Anubi Ransomware Virus Removal (+File Recovery)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Anubi Ransomware Virus for free. Our instructions also cover how any Anubi  file can be recovered.

Anubi Virus is the name of a new Ransomware threat that encrypts the victim’s files with very complex cryptography. This malware is currently being distributed mainly in the form of a malicious email with an attachment, a spam message or a Trojan horse infection. Here are some of the main features of the infection:

  • encrypts all information with a complex combination of symbols and keeps it hostage;
  • displays a ransom notice when the files are encrypted and wants a ransom payment in order to release them;
  • targets companies, educational institutions, hospitals, enterprises and normal online users;
  • spreads via various malicious transmitters, including exploit kits, phishing web pages, email attachments and infected files;
  • may change the encrypted files’ extensions to make them unrecognizable by any software;
  • may delete Shadow Volume Copies in order to prevent file restoration from system backups.

If you have recently been attacked, there are a few alternatives which we would like you to consider before you decide whether to pay the ransom or not. In the text below, we will describe them all and will give you a general idea about the malicious capabilities of Anubi Ransomware. Make sure you carefully read all the information and decide what the best and safest way to proceed is.

Anubi Ransomware

How to act if your files have been encrypted by Anubi Ransomware?

This new malicious software has been detected just recently. It is known that it targets a different number of file formats. All your personal or business documents, backups, and projects will most probably become encrypted when the Ransomware enters your system. Once the malicious process completes, it usually leaves ransom files on the victims’ computers to inform them about the infection. The files contain instructions, which prompt them to pay ransom within a given deadline. Unfortunately, the encryption is very sophisticated and without paying a ransom, the chances of getting your files back are very minimal, unless you have some external backups. The hackers, who control the infection may warn you not to remove Anubi Ransomware and to contact them immediately, otherwise, you may risk losing the chance to get the secret decryption key that they possess. They may ask you for a ransom that varies from a couple of hundreds to a couple of thousands (usually payable in Bitcoins) and may request a payment within a strict deadline. Also, the crooks may encourage you to negotiate with them, but you should not trust them.

Anubi Ransomware Virus Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Anubi Ransomware files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Despite the warnings described, most reputed security experts, including our “How to remove” team would advise you not to keep the Ransomware on your computer but to remove it as soon as possible. Once the hackers have inserted Anubi Ransomware, they will have a backdoor to your PC and may gain control over it anytime. Moreover, every new file that you keep on the infected machine will most probably become encrypted as well, so if you want to use your machine safely, you should eliminate the infection. This can be done with the help of the removal guide below if you strictly follow its instructions. The professional malware removal tool may also be useful to you in this process, especially if you face difficulties following the manual steps.

If you hope that you may negotiate with the hackers, keep in mind that such course of action may be very risky. The criminals are simply trying to squeeze out the victims’ money rather than save their data, so you should never trust them, let alone sponsor their blackmail scheme.

How can you get infected with Anubi Ransomware?

Ransomware infections have many distribution channels but some of the most commonly used ones are spam email campaigns. Therefore, keep in mind that files containing malicious software may be marked as sent by an official institution. The files can also be masked as an invoice. Such emails usually contain inaccurate data and misleading links or attachments that hide a Trojan horse or an exploit kit. Please note that phishing sites may also make it easier for Anubi Ransomware to compromise your computer. To protect yourself, we would advise you to avoid clicking or opening sketchy or spam messages and update your security tools. A good solution is to have several different types of these programs.

To restore your files, there are some alternatives, though not that many. Indeed, due to the complexity of this malware, there is still no 100% sure method of recovery from the Ransomware attack. However, if you have file backups kept somewhere on an external drive, hurry to remove the Anubi Ransomware virus and copy them back. If you have no sources from where you can get your data, you may want to give the instructions below a try. At the bottom of the page you will find some of the tools we recommend, which you can use, so take advantage of them first and try to avoid paying the ransom by any means.


Name Anubi
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Leave a Comment