Boty Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Boty is a variant of Stop/DJVU. Source of claim SH can remove it.


Boty is a ransom-demanding infection that is used to generate profits for its criminal developers through blackmail. Boty uses the method of file encryption to limit access to a list of user files so that later a ransom payment can be demanded for their liberation.

The Boty ransomware will leave a _readme.txt file with instructions

This article is entirely dedicated to Boty as one of the latest ransomware representatives. Whether you’re infected with the virus or just curious about its effects, on this page, we will give you important prevention tips, and steps on how to remove the threat from your system. You should read the following paragraphs carefully and check the removal guide below.

The Boty virus

The Boty virus is a dangerous malware that is a member of the Ransomware class. The purpose of the Boty virus is to encrypt files, threaten, blackmail, and extort money from you. Such infections are created with the sole purpose of harassing web users for money.

Boty is not an exception and will take your most needed and most frequently used files hostage in order to make you pay ransom for them. Usually, this ransomware infects the system in a stealthy way, most often with the help of a Trojan horse virus which provides a secret passage through the system’s security holes. Both of these infections can be found in different online locations, including in torrents and software packages, contaminated websites, malicious ads, etc. The unusual e-mails you get from either your spam folder or your Inbox and their attachments may also deliver such threats. Therefore, you have to be especially careful not to open and download anything suspicious.

The .Boty file encryption

The .Boty file encryption is a malicious process that is aimed at locking user files through encryption. Typically, the .Boty file encryption runs under the radar of most security programs, therefore, stopping it on time is not possible.

Boty File

Once in the system, the ransomware is free to start its malicious attack. In the first stage of the attack, the virus scans every part of the system. From the scan results, Boty, Kiop or Kitz selects the most commonly used files and lists them. Then, the Ransomware completes the second part of the attack where it encodes all the enlisted files. A double-component encryption key is used for this purpose. You get the public part of the key right after the encryption has been completed, but to obtain the private part, you will have to pay a ransom to the hackers behind Boty. A notification with instructions on how to transfer the money will be displayed on your screen after the attack.

There’s something very important that we would like to say here – you should never trust a hacker. Paying a criminal in no way guarantees that your files will be recovered. It just means that you are desperate to give your money to the same people that have infected your computer without looking for alternative solutions. Therefore, what our “How to remove” team suggests is that you do some reading, speak to an expert at Ransomware removal, and then make an informed decision, as any decision here is a risk to your important data. A possible solution could be found in the guide below which explains how to remove Boty. We can’t promise that after you remove the virus with our instructions your locked data will be automatically restored but, at least, you will be left with a clean computer and the option to recover your information from backups.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
Data Recovery ToolNot Available
Detection Tool

*Boty is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Boty Ransomware


If you want to remove the Boty ransomware from your computer, you need to carefully follow the instructions in this removal guide to the letter. Begin by turning off the Internet connection on your computer so that the harmful software cannot communicate with its servers. USB and external storage devices linked to the infected computer should be unplugged as well.
The next thing that we recommend is to reboot the system in Safe mode with the help of the instructions in this link. Following a reboot, come back to this page and complete the rest of the instructions from the guide. If you want, you can save this page as a bookmark in your browser so that you can quickly return to it after a reboot.



*Boty is a variant of Stop/DJVU. Source of claim SH can remove it.

In the next step, you need to go to Task Manager. To do that, type “task manager” in the Windows search bar and press Enter to launch it. Using the Processes tab, sort the running processes by memory and CPU use. Scanning the files connected with potentially harmful processes is a must. Simply right-click on the suspicious process and choose Open File Location from the context menu to get access to these files.


Drag and drop the contents of the folder in the scanner we’ve provided below to get started scanning.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If the scanner flags harmful files on your computer, first, right-click the process and choose “End Process”. After the suspicious process is stopped from running, go to the file location folder where danger is detected and remove all files that have been flagged as threats.


    Next, press Windows key + R to open the Run window, and run the following command in it by pasting it and clicking Enter.

    notepad %windir%/system32/Drivers/etc/hosts

    Open the Hosts file in a separate window on your PC. Go through the text of the file and find Localhost. You should report any unusual IP addresses found under the “Localhost” section of the text in the comments below. If any of your IP addresses turn out to be malicious, we’ll let you know.

    hosts_opt (1)

    It’s possible that Boty files may show up in System Configuration. To open System Configuration, type “msconfig” in Windows search field and hit the Enter key. Look for suspicious items in the “Startup” tab to see whether they’re enabled to automatically start when the system boots.

    Uncheck the boxes next to the startup items that are linked to the malicious software that needs to be removed from your computer. Check the internet before making any adjustments to a startup item if you have any doubts regarding its reliability.



    Ransomware may stay undiscovered in the system’s registry thanks to the fact that it can install new malicious files in it without any visible signs. For this reason, scanning the registry for potentially harmful files is highly recommended for those who want to deal with Boty permanently. If you’re not sure how to get to the Registry Editor, type “Regedit” in the Windows search field and press Enter on your keyboard to get started.

    By pressing CTRL and F, you may search for infected files in the Registry Editor and then delete them. In order to get started, type in your ransomware’s name in the Find box and select the Find Next button.

    Attention! Computer expertise and experience may be required in order to correctly remove ransomware registry files. If other registry entries are erased during this process, the system may become unstable or even crash. That’s why, a virus removal application like the one on our website is highly recommended to use if you don’t trust that you can get rid of the infection on your own.

    Ransomware-related files may be found in the following places on a computer: 

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    To open each of them, go to the Windows search field, copy and paste them exactly as they are shown and hit Enter to begin searching for what you’re looking for.

    Then, after you’ve opened each folder, look for files and folders with strange or unusual names. If you aren’t certain that these files and folders are connected to the infection, don’t make any modifications or deletions. The files that are stored in Temp may be deleted when you access it. These are temporary files, and it’s possible that some of them may have something to do with the virus.


    How to Decrypt Boty files

    Even the most qualified specialists may have difficulty dealing with a Ransomware infection in some cases. If you don’t know how to decrypt files, you may have a difficult time handling anything like Boty as well. That’s why, the first step that we recommend you to do is to identify the variant of ransomware that has attacked your computer. The file extensions of the encrypted files may reveal this information.

    However, before attempting any data recovery, make sure your computer is free of ransomware by doing a full system scan. Otherwise, any decrypted data you attempt to recover may be encrypted anew. If you’re in this situation, professional anti-malware software may save you time and nerves.

    New Djvu Ransomware

    STOP Djvu is a ransomware variant that many online users have lately encountered. In most cases, files with the .Boty file suffix indicate that they’ve been infected with this specific variant of ransomware. If you’ve made sure your computer is free of viruses, you may be able to retrieve some of your data by using a decryption program like the one available at the following website:

    The license agreement and any other instructions that come with the decryptor program should always be carefully reviewed before decrypting a file. Remember that this tool may not be able to decrypt your files if they were encrypted with an unknown offline key or online encryption.

    If this page’s manual removal instructions aren’t enough to remove Boty completely, you may need to use anti-virus software. If you’re worried about a specific file, you may use our free online virus scanner to do a manual scan. Please use the comment section below if you have any questions or complaints regarding this guide’s removal instructions.



    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1