How to remove Kook virus and restore encrypted files

The article is about ransomware called Kook which infects PC in diverse countries of the world, and cyphers their files. Here we've gathered complete information on what is Kook, and how to remove Kook from the computer. Except that, we'll explain how to restore the corrupted files, if possible.

Kook ransomware virus

Kook is the dangerous software getting into computers mainly via e-mail spam and Trojans. Occasionally scammers use exploits to get into the computer, but big program developers promptly fix them. When infection is done, the virus reviews the hard disc, defines the quantity of files for encryption and their approximate cost. At the moment, any new ransomware is able to encrypt image, video, audio and text information in all known formats. Kook encrypts all folders, but those that look like business documents go first. Ransomware targets only information, and doesn't spoil the software, so that the victim can pay the ransom via his PC. The process is performed with the help of well-known RSA and AES algorithms, and its complexity is so high that decipherment of data without a key is impossible. Such complexity is the base for impressive efficiency of this kind of viruses in last years: usual user, even having a fairly good knowledge of the computer, won't ever be able to restore the data, and will have no choice except paying the ransom. The sole manner to restore the data is to find the scammer's website and retrieve the encryption keys. Also there's a way to withdraw the keys through defects in the code of the virus itself.

For any sorts of ransomware, one thing is correct: it is way easier to prevent it than to get rid of its effects. It's sad to say, but 90% of users understand the importance of computer knowledge only when ransomware infects their computers. To protect yourself, you must understand these few simple regulations:

    • Attentively study your e-mails, especially the messages that have files attached to them. If you don't know who send an e-mail and it notifies about receiving some prize, a lost parcel or anything like that, this might be ransomware. The second most effective sort of these letters is a "business messages". It is natural to take an interest and click on the letter even if it's sent to the wrong address, but remember that one click on the attached file may cost you lots of money, time and efforts.
    • Take notice to the dialog boxes. If the computer is infected by virus, it will try to remove the shadow copies of your files, to make the decryption impossible. However removal of copies requires admin rights and confirmation from the operator. The second of thinking before verifying the dialogue box can save your information and your efforts.
    • Do not neglect the symptoms that your computer shows. It takes much of computing power to encrypt the information. If you detect a sudden fall in system performance or detect a unwanted process in the Process Manager, you can switch off the computer, launch it in safe mode, and search for ransomware. This, if the laptop is really infected, will save some of your files.

We draw your attention to the fact that removing ransomware is just a, first step, which is required for the safe operation of the workstation. If you delete virus, you will not recover the files immediately, it will demand additional actions written down in the next section. In case of ransomware we do not give the hand removal guide, because its complication and the probability of mistakes is extremely high for regular customer. High class viruses can't be eliminated even with help of antivirus-program, and have lots of efficient mechanics of protection. The very efficient viral protection technique is the deletion of data in event of file recovery or Kook removal attempt. To avoid this, follow the tips below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After uninstalling Kook from the laptop, you should decrypt the encrypted data. We're not able to reverse the encryption, but we'll restore them through Windows functionality and the particular programs. There are the lucky exceptions, but usually file recovery requires lots of time and efforts. If you're really interested in the independent information restore - take a look at this entry, which describes all the very efficient manners.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.