How to remove Tastylock virus and restore encrypted files

Tastylock ransomware virus

Tastylock is the harmful software infecting PC's mainly through e-mail spam and Trojans. Sometimes hackers use zero-day vulnerabilities to get into the system, but they are speedily corrected. After penetration, the virus checks the hard disc, defines the amount of files for encryption and their general value. At the moment, each new virus knows how to cypher image, text, audio and video info in all most used formats. Virus encrypts all files, but the ones that might be business documents go first. All software on computer will be untouched because criminals are interested only in information. Encryption is carried out through famous AES and RSA algorithms, and its complexity is so high that it can't be bruteforced. This is the ground for unbelievable efficiency of this sort of viruses in last years: usual user, even having a fairly good knowledge of the PC, will never restore the files, and will be forced to pay the price. The single method to decrypt the data is to find the fraudster's website and get the master key. Some experienced hackers can get these keys due to flaws in viruse's program code. When encrypting files, Tastylock switches the extension of files to .Tastylock and adds _HELP_INSTRUCTION.txt file with next message

All you files are encrypted!

For decrypt write DECRYPT ID to This email address is being protected from spambots. You need JavaScript enabled to view it.



Do not change!

Do not move files!

Do not use other programs (they do not work)!

You can lose your files if you do not follow the instructions!

For all sorts of computer viruses, one thing is true: it's way easier to prevent it than to neutralize its consequences. For ransomware it's most relevant, as, unlike normal viruses, after uninstalling ransomware from the computer, the consequences of its actions will stay. To guard yourself, you have to remember these three basic principles:

    • Heed to the pop-ups. If the workstation is polluted by Tastylock, it will try to eliminate all copies of the data, to make the recovery less possible. The removal of shadow copies requires admin rights and verification from the user. The moment of thinking before confirming the dialogue box might save your files and your time.
    • Monitor the state of your workstation. File encrypting is a complicated operation that consumes a lot of system resources. If you notice a significant decrease in computer capacity or notice a unknown string in the Process Manager, you should switch off the PC, load it in safe mode, and scan for ransomware. These measures, in case of infection, will guard some of your files.
    • Be cautious with the messages that contain files. The #1 pattern of fraud letters is the story about prize gaining or package obtaining. The second most popular sort of fraud messages is a forgery for business correspondence. It is OK to be interested and click on the message even if it's sent to the incorrect address, but don't forget that one click on the viral file might cost you a lot of money, time and headache.

Malware uninstalling isn't the happy end - it's only a one step from many before the complete data restoration. If you delete Tastylock, you will not restore the information immediately, it will need more measures written down in the "How to restore encrypted files" part. To uninstall Tastylock, you need to launch the PC at safe mode and scan it with AV-tool. Some ransomware can't be deleted even with help of antivirus-tool, and have other effective mechanics of protection. Some encrypting viruses are able to completely delete encrypted information, or part of it, if user tries to uninstall the program. This is extremely bad, and the following part will assist you to avoid it.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of virus: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects virus on the computer, you will need to purchase malware removal tool for $39,99 to delete viruses. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you performed all conditions, mentioned in above paragraph - it's time to decrypt the files. Actually, this is not about decryption, as the encrypting methods owned by fraudsters are very complex. Ordinarily, to get back the information, you should ask for assistance on specialized communities or from famous malware fighters and antivirus program vendors. If you choose the manual file restore - read our article, which shows all the most efficient manners: article about files decryption.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.