How to remove File Spider and restore encrypted files

Spider ransomware virus

File Spider spreads via email spam as doc document. Doc file launches macros with PowerShell and then create enc.exe file into application data. Virus downloads java script from website and then infects the computer. The corrupted files get .Spider extension, and asks for 0.008 bitcoins for file restoration. The encryption is carried out via world-known RSA and AES algorithms, and it is so complex that that decipherment of information with no key is impossible. This is the reason for impressive malware effectiveness in last years: even experienced PC operator that has a high knowledge of the system, will never be able to decrypt the files, and will need to pay ransom. The only method to recover files is to crack the virus by antimalware specialists. In addition, there is a chance to withdraw encryption keys through defects in virus' program code.


As you may have already noticed, all your important files are encrypted and you no longer have access to them. A unique key has been generated specifically for this PC and two very strong encryption algorithm was applied in that process. Original content of your files are wiped and overwritten with encrypted data so it cannot be recovered using any conventional data recovery tool.

The good news is that there is still a chance to recover your files, you just need to have the right key.

To obtain the key, visit our website from the menu above. You have to be fast, after 96 hours the key will be blocked and all your files will remain permanently encrypted since no one will be able to recover them without the key!

Remember, do not try anything stupid, the program has several security measures to delete all your files and cause the damage to your PC.

To avoid any misunderstanding, please read Help section.

Virus attacks mainly English speakers and users from Serbia and Croatia. Activity of the ransomware starts from 10 December. Spam letter contains fake information about users’ debt and signed by Azeljković Ivan.

For all kinds of ransomware, one thing is true: it is much easier to dodge it than to neutralize its effects. Unfortunately, most people realize the importance of security knowledge just after ransomware infection. To defend your PC, you have to remember these few basic rules:

  • Do not ignore the red flags that your laptop shows. It requires a big part of hardware power to encrypt the files. If you see an abnormal decline in workstation capacity or see a suspicious string in the Process Manager, you can unplug the machine, boot it in safe mode, and run the antivirus. This will guard a lot of your information, if the computer is really infected.
  • Attentively inspect your emails, particularly those messages that have files attached to them. The first pattern of fraud e-mails is the story about prize winning or parcel receiving. The second effective type of fraud letters is a "business letters". Lawsuits, bills for goods or services, complaints, summaries and other specific information, do not come without warning, and the addressee should know the person who sent it. Otherwise, it is a fraud.
  • Do not admit any alterations to your PC, coming from unknown software. The easiest way of file restoration is the recovery through Shadow Copies, and hackers have added the removal of shadow copies into the basic functionality of malware. However deleting of copies needs administrator rights and verification from the user. If you do not confirm changes from a suspicious software at the right moment, you will keep the way to recover all lost information..

You should understand that removing the virus is just a first and compulsory move for the normal system operation. To decrypt the information you should familiarize with the instructions in the next section of our article. To eliminate File Spider, user has to boot the PC in safe mode and scan it via AV-tool. High-class viruses cannot be uninstalled even via antivirus-software, and have many serious mechanisms of protection. Many viruses can easily remove corrupted information, or part of it, if user tries to delete the virus. To neutralize this, abide to the instructions under this paragraph.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you fulfilled all steps, mentioned in above paragraph - it's time to decipher the information. Actually, this is not about decipherment, as the encrypting methods owned by swindlers are extremely complex. More often than not, to recover the information, you should ask for help on targeted forums or from famous malware researchers and antivirus software manufacturers. If you choose the manual data restore - look at our entry, which describes all the easiest manners: article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.