Btos Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Btos is a variant of Stop/DJVU. Source of claim SH can remove it.


Btos is a dangerous Windows virus of the Ransomware family that locates the most commonly used files in the computer and locks them. The goal of Btos is to make its victims send money to its creators in exchange for the release of their files.

The Btos Virus will encrypt all your files with the .btos extension.

The creators of this malware threaten that if the victim doesn’t send the demanded ransom money within a given period of time, the demanded sum would double or the “offer” of paying for the data’s release would no longer be available. If you have recently found yourself in a similar situation and don’t know what course of action to follow, we will tell you about the possible options you can choose from at the moment. However, one thing we must make clear right away is that the recovery of your data cannot be guaranteed no matter what you do. Some of the potential solutions you can try may allow you to bring back some of your data, while others may turn out to be utterly ineffective in your case. The main thing to understand here is that the ransom payment should really only be considered if there are no other options left and if you simply cannot afford to lose the locked data. In all other cases, paying is highly inadvisable.

The Btos virus

The Btos virus is a virus infection that belongs to the widespread Ransomware category of computer threats. The Btos virus blocks access to important files on the attacked machine and tells its victims they need to pay a ransom if they want their files back.

The main reason we recommend that you avoid paying the ransom money is that the hackers’ promises of restoring your data cannot be trusted. You could send the money only to realize that you would still not be allowed to regain access to your files.

If you are in the situation where Btos, Btnw, Maos or Matu has taken your data hostage and you really need those files back, our suggestion is to turn to the removal guide you will find right below this article. The steps there will help you remove the virus, thereby making sure that no more of your files will get locked. After the infection is removed, you can move on to the alternative recovery options that will be present in the second segment of the guide.

The Btos file decryption

The Btos file decryption is the main method for restoring files locked by this virus. However, the Btos file decryption requires a special key to complete and that key is only present on the computers of the criminals behind this virus.

That being said, if you are lucky, you may manage to get around the need for decrypting your files or maybe find a custom decryptor tool for this virus, that you can get for free. We have a list of a big number of such free decryptors on our site as well as some other recovery suggestions, but before you get to them in the recovery segment of the guide, you must ensure that the infection is no longer present in your PC.


Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Btos is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Btos Ransomware


As with most malicious pieces of software, a bit of preparation is needed for the successful removal of Btos from the computer. What we recommend you to do first is go to the URL bar of your browser and click on the Bookmark icon top right to save this page. This will help you to refer back to it during the next steps where a system restart may be needed.

After you bookmark the guide, click on this link and carefully follow the instructions show there to reboot the computer in Safe Mode. Once in Safe Mode, proceed to the actual removal of the ransomware starting with step 2.



*Btos is a variant of Stop/DJVU. Source of claim SH can remove it.

If your computer is infected with Btos, various malicious processes may be active in the background of your system without your knowledge. If you want to remove the ransomware, however, it is critical that you detect those processes and stop them.

For that, open your Task Manager (CTRL + SHIFT + ESC key combination) and check the Processes Tab for processes that are resource-intensive without any logical reason, have odd names or mimic the names of legitimate programs but with slight changes in the characters. In many cases the ransomware may mask its malicious processes in this way. If you need help to determine whether a specific process is really dangerous or not, we recommend that you right-click on it and open its File Location folder to check its files.  


Ideally, scan all files stored in the File Location folder with a professional antivirus program that you trust or if you don’t have such software at hand, drag and drop them in the powerful free online virus scanner below:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    Each of the files will be checked with up to 64 antivirus programs to ensure maximum malware detection and accuracy.

    Be patient while waiting for the scan to complete. Even one single dangerous file in the results is a sure indication that the related process is dangerous and needs to be stopped immediately. So, if you detect such a file in the scan summary, go to the Processes tab, right-click on the related process >>> End Process. After you do that, go to the File Location folder and delete the dangerous files in there.


    It is not that uncommon for the ransomware to alter the Hosts file by adding malicious IP addresses that help the threat actors to hack the infected computer. That’s why the next thing that you need to do in order to deal with Btos successfully is to open the Hosts file by copying the line below in the windows search bar found in the Start menu:

    notepad %windir%/system32/Drivers/etc/hosts

    Open the result shown in the search and the file open should open in Notepad.

