Bttu Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Bttu is a variant of Stop/DJVU. Source of claim SH can remove it.

Bttu

Bttu is a new Windows virus that attacks the files of its victims by blocking the access to them using data encryption. The hackers behind Bttu want the infected users to pay a ransom in order to receive the means for unlocking their inaccessible data.

Bttu File

If a user who doesn’t keep any sensitive and important files on their computer gets attacked by such a virus, they wouldn’t be in too much trouble because the malicious program doesn’t do any other type of harm. It won’t damage the computer’s system or spy on the user so if the files locked by it aren’t too valuable, the attack from this piece of malware shouldn’t be a huge deal. The same would be the case if the attacked user has previously made sure to copy their important files on a backup location. Such backup locations can be cloud storages, external drives, or even other devices (preferably ones that aren’t connected to the Internet).

The real problem with Bttu, .Maos and Btnw and other similar infections comes when there is no backup and the files locked by the virus are important to the user. In those cases, the victim is forced to make the difficult choice between paying the requested ransom and opting for some alternative options. Below, we will tell you what we believe is the best course of action if Ransomware has attacked you and we will explain what you can do to ameliorate the situation.

The Bttu virus

The Bttu virus is a Windows infection categorized as file-blocking Ransomware. The representatives of the Ransomware category such as the Bttu virus are known for their ability to silently encrypt all potentially important user data and later demand a ransom for the decryption key.

If this virus has attacked you and has managed to place its advanced encryption on some important files that you don’t want to lose, it is important to not succumb to panic and do the first thing that comes to mind. If you have enough money and can afford to make the ransom, this option may seem like a reasonable trade-off if the files the virus has locked are really that valuable to you. However, you must understand that the ransom payment cannot guarantee anything. Yes, it improves your chances of restoring your files but it doesn’t remove the possibility of the hackers simply deciding that they won’t provide you with the decryption key.

The Bttu file decryption

The Bttu file decryption is a file-recovery process that is only possible if you have the corresponding access key. The Bttu file decryption cannot be completed without that key but in order to get it, you are required to pay the ransom.

However, there may be ways you can bring back your data without necessarily acquiring the key or even without decrypting the locked files. Like the ransom payment, the alternative methods don’t guarantee that your data will be restored but, with them, you will at least not be required to risk your money. In our guide that you will see below, there are instructions on how to first remove Bttu and then attempt to bring some of your files back without paying the Ransom.

 SUMMARY:

NameBttu
TypeRansomware
Detection Tool

*Bttu is a variant of Stop/DJVU. Source of claim SH can remove it.

Bttu Ransomware Removal


Step1

Important! In this guide, there will be steps that will require you to quit your browser. That’s why, in order to get back to this page quickly, we recommend you to Bookmark it by clicking on the star icon on the upper right corner of the URL bar.

The other important thing that you need to do before you start the actual removal process of Bttu is to boot your computer in Safe Mode. The active link will lead you to another guide that will show you how to do that.

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

*Bttu is a variant of Stop/DJVU. Source of claim SH can remove it.

Once you have Bookmarked this page and have entered in Safe Mode, your first job is to launch the Windows Task Manager app. A quick way to do that is to use the CTRL + SHIFT + ESC key combination. 

Go to the Processes Tab when the app opens and carefully examine the processes that are running. Look for processes that are consuming way too much CPU or Memory and google them if you cannot determine if they are malicious. Keep in mind that ransomware threats like Bttu may operate under different names and may use the name of legitimate system processes as a cover.

malware-start-taskbar

When you are sure that you have detected an Bttu-related process, right-click on it. Then, choose Open File Location from the list of options that appears on the screen. Scan the files found in that location for malware with the free online virus scanner that is available here:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.


    In case that the scanned files are flagged as malicious, end the processes related to them by going back to the Task Manager’s Process tab,  and delete the folders that contain the infected files.

    Step3

     

    After you have removed all the infected files and have ended their malicious processes from the Task Manager, press the Start and R –  copy keys from your keyboard to open a Run box. Next, copy this command in the Run box’s text field:

    notepad %windir%/system32/Drivers/etc/hosts

    Hit the Enter key from the keyboard and this will immediately open a text file on your screen that is named “Hosts”.

