Gatq Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Gatq is a variant of Stop/DJVU. Source of claim SH can remove it.


Gatq is a malware virus that is used by its creators to lock the files of the attacked users and to blackmail them for a ransom payment. Gatq belongs to the Ransomware type of viruses and it uses file encryption to lock its victim’s files.

The Gatq ransomware will leave a _readme.txt file with instructions

If your files have been struck by this threat, you are probably no longer able to open them through any software you may have on your computer. The encryption that this type of viruses uses is very advanced and usually the only way to open an encrypted file is to apply a special decryption key that corresponds to the unique encryption code used to seal the files on the computer. The goal of the hackers behind this Ransomware is to force you to pay a set amount of money in order to receive this key. If you refuse to pay, the key will never be sent to you and you will never be able to regain access to your files, or so the blackmailers say in a ransom-demanding note that gets displayed on the infected computer’s screen.

The Gatq virus

The Gatq virus is a form of file-targeting computer virus that is able to make its victim’s data inaccessible. The files locked by the Gatq virus can only be accessed after the victim pays a ransom to receive the decryption key.

The Gatq virus will encrypt your files

Many users who are faced with an attack from a Ransomware threat like Gatq, Gapo, Gaze consider the ransom payment as their only viable option. If the files locked by the threat are objectively or subjectively worth more than the sum required for their release and if you have the demanded ransom money readily available and can afford to send it to the hackers, paying seems like the logical course of action. Well, even though going for the ransom payment may get your files back in some cases, you must not forget that the hackers behind the Ransomware may simply lie to you and never really provide you with a decryption key. In such a case, you would be left with no way of opening your files and you would have also lost a significant amount of money in vain. That is why it is almost always a much better option to seek some alternative options that do not involve interacting with the blackmailers in any way.

The Gatq file extension

The Gatq file extension is a unique string of symbols that gets appended to the file names of the encrypted files. The Gatq file extension doesn’t belong to any regular file format so none of your programs could read it.

The extension is partially what makes the affected files inaccessible and you cannot remove it manually. The only way to make it go away is to decrypt the files. However, without the needed key, you may not be able to do so and we already pointed out why paying for the said key isn’t a very advisable option. However, in our guide below, you will find out how to remove the virus and how to possibly bring some of your data using alternative means, so we advise you to check the guide out and try to follow its steps.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
Data Recovery ToolNot Available
Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Gatq is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Gatq Ransomware


In the steps that follow, you will need to restart your computer. That’s why it’s a good idea to bookmark this removal guide so that you don’t lose it the next time your computer reboots.

Use this link with instructions on how to restart your computer in Safe Mode so that only the most essential processes and applications are running, and then follow the rest of the instructions on this page.

After you do that and the computer restarts, go to the Windows Search bar, type msconfig, then press Enter. Then select “Startup” from the top tabs:


If Gatq has added any potentially harmful startup items to the list, make sure to uncheck them and then click OK to save your modifications. What this action does is, disable startup entries that are associated with the virus.



*Gatq is a variant of Stop/DJVU. Source of claim SH can remove it.

In the second step, you need to start the Task Manager (CTRL + SHIFT + ESC) and check the Processes Tab to see whether any malicious processes have been launched by the ransomware.

Right-clicking on a suspicious process will open a quick menu from where you can open the process’s file location. You’ll be able to see the files that were created for that process in there:


Use the free virus scanner provided below to check the files for malicious code.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If an infected file is indicated in the scan results, you need to immediately stop the running process (Right-click on it>>>End Process) and delete the malicious file from the File Location.


    Use the Start Key and R simultaneously, and open a Run window. In that window, paste the following line into the text field and press OK:

    notepad %windir%/system32/Drivers/etc/hosts

    This will immediately open the Hosts file in Notepad. Locate the phrase “Localhost” by swiping down the text. Once you find it, check for malicious IP addresses like those in the sample image below, and if you identify any, let us know in the comments at the end of this page.

    hosts_opt (1)


    Ransomware can leave hazardous entries in the registry of the system, and detecting and removing them is the most difficult aspect of the Gatq removal.

    Note: Unless you are an experienced user, please use a professional removal application (such as the one recommended on this page) to delete potentially harmful files from your computer. Editing the Registry manually hides a risk for system corruption.

    If you are confident that you can handle Gatq manually, then typing Regedit in the Windows search bar will open the Registry Editor on your screen.

    Once you click on its window, press CTRL and F at the same time and type the name of the ransomware into the Find box. Then search in the Registry for any entries with that name, and carefully delete those that you are sure belong to the infection.

    After you clean the registry and close the Editor, it’s a good idea to check  a few other places on your computer. To do that, simply type each of the lines below in the Windows search bar and search for files and sub-folders that were created around the time the ransomware infection occurred:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Be sure to empty the Temp folder and look through all the other directories for any suspicious files or subfolders that need to be removed.


    How to Decrypt Gatq files

    In order to recover from a ransomware attack, great consideration must be given to the ransomware variant that has infected you and the methods that are needed to remove it from your computer. The extensions that the ransomware adds to the files it encrypts can be used to identify a specific variant. 

    Once you correctly identify the ransomware variant, you need to make sure that you remove the infection completely from your machine. There are several ways to remove Gatq from your computer, including using the manual steps provided in this guide, using a professional removal tool or and using an online virus scanner that can check specific suspicious-looking files.

    New Djvu Ransomware

    The newest variant of the Djvu Ransomware is called STOP Djvu and this threat targets users all around the world. The files encrypted with that variant typically have the .Gatq suffix attached to them after the attack. 

    Data encrypted with this new variant may be difficult to decode, but if an offline key has been used for the encryption, there is still chance for decoding. A decryption program exists as well, which you can use to try and recover your encoded data. Open the link below in your browser and click the Download button to get the decryptor on your computer.

    The process of decryption

    Make sure you run the decryptor file as administrator and click Yes to open it. Before continuing, take a few moments to read the license agreement and the instructions displayed on the screen. Next, click the Decrypt button in order to decrypt your information. Consider that the tool may not be able to decrypt data encrypted using unknown offline keys or online encryption.


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1