AES-128 Encryption Virus Removal

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove the AES-128 Virus . These “all of your files are encrypted with rsa-2048 and aes-128 ciphers” removal instructions work for all versions of Windows. This article is intended to help people that have been targeted by ransomware viruses, which utilize the AES-128 encryption protocol such as the recently released Locky ransomware or the older CoinVault ransomware virus. Many people will mistakenly believe AES-128 for a virus, but that is actually a well-known encryption protocol employed by many other legal programs. This encryption protocol is very hard to take down using a brute force – it takes roughly 500 years of calculations by a modern computer to figure out each specific key used in the encryption. The AES-128 encryption is very secure and it is picked by hackers precisely for this very reason.

“All of your files are encrypted with rsa-2048 and aes-128 ciphers”

What options do you have with the AES-128 Virus Encryption Removal? Unfortunately – not many. As mentioned before “all of your files are encrypted with rsa-2048 and aes-128 ciphers” – and this is a very strong encryption. Security companies have sometimes been able to figure out how to decrypt files in previous years, but this has always come from some form of breakthrough such as collaboration from hackers, police raids etc. Files targeted by virus using the AES-128 encryption will remain encrypted, but there are some alternative solutions that can be attempted. We’ll talk about this in details later in this article, but the general idea is to try and restore the original files that got deleted when the encrypted copies were created.

Paying the rasnom remains a bad idea – the criminals you are dealing with can always choose to just steal your money and give you nothing in return. Further, any money paid to these people will be invested into creating newer and even more dangerous ransomware.

  • WARNING! We have spotted some Ad campaigns that were suspiciously well timed with the appearance of the Locky ransomware. The advertised programs claim to be able to recover files encrypted by the AES-128 protocol. This is either a scam and the program does nothing or it is a marketing strategy employed by the hackers to get to your money posing as the “good guys”. Stay away from such suspicious programs.

Some tips on how to keep your PC safe from ransomware using the AES-128 Virus Encryption

The AES-128 and its bigger brothers the AES-198 and AES-256 all share one similarity between themselves – they are slow and they require a lot of CPU and memory when they encrypt files. People who experience unexplained PC slowdown should not blame it on random factors, but look through their task manager to see which process is draining power from the CPU. Any such process should immediately be terminated, even if it appears to be a benign windows service and process. Shutting down a process cannot damage your computer in any way, but you may actually target a well-disguised ransomware and stop it before it is able to encrypt your files.

Also on the matter of prevention – never download random executable and archive files from sources that are unsafe. There is no way to tell the function of an executable file and hackers often upload manipulated files to torrent engines and online storage platforms. Even if a user spots the malicious file it may still be downloaded by thousands of people before it is taken down.

Keeping your PC safe from other viruses is also a priority. Ransomware viruses are sometimes secretly installed by a Trojan horse virus that managed to infiltrate the target computer beforehand. Adware and other undesirable programs can also expose your computer by redirecting you to various malicious websites via online Ads.

Of course, a person can only do so much as we are always liable to make a mistake. Because of this it is a good idea to keep some anti-virus or anti-malware to regularly scan your computer and also make sure that any file downloaded is safe to open. We generally recommend anti-malware programs for their more frequent updates and quick response to new viruses. If you are looking for recommendation on what to get, click on one of the banners we’ve added to this page.


Name AES-128  (a virus using this encryption)
Type Ransomware
Danger Level High (As far as computer viruses go ransomware is the worst)
Symptoms General PC slowdown while files are encrypted followed by virus reveal and ransom demand.
Distribution Method Trojan horse viruses, malicious links, corrupted executable files and archives.
Detection Tool


AES-128 Virus Encrypter Removal

Readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. the AES-128 Virus may have hidden some of its files.

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


This is the most important and difficult part. If you delete the wrong file, it may damage your system irreversibly. If you can not do this,
>> Download SpyHunter - a professional parasite scanner and remover.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.

Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with the AES-128 Virus

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”


If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!

Was this guide helpful?

  • HowToRemove.Guide Team

    What did you try? Please, do give more information, maybe there is something else you can try, but “nope” doesn’t give us an explanation 🙂

  • HowToRemove.Guide Team

    Hi Pankaj,

    Unfortunately some versions of the virus tend to re-write and delete files multiple times in order to erase the shadow copies that Recuva uses. You can try other software like Shadow explorer, but probably that won’t help you either. There’s nothing more we can do to help.

  • HowToRemove.Guide Team

    Hi there, sorry for the slow response.

    What kind of computer you are using, is it an office machine? Sounds to me you that are not using an admin account.

  • HowToRemove.Guide Team

    Hi Brandon, you need to remove all suspicious lines from that document. Let me know if you encounter any problems in the process.

  • HowToRemove.Guide Team

    Can you share what the address and the name beside it are? (or at least the name) It may be safe.

  • HowToRemove.Guide Team

    You too 🙂

  • Alex

    Hate viruses…