also have a breaker, able to cease virus' operation in full or to make it pass the infected device. If someone discovers such breaker for Bgtx, or make a decryptor, we will update this article.


There are several possibilities to test, until you can yield and await for a decryptor. As we said earlier, fraudsters make errors, and certain characteristics of the system can assist you to restore data.


  • A backup is the single fully effective method to recover the information, but you should eliminate a malware first. Make sure that the ransomware is deleted entirely, because if it isn't – all data will be encrypted instantly, with those that were stored on a flash disc.
  • If you use an account without admin authorization – today’s your happy day. The catch is that the OS duplicates any information prior to they’re deleted or modified. Those files are called Shadow Volume Copies, and Bgtx has the ways to remove them. If you're using the usual entry – the system requests for a permission at the very second Bgtx tries to erase these copies. In case you saw suchlike request and declined it – your copies are alright, and could be used to get back the data.


If all of written above advice didn't help and there is no chance to recover the files – you should eliminate the malware from the computer and wait until a decryption tool will be created.

How to remove Bgtx

Unfortunately, you can't fully elude a software usage. This ransomware is incredibly tricky and there is a possibility to pass some remains and then suffer from it (it might happen if you attach an outer drive with your saved data to a not-completely-clean device). It also lurks very well, and you literally can't eliminate it totally on your own. According to this, we have created an efficient removal instruction that can help you to solve this problem. It has several by-hand phases and an optional antivirus program phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

We propose you to try Spyhunter AV tool which is not simply efficient, but also swift and continuously evolving antivirus which can clear your device of all viruses. Press the button below to purchase our tool and get rid of the virus.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

Since you cleared your computer of the ransomware, or at least you know how to do that, let’s talk about the info restoration. As you know now, if you use an administrator profile and you gave Bgtx an access into the PC – you have no trick to recover the data except for the backups. If you that didn't happen – you might have a chance, but it needs especial recovery program. We advise you to use ShadowExplorer and Recuva tools. You can download these programs simply on the official websites of their creators, with close instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience