Aghz Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Aghz is a variant of Stop/DJVU. Source of claim SH can remove it.


Aghz is a Ransomware virus – a representative of one of the most dangerous types of malware. Aghz is programmed to lock your files via encryption and prevent you from accessing them until you pay a ransom.

Aghz ransomware text file (_readme.txt)
The Aghz virus ransom note

If you are here, you’ve most probably been infected with this threat and are looking for solutions. As for the files which Aghz has encrypted, we have prepared a workaround solution within the same guide which may potentially help you recover the data. Keep in mind, though, that we cannot promise you that all of your information can be recovered.

The Aghz virus

The Aghz virus is a form of malicious software known as Ransomware. The Aghz virus will encrypt the files that are stored in your system by applying a military-grade encryption algorithm.

Such Ransomware may have reached your computer with the help of various malicious transmitters. Many techniques are used by hackers to spread their money-extortion programs, and the most popular one seems to be the malvertising. The malvertisements are ads in different shapes and sizes (pop-ups, banners, ad links, etc.) that have been loaded with malicious code. The code infects the user after the latter clicks on the ad and this way the system gets infected with the Ransomware. In some cases, the malvertisements may have been specifically designed for this purpose. In other cases, they may have been actual advertisements of legitimate products or services which the criminals have compromised. Therefore, it is very important that you are always careful with the different online advertising materials that may show up in your browser, and why you should avoid clicking on random messages. Spam, malicious emails, and even Trojan Horse infections can also be used to distribute Ransomware.

The .Aghz file encryption

The .Aghz file encryption is an algorithm of symbols, used to restrict the access to your data. The .Aghz file encryption can be decrypted but only if you have a special key that is unique for each encryption instance.

Files encrypted by Aghz ransomware (.aghz extension)
Encrypted files by the Aghz virus

Basically, what this malware does is it renders the files unavailable to the user and demands a ransom. The software typically places a ransom note on the victim’s monitor once the encryption is complete. The note includes information about the ransom amount which is required to be paid for the decryption key. With the emergence of the cryptocurrency known as bitcoins, the cyber criminals have started demanding the ransom in this exact currency.

Therefore, it’s very possible that with Aghz, the case is the same. The explanation is that bitcoins are extremely hard to trace, making it difficult for the authorities to catch the hackers.

This, however, is also why paying the criminals behind Aghz, Agvv, Agpo may not be a good idea at all. The reason is, the crooks may disappear once they get the money and there is absolutely nothing that can make them to send you the decryption key. Not to mention that, if such a key exists, it is unclear how effectively it may reverse the applied encryption. At the same time, if you don’t remove the Ransomware, you won’t be able to try any other methods for file-recovery. You won’t even be able to connect your file backup sources without the data on them getting encrypted as well. That’s why we suggest you take the necessary steps to remove the infection and give a try to some of the file-recovery alternatives in the guide below before considering the ransom payment.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
Data Recovery ToolNot Available
Detection Tool

*Aghz is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Aghz Ransomware


As a first step, we recommend that you bookmark this page in your browser’s Favorites so that you can easily access the ransomware removal guide when needed.

Following that, it is recommended that you restart the infected computer in Safe Mode in order to completely remove the Aghz ransomware and its hidden files (click this link for detailed instructions on how to reboot your PC in Safe Mode). If you reboot the system successfully, just the most important apps and processes will be running, allowing you to discover and shut down the processes linked with Aghz much more rapidly than you would otherwise.

After restarting the computer, type msconfig in the Windows search field to bring up the System Configuration window, which you can then use to make changes to your computer. Click on it and then on the Startup tab to see if any of the items that start up when your computer is turned on have anything to do with the malware infection.

Scan the list for startup items with “Unknown” Manufacturer or odd names that aren’t related with the programs that you routinely use on your computer. If you detect something that clearly don’t belong to the list, make sure you uncheck its related checkbox.



