How to remove (uninstall) Hitler

Hitler is the ransomware, that removes data. Hitler differs from common ransomware in its unusual methods, short countdown timer, aggressive behavior and strange method of payment. Hitler ransomware uses the simple intimidation technique: it puts its victims on the clock and forces them to pay. In this article, we will explain you what is Hitler, how to deal with it, and how to avoid infection in the future.


Hitler ransomware is a very powerful virus that penetrated tens of thousands of computers for less than a week of functioning. Its power is in its simplicity, and it is really strange that nobody used such technique so efficient before. Common ransomare use complex encryption algorithms to encrypt user’s data, and then demands ransom. Hitler just pretends that the data is encrypted, and makes user believe in this. But, let’s start from the beginning.

Hitler enters victim’s PC through a bundled batch file that contains three executable files with different purposes. First one is called ErOne.vbs, and its purpose is to delete the extensions from the names of all files on user’s PC. When the file name is incorrect, you can’t open it, and system says that “File could not be found”. User sees this and thinks that files are encrypted. The second file is called Chrst.exe and it displays the ransom message. The message is plain and clear. It says that files are encrypted, contains the countdown timer for 1 hour, field to enter the code of 25 euro Vodafone card, and the photo of Adolf Hitler. User sees the message, tries to open any file, and he can’t! What to do, what to do? Clock is ticking, it’s not much time left, maybe I should pay that miserable 25 euro, and keep my data safe? That’s the thoughts that hackers want you to have about this. If user pays – hackers got what they want, and if he doesn’t – the second file calls the system failure and user sees the Blue Screen. The third viral file is situated in Startup folder, and runs after the reboot. It is responsible for the deletion of all files on the computer. As you see, it doesn’t matter, will you pay the ransom or not – hackers won’t abort the deletion process, and the files will be removed anyway. We want to show you another way.

If you encountered Hitler ransomware, the only thing that can save you from big problems is the swift reaction. If Hitler is on your PC right now, and the time hasn’t elapsed – just wait until BSOD, and boot the computer in safe mode (without networking). After that – follow our removal instructions. The trick is that Autorun folder doesn’t have the boot priority in Safe mode, and the third file just won’t work, so all data will be safe. The only thing you have to do is to remove the virus, and return file names to original state. It may take time, but it’s better than lose every single file on the hard drive.

Hitler ransomware removal instructions

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

If you’re experienced enough to perform the manual removal – just skip this paragraph and proceed to the instructions. But if you prefer the maximum safety and want to ensure that suchlike viruses won’t bother you in the future – you should purchase the worthy anti-viral program. At this time, Spyhunter is the best antivirus at price/quality ratio that can remove Hitler ransomare.


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

How to recover the files?

If you haven’t found this article soon enough to read our previous advice, and the time has elapsed, you still have chances to recover your data. The most reliable and 100% effective way to do this is to use the backups. If you made the backup of your system before the virus had penetrated your computer, if that backup was stored on an external hard drive that wasn’t connected to the PC in the moment of penetration – your files are in complete safety. You just need to clear the system from the virus, and load the backups. If you have no backup – there is another way, but it also requires the deletion of Hitler.

For those, who don’t have backups, there is another way to recover files, deleted by Hitler ransomware: it’s the recovery via Shadow Volume Copies. Shadow Volume Copies is the in-built service of Windows OS and it’s responsible for copying files before they are changed or deleted. We want to advise you two perfect tools to get access to shadow copies and manage them. They are called Recuva and Shadow Explorer. These tools are completely free, and you can download them from their official websites. Also there you’ll find the complete step-by step instructions on their installation and use.



This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.