Encryptile Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 671
Category: Trojans

Encryptile Ransomware is a dangerous infection targeting both users’ personal files and programs. It is quite a new application (it was released in August, 2016), but it is already quite prevalent, according to researchers at 411-spyware.com. You will only need a few seconds to realize that a ransomware infection is inside your computer because your files will all be locked. Actually, there is a possibility that you will not even see them because a window covering Desktop will be opened for you after Encryptile Ransomware finishes encrypting files in the %HOMEDRIVE% directory. It is not very easy to close it, but we can assure you that it will be gone from your sight if you fully delete the ransomware infection from your computer. You need to know that this computer infection slightly differs from other threats that are also classified as ransomware in a sense that it starts up in Safe Mode, which means that it affects Safe Mode as well. Unfortunately, this also means that it will not be very easy to remove Encryptile Ransomware from the system. Continue reading to find out more about this infection and its deletion.

Once Encryptile Ransomware is inside the system, it immediately places two .exe files (notepad.exe (or admin.exe) and encryptile.exe) and Readlist.txt in the %LOCALAPPDATA% directory. The names of these files might be different, but this does not change the fact that they have points of execution (PoE) in the Run registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (in some cases, this infection might create PoE in HKLM\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce as well). These modifications it makes enable Encryptile Ransomware to start working together with the Windows OS. Furthermore, it adds four files (.html, .jpg, and two .txt files) in affected folders as well. Three of these files contain ransom notes while one of them contains a list of websites where Bitcoins can be bought. Last but not least, a window is opened for users. It says that files are encrypted with the strongest AES and private RSA key. Also, it informs users how much they have to pay for the decryption of files.

If you have already read the content of any of the ransom notes Encryptile Ransomware has created on your computer, you must know that cyber criminals standing behind this ransomware infection expect you to pay 0.0545542 Bitcoin (approximately 40 USD) for the private key. This has to be done within 3 days “or both keys will be terminated and your files will be sold.” You are the one who can decide whether or not to pay money; however, you should know that specialists working at 411-spyware.com do not recommend doing that even though the price of the ransom is not very high because it might be very true that the private key will not be sent to you. In other words, you will pay cyber crooks for nothing. At the time of writing, a free tool for decrypting files does not exist; however, it should not be hard for you to restore them if you have made a backup of your important files before the entrance of this ransomware infection. No matter what you decide make sure you remove Encryptile Ransomware fully because it will keep working in the background if you do not do anything, you will not be allowed to use your PC since the window opened by Encryptile Ransomware cannot be easily closed, and, finally, you will let it connect to the Internet from time to time.

Recent research has revealed that Encryptile Ransomware is distributed through spam emails like other popular ransomware infections. Even though people know that it is dangerous to open spam emails, they decide not to pay attention to these warnings when they see that an email is sent from a reputable company and its attachment is an ordinary document. Have you recently opened an attachment from a spam email too? If so, we are not surprised at all that you have Encryptile Ransomware inside your system. Of course, these spam emails is one of the ways of ransomware distribution, so users have to be cautious 24/7. Since it is usually very hard to protect the system from malicious software, it would be smart to install and enable reputable security software as well.

The removal of Encryptile Ransomware is a challenging task since it blocks system utilities (e.g. Task Manager and Registry Editor) and affects Safe Mode. Luckily, it still cannot be deleted. What you will have to do first is to find another device that does not contain malware. Secondly, you will have to burn the so-called live version of Windows OS to your USB flash drive or CD. Finally, you will have to manually delete Encryptile Ransomware. Use the manual removal instructions provided below and then scan your PC with SpyHunter to check whether all the components of this ransomware infection are really erased.

Remove Encryptile Ransomware

  1. Turn on a clean computer and then download Hiren’s Boot CD.
  2. Burn it to your USB flash drive or CD.
  3. Insert the device into the infected computer.
  4. Restart it.
  5. Boot into your CD/USD flash drive.
  6. Click Mini Windows Xp.
  7. Click on the icon of Hiren’s BootCD Program Launcher (find it on Desktop).
  8. Open the system Registry and then go to Registry Editor PE.
  9. Find Values associated with malicious files of the ransomware in HKLM\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Run and HKLM\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, for example, Unikey Manager and Service Runtime (names of these Values might be different).
  10. Right-click on the Value and select Delete.
  11. Boot up your Windows OS normally.
  12. Open the Windows Explorer (Win+E).
  13. Open %LOCALAPPDATA% (copy and paste the directory into the URL box at the top).
  14. Delete two .exe files belonging to the ransomware infection (e.g. notepad.exe and encryptile.exe) and one .txt file (Readlist.txt) (names of files might change).
  15. Remove .html, .jpg, and two .txt files from Desktop (Decrypt_[10-character ID].html, Decrypt_[10-character ID].jpg, Decrypt_[10-character ID].txt, and How to buy bitcoin_[10-character ID].txt).
  16. Empty the Recycle bin.
Download Remover for Encryptile Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Encryptile Ransomware Screenshots:

Encryptile Ransomware
Encryptile Ransomware
Encryptile Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *