How to remove Revolution virus and restore encrypted files

Revolution ransomware virus

Revolution ransomware already infected thousands of laptops around the world with help of most effective way: fraud messages with viral attachments. Occasionally fraudsters use exploits to get into the PC, but major program companies quickly fix them. When infection takes place, ransomware inspects the hard drive to find the files for encryption and their rough cost. Currently, any modern ransomware knows how to cypher image, text, video and audio info in all popular extensions. Ransomware encrypts all folders, but the ones that might be business documents go first. Virus encrypts only files with information, and does not affect the programs, so that the man can pay the ransom via his computer. The operation is performed through world-known AES and RSA algorithms, and it is so complicated that that decipherment of files without a key is impossible. This is the root for such an incredible success of ransomware in last years: common user, even having a pretty good knowledge of the computer, will never be able to get back the data, and will have no choice except paying the ransom. The sole way to decrypt the data is to hack the scam webpage and obtain the master key. Also there's a chance to obtain the keys due to faults in viruse's program code. When encrypting files, Revolution switches the extension of files to .revolution.

That item is dedicated to ransomware called Revolution which gets onto systems around the world, and encrypts their data. Here you can find complete info on what is Revolution, and how to uninstall Revolution from your workstation. In addition, we will tell you how to recover the corrupted information, if possible.

The computer knowledge is highly significant in our century, since it helps customer to defend the workstation from malicious software. It's sad to say, but most people realize the importance of computer literacy only after ransomware infection. It's very easy to decrease the chances of getting ransomware by following these regulations:

    • Monitor the condition of your PC. It consumes a lot of hardware power to encode the information. If you mention a noticeable decrease in laptop capacity or notice a weird string in the Process Manager, you need to unplug the workstation, boot it in safe mode, and run the anti-malware. Naturally, the certain amount of data will be encrypted, but the other part of them will remain intact.
    • Pay attention to the pop-ups. One of the easiest manners of file recovery is the restoration through Shadow Copies, and Web-criminals have included the elimination of SC into the primary functionality of malware. Anyway, removal of copies needs administrator rights and user's confirmation. The moment of thinking before confirming the checkbox can save your information and your time.
    • Attentively study your emails, especially the messages which have attached files. The very effective pattern of fraud e-mails is the notification about prize winning or package earning. Also you should be watchful with business correspondence, particularly if you don't know the sender and not sure about its content. lawsuits, Invoices for goods or services, summaries, claims and other important documents do not be sent without warning, and you, as a minimum, should know the sender. Otherwise, it is a scam.

We draw your attention to the fact that the removal of Revolution is just a first and compulsory step for the standard work of the system. If you delete malware, you won't get back the information instantly, it will take multiple measures described in the "How to restore encrypted files" paragraph. In case of ransomware we don't provide the manual removal tips, because its complexity and the possibility of errors appears to be extremely high for common customer. We do not suggest trying to uninstall ransomware in manual mode, since it has various security mechanics which can counteract you. Many viruses are able to easily delete corrupted data, or some of it, when trying to delete the program. This is extremely unwanted, and the following instruction will assist you to deal with it.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Antivirus scanner

Why we recommend SpyHunter antimalware as removal tool

Removes virus fully: all files and even registry keys of malware will be deleted

Protects your system in the future

24/7 free support team

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you performed all steps, described in previous part of an entry - it's time to recover the files. Actually, this is not literally decipherment, since the encryption algorithms owned by web-criminals are too complicated. There are the some exceptions, but most of the time file restoration takes lots of time and money. If you are really interested in the manual file recovery - take a look at this item, which shows all the safest manners.

To restore information, follow the article about files decryption.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.