    Scroll through the file and find the place where it is written “Localhost”. Normally, there shouldn’t be many IP addresses under Localhost, but in case you see some, this might indicate that your computer has been hacked. 

    The image below explains what you have to look for:

    hosts_opt (1)

     

    If the “Localhost” section of your Hosts files contains some suspicious IP addresses, please drop us a comment below this post and we will reply to you with instructions on what you need to do next.

    After you have checked the Hosts file, and you haven’t detected anything suspicious in it, type the msconfig command in the Windows search field and hit enter. The System Configuration app will launch immediately:

    msconfig_opt

     

    Go to the fourth tab which says Startup. There, carefully check the apps that are allowed to launch with the system’s startup and seek for suspicious or Bttu-related entries. Remove the checkmark from the checkbox of these entries. If there are entries that have “Unknown” Manufacturer, remove the checkmark from their checkbox as well.

    • Attention! Ransomware like Bttu may use a fake name for its processes and Manufacturer, that’s why make sure that you google the entries you leave checked in.
    Step4

     

    *Bttu is a variant of Stop/DJVU. Source of claim SH can remove it.

    You won’t be able to fully remove the ransomware unless you delete its entries from the Registry Editor. That’s why in this step you will have to launch it (type Regedit in the windows search field and press Enter) and perform a search

    When the Registry Editor opens, press CTRL and F keys from the keyboard together. A Find box will appear on your screen where you have to type the name of the virus, which in your case is Bttu

    Next, click on the Find Next button and delete any entries that are found with this name. We need to warn you, though, that you need to be very careful with your deletions because if you happen to delete something that is not related to Bttu, this may damage your entire Operating System in a serious way. If you want to avoid that, you should better use a professional removal tool that can clean the registries from the ransomware for you.

    Once you are done with finding and deleting the ransomware entries by their name, go to the Windows Search Field and type each of the following:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    After each search, check if anything new has recently been added to these directories. When you reach the Temp folder, delete everything that is found there.

    Remember! You can always ask us for help in the comments below any time you run into trouble!

    Step5

     

    How to Decrypt Bttu files

    The hardest part about being infected with ransomware such as Bttu is the recovery of the encrypted files. Personal backups may be of great help when it comes to this, but there are also a few other methods that may be worth your attention if you are not keen on paying a ransom to some anonymous cyber crooks. That’s why at the end of this guide we have included a link to decryptor tool that may help you.

    Before you can figure out how to best go about decrypting your files, you’ll need to know exactly what variant of ransomware has infected your computer. The file extensions of the encrypted files provide this information quickly and easily, so take a look at them first.

    New Djvu Ransomware

    The STOP Djvu ransomware variant is the most recent addition to the Djvu ransomware family.This malware often appends the .Bttu suffix to files after encrypting them. Fortunately, at the time of writing, there is a way to decrypt STOP Djvu-encoded files. However, this is only the case with files that have been encrypted using an offline key. In order to find out more about how to decode them, please visit the website below. You’ll be sent to a file-decryption program that could help you get your data back:

    https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

    Just click the “Download” button from the page to get your hands on a copy of the STOPDjvu.exe decryptor.

    To launch the program, locate the file you downloaded on your computer, right-click on it, and choose “Run as Administrator”. You may start decrypting your data once you’ve read the license agreement and a few quick “how to use” instructions. Just keep in mind that this program may be ineffective in decrypting data encrypted online or with offline keys that are not in its database.

    It is essential to get rid of the ransomware from the infected machine before proceeding with any data recovery efforts. Removal of Bttu and other viruses may be done by using professional anti-virus software. If you need more help, you may use a free online virus scanner to check any separate file that looks suspicious. Furthermore, the comment section is where you can share your experience, ask us questions, and let us know if the information on this page was useful. 

    If you cannot deal with Bttu on your own and the ransomware is still causing you trouble, please don’t leave it like that and use the professional removal program that we recommend, or another trusted anti-virus software of your choice.


    About the author

    blank

    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment