How to remove Anubis virus and restore encrypted files

If you have suffered from a ransomware and have reasons to expect that it is the Anubis ransomware – in our guide you'll find help. We offer plain and tested advice for Anubis elimination and possible ways to recover the encrypted info.

What is Anubis

Ransomware is a scarecrow of a day society, and everyone knows that if you can not access the information and there's a ransom note – it’s time to be scared. It is a true, by the way. Anubis threat is the ugliest thing that can happen to you in the Web because a regular man literally cannot remove it. The single situation when you can beat an encrypting virus is if you are not dealing with a real virus, but a fake, that covers the display and attempts to trick you into paying a ransom. In any other event, if ransomware was developed and secured in a right manner – you should just trust that specialists can deal with it. If scammers failed somehow, and a virus has some flaws, that allow you to get back information – you'll find a solution in this article.



So, what we'd see if we take a glance inside a ransomware? It consists of a totally legitimate encryption algorithm which ciphers the data on user’s PC, so you can't use them in any approach. Of course, a key is also encrypted with another manner. Usually, these manners are AES and RSA, which are known for their complicacy and reliability. The mentioned algorithms and the programs based on them can be easily found on the Internet, so web-criminals just need to develop security mechanisms, to block an admittance to a ransomware, and make the flawless control and update system. Some pieces of ransomware might act off-line, and scammers get a report about a new "client" as late as he turns to them and forwards the money. Other viruses are highly active, and transmit files to hundreds URL's, to puzzle the researchers and throw them off virus’ track.

Bypassing the ransomware’s sort, the AES and RSA methods are too tricky difficult to bruteforce them. It might take thousands of years to carry out all needed operations on a modern machine and, possibly, twenty or thirty years in case of usage of an industrial gear. The only method to neutralize a high-quality virus is to hack it, or hack the Command & Control website, to get encryption keys. Rare viruses also have a switch that can stop ransomware's activity completely or to scare it off the infected machine. If any parson discovers that switch for Anubis, or create a decryptor, we'll provide you with full info in this guide.


There are some things to test, prior to giving in and waiting for a decryption software. As it is stated in previous paragraphs, fraudsters also fail, and certain peculiarities of the system may support you to get back the lost data.


  • If you do not use the system from an administrator's profile – you're very fortunate. The catch is that the system duplicates any information before they’re destroyed or encrypted. These backups are called SVC, and the virus has the ways to destroy them. If you're using the user's account – the operating system requests for a permission at the exact moment Anubis attempts to remove SVC. In case you saw suchlike confirmation and reversed it – your copies are secure, and you may download a topical program to restore the information.
  • If you have a copy of your data, and placed it on an outer drive – you should delete a ransomware and upload it. Ensure that Anubis is eliminated in full, because if it’s not – all info will be spoiled instantly, including the files that were stored on a flash disc.


If both of written above hints didn't work and there is no way to restore lost information – you need to uninstall the ransomware from the system and wait until a decryption tool will be published.

How to remove Anubis

Unfortunately, there’s no chance to completely avoid an installation of software. The ransomware is very sly and you can pass some elements and then regret it (for instance, when you line up a flash drive with the backups to a not-completely-cleared system). It knows how to conceal very good, so you just can't eliminate it fully by hand. Here's your elimination directions which will help you to get rid of this problem. It contains several manual phases and one extra anti-viral software phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

We suggest you to try Spyhunter AV tool that is not only effective, but also light weight and continuously evolving software which will clean your computer of all viruses. Press the button under this paragraph to test Spyhunter and remove Anubis.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

Since you eliminated the virus, or at least you aware of how you can to do that, let’s talk about the data recovery. As we said earlier, if you logged in from an administrator account and you gave the ransomware an access into the device – you have no method to get back the data save for the backups. If you don't remember this – you might have a chance, but it needs specific recovery software. The best ones of them are ShadowExplorer and Recuva programs. You can download these tools easily on their official pages, with thorough instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience