How to remove Thanatos virus and restore encrypted files

Our guide was written to help users to eliminate Thanatos virus. Here, you'll find the very useful tips on Thanatos elimination, in conjunction with some tips on the decryption of wasted data. You'll also see the essential hints about encrypting viruses that can help you to evade infection next time.

Thanatos ransomware virus

An encrypting program is the worst disaster that can happen to you on the Internet It's a typical robbery, but with no true plunderers involved: hackers penetrate your system and grab everything they wish, casting a victim aside with a crippled hard drive that contains only corrupted data. Thanatos malware is the clearest illustration of encrypting programs: it’s easy to pick up and very difficult to uninstall, but there are a few measures that you should take. In today's item, we will explain to you what is Thanatos and how it got into the computer. We will explain to you what measures you have to take to evade encrypting virus' infestation, and how you can decrypt your files. Remember that most of the suchlike programs won't ever get defeated, so if you've got one – your files may be already lost forever. There's a chance that web-criminals made an error to leave the switch to beat ransomware or to reverse the caused harm. The victim may be guarded by specific options of his PC, and we will teach you how to apply it.

What is Thanatos ransomware

The encoding viruses, AKA ransomware, are the programs that get into users’ machines and spoil their information to gain money for its decryption. The penetration is commonly carried out with the help of malspam campaigns or 0-day vulnerabilities. Malicious mail isn't hard to define – it will come from an unknown address, with a file in it. If we're talking about 0-day vulnerabilities, it’s way substantially more difficult – you won’t know what it is before the device gets taken over so that the most effective method is to properly update the OS and other programs that you use.

The point is that the common viruses take advantage of the well-known ciphers, known as the RSA and the AES. These two are simply the most complex in the world, and you can't decrypt them. Actually, you might decipher them, having fifty years of the home PC’s operation time or a couple of years of work on the very powerful computing device on the Earth. We don't think that any of these options is suitable you. We will explain to you that ransomware are easy to avoid, but if one of them is already in the system – it's a big issue.

Modern ransomware programs aren’t too complex in their structure, though even the sloppiest one is very effective, and we’ll explain to you why. They all use the super-complex mechanisms of encryption. Malicious programs' goal is not to actually steal the information. All it has to do is to penetrate the computer, spoil the files and remove the real data, putting the encrypted files instead of them. The files are unusuable when they are encoded. You can’t read them and cannot restore them. We know several methods to recover the data, and they all are written down in this article.

When the encryption is carried out, hackers give you a ransom message, and is it popped up – you know that the information is encrypted. There's only one turn you can take now - to uninstall a virus from the machine and concentrate on the data restoration. We've said “attempt” as the probability to deal with it with no decryption program are faint.

Thanatos removal guide

You need to eliminate ransomware until you go on because if it stays in your system – it will go on encoding any file which enters the PC. Even more - every medium storage you are porting to the corrupted machine will become corrupted too. To evade that – remove Thanatos by following our useful advice. Remember that the uninstallation will not reverse caused harm, and if you do this, you won’t be able to pay money to fraudsters. We recommend you to do that as each dollar paid is making scammers more positive in their "business" and increases their budget to invent intricate viruses. It's worth mentioning that if you’re dealing with scammers, they can just receive the money and forget about you. They’ve just stolen your data, and we don't think that you want to send them the ransom after that.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

How to decrypt Thanatos files

After you remove Thanatos from your device, and you triple-checked it, you should think about the decryption techniques. Primarily, we should say that the very reliable method is to load a backup. If you had the backups of your files and Thanatos is completely uninstalled – don't fret. Erase the encoded data and load the backups. If there were no backups – the chances to get the files are significantly lower. The single way to succeed is the Shadow Volume Copies. We're talking about the inbuilt tool of Windows, and it saves all the altered or removed files. They may be found via specific recovery tools.

Of course, the complex viruses might remove these copies, but if you use a profile with no administrator rights, the virus just had no way perform that not having the permit. You might remember that sometime before you've seen a scammer's note you've seen another menu, offering to apply changes to the device. If you have declined those changes – your SVC weren't deleted, and you may use them and repair the data through custom utilities as Recuva or ShadowExplorer. You can easily locate each of them in the Web. Each of them has its main pages, so you better download them there, with step-by-step guides. If you need more information on this topic – simply check the extended guide about data recovery: article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.