    Without losing time, find Localhost in the text and check for added IP addresses that don’t look reliable:

    hosts_opt (1)

    Copy anything that you think could be dangerous and drop us a comment under this guide. We will reply to you with recommendations in case that we find it really dangerous. If you see no changes in the Hosts file, close it and proceed to the next instruction.

    Press Windows and R keys from the keyboard together and type msconfig in the Run window. After that, click OK and go to the Startup tab of the System Configuration window that gets open:


    You will see a list of Startup Items where you need to search for entries that might have been added by the ransomware. If you have doubts about a particular Startup item, remove its checkmark from the checkbox to disable it. Keep in mind that Btos may mask its startup process under a fake name, so it might help to research online any entries that look suspicious, have minor character changes in their names or have unknown or non-reputed manufacturer.


    *Btos is a variant of Stop/DJVU. Source of claim SH can remove it.

    The successful removal of Btos may fail if its malicious entries have been added to the Registry of your system. Many ransomware threats do that to prevent being removed, therefore, it is critical that you search the Registry for Btos-related entries and delete them.

    A note of caution here is to remember that dealing with Registry files is a very delicate job and any wrong deletions or changes there may lead to a very serious system corruption. That’s why if you are not sure about a particular entry that looks suspicious to you, it is recommended that you use a professional removal tool to check it instead of removing it. If you anyways decide to remove an entry that you believe is dangerous, it is at your own risk.

    A quick way to search for ransomware-related entries in the Registry is to start the Registry Editor (press Windows key and R together>>> type Regedit >>>press Enter) and then open a Find box (CTRL and F) where you need to write the exact name of the ransomware. To start the search process, click on the Find Next button. If any results with that name are found, they will most likely be linked to the ransomware and need to be deleted.

    When you are done cleaning the Registry from ransomware entries, close the Editor and go to the windows search bar in the Start menu. In it, type each of the following and open the result:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Carefully check each location for files that have been created recently (an indication that they might be linked to the infection) by filtering the list by date.

    The content of Temp should be deleted entirely to remove any temporary files that Btos might have added there.


    How to Decrypt Btos files

    Once you are sure that the ransomware has been successfully removed from the infected computer, the next thing that you may want to learn is how to decrypt your files. This is a separate process that requires a different set of instructions. Therefore, we invite you to check our detailed file-decryption guide that can be found here and learn more about the most effective file-recovery options that you can try for free.

    If any questions arise during the removal of Btos, please leave us a comment below, so we can help you out. In case the ransomware doesn’t want to get removed manually, don’t leave it on the computer. Instead, use the powerful anti-virus program linked on this page or try our free online virus scanner and scan the infected system for hidden malicious files that are preventing the threat from being deleted.

    New Djvu Ransomware

    People all across the world are being attacked by a new variant of the Djvu Ransomware known as STOP Djvu. The addition of the .Btos suffix to the end of the encrypted files makes it much easier to distinguish this specific variant from other examples of the same kind.

    New ransomware versions may be difficult to deal with, but if an offline key was used to encrypt the files that were encoded with Btos, there is still a chance that the data may be decrypted. What is more, there is a decryption program that you may use to see whether it is possible to retrieve your data. You may save the decryptor to your computer by first clicking the link that is provided below, and then hitting the Download button that is located on the page.

    Launch the decryptor as an administrator, then click the OK button. Before continuing, please ensure that you have read and understood the terms of the license agreement, as well as the instructions for use. The next step in decrypting your information is to choose the location of your encrypted files and click the Decrypt button. Please be advised that the application may not be able to decrypt files that have been encrypted online or with unknown offline keys.

    Final Notes

    The guide we’ve provided you with on this page should allow most users to fully eradicate the Btos threat. However, if you suspect that the virus is still on your computer, it would be a great idea to use the advanced malware-removal tool that you will find linked on the current page as it can both quickly find and take care of any remnants of the Btos virus as well as provide your system with powerful protection against malware in the future.


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1