*Aghz is a variant of Stop/DJVU. Source of claim SH can remove it.

If your computer has been compromised, look for strange processes that are currently running on it. This information may be obtained from the Task Manager window that displays when you press CTRL + SHIFT + ESC on your keyboard. To determine whether any suspicious processes are currently running, go to the Processes Tab. Check the CPU and Memory Usage columns for names of processes that are consuming a lot of resources. Right-click on a process that appears to be dangerous and select Open File Location from the pop-up list of options.


Use the virus scanner provided below to scan the files in your File Location folder for malicious code.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    Immediately end the process whose files have been detected as harmful by the scanner, and then delete those files and the directories associated with it from your computer’s hard drive.


    Next, use the Windows key and R keyboard shortcuts to open a Run command window. Then copy and paste the following line in it and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    After you do that, a Notepad file named Hosts will appear on the screen. To check for signs of hacking, look for any odd IP addresses under Localhost, just as shown on the sample image below:

    hosts_opt (1)

    If you see anything unusual, please let us know in the comments section below, and we’ll inform you what to do and how to act it if we find that there is a problem.


    When a system has been infected with a ransomware like Aghz, it is possible that unwanted changes to the registry (in the form of dangerous files) may be imposed. The good news is that, in the next paragraph, you will learn how to search for and remove potentially harmful files from your registry.

    The first step is to open the Windows search field and type regedit in it, then press Enter. After that, the Registry Editor window will open on the screen. To search for files associated with the infection, press CTRL and F on your computer at the same time, and then type the ransomware’s name in the Find box. Next, click the Find Next button. 

    Attention! If you delete files or directories that are not linked to Aghz, it is possible that your operating system can get corrupted. To prevent your machine from suffering unintentional damage, use a reliable removal tool, such as the one provided on this page. An automated program can save you a lot of time and frustration when it comes to discovering and eradicating malware from critical places of your computer, such as the registry.

    Once you are sure that the registry is clean, type each of the lines below in the Windows search field and press Enter to open them one by one:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Manually search each of the locations for files and sub-folders with strange names that contain malware-related items that have not yet been found. You should conduct online research or use a sophisticated virus scanner before removing anything if you’re not sure whether something should be removed or not.

    When you access the Temp folder, all you have to do is select all the files, right-click and select the Delete button. All temporary files, including those that could have been created by ransomware will be removed from your computer as a result of this action.


    How to Decrypt Aghz files

    When it comes to recovering data encrypted by a ransomware like Aghz, you may need to rely on a variety of methods to successfully decode portions of your data. The success also depends on correctly detecting the variant of ransomware that has attacked you. Based on the variant of ransomware, you will need to determine which of the available file-recovery solutions will be most effective for you. The simplest method of determining which version of ransomware has attacked you is to look at the file extensions of the encrypted files.

    New Djvu ransomware

    STOP Djvu is the most recent Djvu ransomware variant that you may bump into, and if you have been unfortunate enough to become one of its victims, you’ll notice the .Aghz suffix appended to the end of the encrypted files. At the time of this writing, files encrypted by this variant with the use of an offline key can be decrypted, which is good news. If you check out the following link, you will be directed to a file-decryption program that may be able to assist you in regaining access to your data:

    Downloading the STOPDjvu.exe decryptor from the site above is simple – simply click on the Download button on the page.

    Run the file as an Administrator and click the Yes button. To begin decrypting your data, first read the license agreement and the “how to use” instructions. Please keep in mind that this tool may be unable to decrypt files that have been encrypted with unknown offline keys or online encryption,  thus, in some instances, the file-decryption process may be unsuccessful. 

    Before attempting any data recovery, you must first ensure that the ransomware has been fully removed from the system. If you want to scan your computer, it is recommended that you use professional anti-virus software, such as the one available on our website. If you have any worries about individual files, you may run them through the free online virus scanner. If you have any queries or encounter any problems, please do not hesitate to share them with us in the comments section.


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1