Fdcv Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Fdcv is a variant of Stop/DJVU. Source of claim SH can remove it.


Fdcv is a version of Ransomware that keeps user files hostage by making them inaccessible through encryption. Fdcv is a tool used for online money extortion and will not let you open or use your files until you pay a ransom to the blackmailers behind the infection.

The Fdcv virus file ransom note

If you’ve come across this page, you most likely have caught Fdcv and are now desperately looking for a way to remove it from your system. That’s why the information below will focus on precisely that. The victims of this Ransomware are typically greeted by a disturbing message from a hacker that is telling them that their files have been encrypted and they are expected to pay a ransom in cryptocurrency to get back access to them. Usually, there is a deadline for the payment and if the victims don’t pay on time, they are threatened to never be able to open or use the encrypted files again. Those who pay, however, are promised to receive a unique decryption key with the help of which they should be able to unlock the encoded information. Sadly, threats such as Fdcv, Dfwe, Kruu or Xcvf  can attack without a warning and can block access to very important and valuable digital data, leaving the owners at the mercy of the hackers who hold the decryption key.

The Fdcv virus

The Fdcv virus is a Ransomware representative capable of encrypting user data without a warning and making it inaccessible without a decryption key. After applying its encryption, the Fdcv virus will demand a payment of a fixed amount of money in exchange for providing the decryption key.

Ransomware is malicious type of software that is evolving rapidly. Advanced versions such as Fdcv are currently some of the worst threats a computer system can ever face. They can infiltrate a system secretly, without the knowledge of the users and immediately start a file-encrypting process in the background. After all the targeted files are encoded, a scary ransom notification appears on the victim’s screen and reveals the consequences of the attack. It is at this point that the users usually find out that their computer has been compromised and their images, documents, archives, and other system records have been rendered inaccessible. They also find out that, to regain their access, they are expected to pay a fixed amount of money to some anonymous hackers. The money serve as a ransom for a decryption key which is kept by the crooks.

The Fdcv file encryption

The Fdcv file encryption is a secret file-encoding process that happens in the background of the system. The most problematic aspect about the Fdcv file encryption process is that it can rarely be detected by an anti-virus program and can run unnoticed until it encodes all the targeted files.

fdcv file
The .fdcv file virus

If you were unfortunate enough to have your files encrypted by Fdcv , we strongly recommend that you explore the removal guide on this page. It contains instructions on how to remove the Ransomware, as well as some suggestions on how to potentially recover some of your files without paying a ransom. Sending your money to some online crooks isn’t an advisable course of action because you can never be sure that they will send you the decryption key they promise. Moreover, even if you obtain such a key, there is no guarantee that it will successfully reverse the applied encryption. That’s why we encourage you to give a try to some free file-recovery methods or even better – remove the malware and connect your personal backup sources (if you have any) to the computer.



Detection Tool

*Fdcv is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Fdcv Ransomware


Please add this page to your favorite bookmarks as a first step. This will ensure that you do not have to waste time looking for the Fdcv removal instructions each time your computer needs to be restarted. In addition, before continuing on to the next step, it is a good idea that you do a restart of your computer in Safe Mode by following the instructions that are given in the link. When you restart the operating system to Safe Mode, it will only allow the most essential processes and applications to run, which will make it much simpler to see anything that is acting in an abnormal manner.



*Fdcv is a variant of Stop/DJVU. Source of claim SH can remove it.

Next, pressing CTRL+SHIFT+ESC on your keyboard will open the Task Manager for you. After it has been opened, go to the Processes tab to search for any strange-looking processes that could be active on your computer at the moment. If any of these processes seems to be using an abnormally large amount of CPU and RAM resources for no apparent reason, right-click on each of them, and from the options that appear in the context menu, select Open File Location. This will provide you the ability to see the files that are associated with that particular process.


Make use of the free online virus scanner that is provided below in order to look for malicious code included inside the files that are related with the process that looks questionable. To begin the process of scanning, just drag and drop the contents of the File Location folder of the suspicious process into the scanner box. 

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After the scanning procedure is finished, you will need to carefully delete any files that have been flagged as harmful. Before deleting the files, however, it is important that you end the dubious process that is running. To do that, in the Task Manager, right-click on the process you want to end, and then select End Process from the quick menu.



    In the third step, you need to enter the command msconfig in the Windows search bar, and then open the System Configuration menu by hitting the Enter key. Check the tab that is titled “Startup” to see whether it includes any startup items that are connected with Fdcv .


