How to remove XUY virus and restore encrypted files

XUY ransomware virus

XUY is the malicious software penetrating machines mainly through e-mail spam and Trojans. Sometimes hackers use exploits to infect the PC, but big program vendors quickly correct them. After the infection, ransomware scans the hard drive, determines the number of files to be encrypted and their general value. Nowadays, each new virus is able to cypher image, text, video and audio files in all popular extensions. High attention is attracted to business files, since representatives of business are the priority objective for criminals. All software in the system will be safe because scammers are interested only in information. The operation is performed via world-known RSA and AES algorithms, and it is so complicated that that decryption of data without a key is impossible. Such complexity gives reason for unbelievable success of this type of viruses in recent years: usual user, even if he has a very good knowledge of the PC, won't ever be able to decrypt the files, and will need to pay ransom. The single way to get back files is to find the scammer's webpage and get the encryption keys. Some experienced hackers can obtain the keys through defects in viruse's program code. When encrypting files, XUY changes the extension of files to .xuy, and the amount of ransom is 400 euros.

The article is about ransomware called XUY that gets onto systems in different countries of the world, and cyphers their files. Here you can find complete info on what is XUY, and the uninstalling of XUY from the PC. Besides, we will explain how to restore the corrupted files, if possible.

The computer knowledge is quite important in our world, as it helps you to defend the system from undesired programs. It's sad to say, but most people comprehend the importance of PC knowledge only after ransomware infection. To shield yourself, you should understand a three simple rules:

    • Be cautious with the messages that contain files. The most efficient pattern of fraud letters is the story about prize winning or parcel obtaining. You also should be watchful with business-related letters, especially if you don't know the sender and not sure what's inside. claims, Invoices for goods or services, lawsuits, summaries and other important documents cannot be sent without warning, and the addressee should know the sender. Otherwise, it is a fraud.
    • Do not ignore the signs that your computer shows. File encryption is a intricate process that uses a lot of system resources. When the XUY starts to operate, the workstation slows down, and the encryption process appears in Process Manager. You may recognize this moment and switch off the PC before files will be totally encoded. These measures, in case of infection, will guard a lot of your files.
    • Do not accept any alterations to the computer, coming from weird software. If the laptop is polluted by malware, it will attempt to remove the shadow copies of the data, to make the decryption impossible. The deleting of shadow copies needs administrator rights and your acceptance. The second of thinking before confirming the changes might save your information and your money.

Virus removal is not the happy end - it's just a one step from many until the complete data recovery. If you uninstall XUY, you won't recover the information immediately, it will take multiple measures described in the "How to restore encrypted files" part. To uninstall XUY, you have to boot the laptop at safe mode and check it via AV-tool. Some viruses can't be deleted even with help of antivirus-tool, and have many serious mechanics of security. Qualitative malware are able to fully remove cyphered information, or some of it, when trying to uninstall the program. To avoid this, abide to the tips under this paragraph.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Antivirus scanner

Why we recommend Reimage Repair

Detects viruses fully: all files and even registry keys of malware will be found

Can fix system errors

Protects your computer in the future

24/7 free support team

Reimage's scanner is only for malware detection. If the program detects a virus on the computer, you will need to purchase Reimage Repair's full version to delete viruses. Uninstall steps and Refund policy, EULA, Privacy Policy.

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you fulfilled all conditions, described in previous part of an entry - it's time to restore the files. Actually, this is not about decipherment, because the encryption algorithms owned by scammers are too complicated. More often than not, to recover the information, the customer has to ask for assistance on specialized forums or from celebrated malware researchers and antiviral software manufacturers. If you are more interested in the independent information restore - read this item, which describes all the easiest methods.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.