AES-128 Encryption Virus Removal

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove the AES-128 Virus . These “all of your files are encrypted with rsa-2048 and aes-128 ciphers” removal instructions work for all versions of Windows. This article is intended to help people that have been targeted by ransomware viruses, which utilize the AES-128 encryption protocol such as the recently released Locky ransomware or the older CoinVault ransomware virus. Many people will mistakenly believe AES-128 for a virus, but that is actually a well-known encryption protocol employed by many other legal programs. This encryption protocol is very hard to take down using a brute force – it takes roughly 500 years of calculations by a modern computer to figure out each specific key used in the encryption. The AES-128 encryption is very secure and it is picked by hackers precisely for this very reason.

“All of your files are encrypted with rsa-2048 and aes-128 ciphers”

What options do you have with the AES-128 Virus Encryption Removal? Unfortunately – not many. As mentioned before “all of your files are encrypted with rsa-2048 and aes-128 ciphers” – and this is a very strong encryption. Security companies have sometimes been able to figure out how to decrypt files in previous years, but this has always come from some form of breakthrough such as collaboration from hackers, police raids etc. Files targeted by virus using the AES-128 encryption will remain encrypted, but there are some alternative solutions that can be attempted. We’ll talk about this in details later in this article, but the general idea is to try and restore the original files that got deleted when the encrypted copies were created.

Paying the rasnom remains a bad idea – the criminals you are dealing with can always choose to just steal your money and give you nothing in return. Further, any money paid to these people will be invested into creating newer and even more dangerous ransomware.

  • WARNING! We have spotted some Ad campaigns that were suspiciously well timed with the appearance of the Locky ransomware. The advertised programs claim to be able to recover files encrypted by the AES-128 protocol. This is either a scam and the program does nothing or it is a marketing strategy employed by the hackers to get to your money posing as the “good guys”. Stay away from such suspicious programs.

Some tips on how to keep your PC safe from ransomware using the AES-128 Virus Encryption

The AES-128 and its bigger brothers the AES-198 and AES-256 all share one similarity between themselves – they are slow and they require a lot of CPU and memory when they encrypt files. People who experience unexplained PC slowdown should not blame it on random factors, but look through their task manager to see which process is draining power from the CPU. Any such process should immediately be terminated, even if it appears to be a benign windows service and process. Shutting down a process cannot damage your computer in any way, but you may actually target a well-disguised ransomware and stop it before it is able to encrypt your files.

Also on the matter of prevention – never download random executable and archive files from sources that are unsafe. There is no way to tell the function of an executable file and hackers often upload manipulated files to torrent engines and online storage platforms. Even if a user spots the malicious file it may still be downloaded by thousands of people before it is taken down.

Keeping your PC safe from other viruses is also a priority. Ransomware viruses are sometimes secretly installed by a Trojan horse virus that managed to infiltrate the target computer beforehand. Adware and other undesirable programs can also expose your computer by redirecting you to various malicious websites via online Ads.

Of course, a person can only do so much as we are always liable to make a mistake. Because of this it is a good idea to keep some anti-virus or anti-malware to regularly scan your computer and also make sure that any file downloaded is safe to open. We generally recommend anti-malware programs for their more frequent updates and quick response to new viruses. If you are looking for recommendation on what to get, click on one of the banners we’ve added to this page.


Name AES-128  (a virus using this encryption)
Type Ransomware
Danger Level High (As far as computer viruses go ransomware is the worst)
Symptoms General PC slowdown while files are encrypted followed by virus reveal and ransom demand.
Distribution Method Trojan horse viruses, malicious links, corrupted executable files and archives.
Detection Tool


AES-128 Virus Encrypter Removal


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


This is the most important step. Do not skip it if you want to remove AES-128 Virus successfully!

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt AES-128 Virus files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!


  • What did you try? Please, do give more information, maybe there is something else you can try, but “nope” doesn’t give us an explanation 🙂

  • Hi Pankaj,

    Unfortunately some versions of the virus tend to re-write and delete files multiple times in order to erase the shadow copies that Recuva uses. You can try other software like Shadow explorer, but probably that won’t help you either. There’s nothing more we can do to help.

  • Hi there, sorry for the slow response.

    What kind of computer you are using, is it an office machine? Sounds to me you that are not using an admin account.

  • Hi Brandon, you need to remove all suspicious lines from that document. Let me know if you encounter any problems in the process.

  • Can you share what the address and the name beside it are? (or at least the name) It may be safe.

Leave a Comment