    If your online research uncovers sufficient information that causes you to assume that certain startup items may be related to the ransomware, you should deactivate them by removing the checkbox from the box next to their name.

    The next step that we strongly recommend you to do is to open the Hosts file and check it for changes. This can be done by simultaneously hitting the Win key and the R key, and after that, you should paste the following code in the Run box:

    notepad %windir%/system32/Drivers/etc/hosts

    After opening the file by selecting the OK button, look for the word “Localhost” inside the content of the file. Please let us know in the comments if there are any IP addresses that do not seem to be safe, as shown in the image below. This will allow us to do more investigation into the situation and get back to you with any necessary next steps.

    hosts_opt (1)


    *Fdcv is a variant of Stop/DJVU. Source of claim SH can remove it.

    In the next step, you need to launch the Registry Editor, conduct a search for possibly hazardous files linked with the threat, and then remove those files. This is one of the most important things you need to do if you want to get rid of Fdcv completely from your computer. You may do this by heading to the Windows search bar, typing “Regedit”, and then pressing the “Enter” button on your keyboard. When you launch the Registry Editor, press and hold the Ctrl key as well as the F key at the same time to open the Find box that is located inside the editor. You will need to type the name of the ransomware in the Find box and begin the process of searching for files and folders that are related with the virus by clicking the button that is labeled Find Next.

    It is necessary to use great care while removing search results that are linked to the malware because it is possible that the registry contains additional files related to the threat. For this reason, after you have deleted the files that were found in the initial search results, you should perform a second search to ensure that there are no more files with the same name. If you are unable to find any additional files with the same name, the threat has been eliminated.

    Attention! Always use great care before removing any registry files from your computer that are related with the ransomware to prevent the computer’s operating system, as well as any software that has been installed on it, from being corrupted. Keep in mind that the ransomware may resurface on your computer if you do not thoroughly erase all the registry entries that are related with the attack. For this reason, it is highly recommended that you use an anti-virus application to scan your computer and remove any unwanted software or malicious registry entries that may have been installed on it. 

    In addition, we suggest that you check the following five system locations  to ensure that their contents do not contain any items that might be potentially hazardous. This can be done by typing each one in the Windows search bar, and then pressing the Enter key on your keyboard.

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Carry out an exhaustive review of the contents of each of these folders, and then delete any files that look dangerous and that may have been added to them lately. You may also want to delete all the files that are in the Temp folder on your computer. To do this, select the files, and then hit the Del key on your keyboard.



    How to Decrypt Fdcv files

    The first step in recovering access to any data that may have been encrypted as a consequence of the attack is to remove any ransomware that may have been present in the computer system that was compromised. That’s why, do not skip the previous four steps of the guide and make sure that Fdcv has been successfully removed. After you have eliminated all signs of viruses and ransomware from your computer, the next step is to begin exploring the different techniques of file recovery that are accessible to you.

    When it comes to file-recovery, there are some methods that are available for decrypting data that has been encrypted by ransomware. However, the method that is utilized to decrypt the data may be different, based on the variant of ransomware that has infected your computer. You will be able to figure out the variant of ransomware that you are dealing with if you take a look at the file extensions that are being added to the end of the files that have been encrypted.

    New Djvu Ransomware

    STOP Djvu ransomware, is a new addition of the Djvu ransomware family that has recently attracted the attention of security experts with its worldwide attacks. This particular variant of ransomware targets different files, encrypts them, and then appends the extension .Fdcv to the end of each one. The good news is that it may be possible, in some circumstances, to regain access to the encrypted data that had been lost. We recommend that you use an offline key decryptor, such as the one that is provided at the URL below, in order to decrypt any data that has been encrypted by the ransomware that you have been infected with. This may allow you to recover any files that have been locked by the cybercriminals who are holding them for ransom.


    To do that, go to the URL linked above and download the STOPDjvu.exe application. Next, on the file, choose “Run as Administrator”. Finally, when prompted, click “Yes” from the confirmation popup that opens. You will be able to start the process of decrypting the data after you have completed reading the license agreement, as well as any other short instructions that were included with it. Please bear in mind that there is a possibility that this application may not be able to decode files that have been encrypted with unknown offline key or using online encryption.

    If you run into problems while completing any of the steps in the guide, or if you are unable to deal with Fdcv manually, you should eliminate the ransomware by using the anti-virus software that is linked to on this page.  You should also do a manual check of any potentially malicious files on your computer by using the free online virus scanner from the link.


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1