How to remove Reco virus and restore encrypted files

Reco ransomware virus

That article is about virus called Reco which infects users' PC around the world, and corrupts their data. Here we've assembled important info about Reco's essence, and how to uninstall Reco from your workstation. Furthermore, we'll explain how to get back the corrupted data, if possible.

Reco is the malicious software that penetrating the computers usually with help of Trojans and phishing e-mails. Sometimes fraudsters use zero-day vulnerabilities to take control over the system, but major program vendors promptly fix them. After the infection, the virus checks the PC memory, defines the number of folders to be cyphered and their rough value. Currently, any new ransomware can cypher audio, text, image and video files in all most used extensions. Reco encrypts all folders, but those that might be business documents go first. Ransomware corrupts only files with information, and doesn't touch the software, so that the man can pay the ransom via his PC. The operation is executed via well-known RSA and AES algorithms, and it is so complicated that that decryption of files with no key is impossible. Such complexity creates base for impressive effectuality of ransomware in last years: usual user, even if he has a pretty good experience in suchlike things, will never decrypt the data, and will need to pay ransom. The only way to decrypt files is to hack the scam webpage and retrieve the encryption keys. Also there's a way to obtain encryption keys due to defects in viruse's program code.

There is one thing in common between all types of undesired software: it is way simpler to avoid it than to cure it. For ransomware this is most important, because, unlike common unwanted software, when you delete ransomware from the PC, the consequences of its doings do not disappear anywhere. To shield yourself, you have to remember a three elementary rules:

    • Don't accept any changes to your PC, originating from unknown programs. The simplest method of file recovery is the recovery from Shadow Copies, so fraudsters have added the removal of SC in the basic features of viruses. The deleting of shadow copies needs admin rights and confirmation from the operator. So, not confirming changes from a strange program at the proper time, you will reserve the way to decrypt all lost data for free.
    • Attentively examine your mailbox, especially those messages that have attached files. The very popular template of fraud messages is the story about prize gaining or parcel obtaining. You also should be careful with business correspondence, particularly if the sender and the content is unknown. It is normal to take an interest and open the message even if it is obviously not for you, but remember that one click on the viral file can cost you a lot of headache, time and money.
    • Don't neglect the symptoms that your PC shows. It consumes a lot of CPU resources to encode the information. If you see an abnormal decrease in laptop capacity or see a unknown string in the Process Manager, you can switch off the computer, boot it in safe mode, and run the antivirus. This, if the laptop is really infected, will save some of your information.

You should know that the removal of the virus is only the, first turn, which is required for the regular work of the machine. If you delete malware, you won't recover the information instantly, it will require more measures described in the next paragraph. To get rid of the virus, you have to start the laptop in safe mode and check it with AV-tool. We don't recommend trying to delete Reco by hand, because it has various security mechanics which can counteract you. Some ransomware are able to fully delete cyphered information, or part of it, if somebody tries to uninstall the virus. This is very unwanted, and the below part will help you to avoid it.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After erasing Reco from the laptop, user has to recover the encrypted data. We won't try to decrypt the files, but we'll get them back using Windows features and the additional programs. More often than not, to restore the files, you should ask for help on anti-malware communities or from renowned virus fighters and antivirus software manufacturers. If you choose the by-hand file recovery - read this entry, which shows all the easiest manners.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.