How to remove Defray virus and restore encrypted files

That article is dedicated to virus called Defray which gets into customers' systems in USA and UK, and corrupts their files. Here you can see complete information on what is Defray, and the uninstalling of Defray from your system. Except that, we'll explain how to recover the corrupted files, if possible.

Defray is the unwanted program infecting PC's mostly with help of e-mail spam. Owners of this virus, as far as we know, are going to target some particular organizations in healthcare, manufacturing and education sectors. Nevertheless, there still are spam e-mail campaigns that might affect regular users. This virus has complex structure and after basic analysis it is clear that it was created by professional programmers and is prepared for continued use. When infection takes place, Defray scans the PC memory to find the folders to be cyphered and their approximate cost. Nowadays, each modern ransomware is able to cypher audio, video, image and text info in all popular extensions. Special attention is paid to business information, since representatives of business are the priority target for fraudsters. All software in the system will be safe because hackers want only information. Encryption is carried out with the help of famous RSA and AES algorithms, and its intricacy is so high that decryption of files with no key is impossible. Such complexity gives ground for such an incredible efficiency of ransomware in last years: an ordinary user, even if he has a pretty good knowledge of the PC, will never decrypt the files, and will be forced to pay ransom. The sole manner to recover files is to crack the scam site and get the master key. Some experienced hackers can retrieve these keys through flaws in viruse's program code. Scammers want five thousand dollars or 1.16 BTC as a ransom.

There is one thing in common between all sorts of ransomware: it is much simpler to prevent it than to cure it. For ransomware this is very important, because, in contradistinction to common viruses, after deleting ransomware from the PC, the effects of its actions will stay. To protect your system, you should keep in mind these few elementary rules:

    • Pay attention to the dialog boxes. If the PC is infected by Defray, it will endeavour to delete all copies of the files, to make the decryption impossible. However deleting of shadow copies requires admin rights and verification from the user. The moment of thinking before confirming the changes can save your files and your time.
    • Monitor the state of your machine. File encrypting is a intricate process that consumes a high amount of hardware resources. If you detect a strange decline in PC performance or notice a unknown process in the Process Manager, you can switch off the PC, boot it in safe mode, and search for ransomware. Surely, some data will be encrypted, but the other part of them will be safe.
    • Closely inspect your emails, specifically those messages which have attached files. If you don't know who send the message and it is about earning any prize, a lost package or anything like that, this could be ransomware. Also you should keep an eye on business-related letters, especially if the sender's address and the content is unknown. summaries, claims, lawsuits, Invoices for products or services and suchlike important documents don't come without warning, and the addressee should know the sender. Otherwise, it is a fraud.

We draw your attention to the fact that deleting the virus is just a, first turn, which is compulsory for the safe operation of the computer. To recover the data you should familiarize with the advices in the below paragraph of this article. To deelete Defray, user has to load the computer at safe mode and scan it through antivirus. High class viruses can't be removed even via AV-tool, and have lots of efficient types of defense. The very common viral protection manner is the removal of information on the chance of file recovery or malware deletion attempt. This is very undesirable, and the following instruction will help you to cope with it.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After erasing Defray from the machine, user has to recover the encrypted files. It's impossible to decypher the files, but we'll get them back through OS features and the special software. More often than not, to recover the data, you should ask for assistance on targeted communities or from well-known virus researchers and AV program manufacturers. If you can't linger and are ready to recover the information in manual mode - here's the complete article on that topic.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.