HELP_DECRYPT Virus Removal

This article was created to assist users with the HELP_DECRYPT Virus removal from their respective systems.

HELP_DECRYPT Virus Removal

What is HELP_DECRYPT Virus and how it came into your computer?

HELP_DECRYPT Virus is a type of Ransomware virus and a successor to the Crypt-o-Wall 3.0 type of Ransomware viruses. As the name of the virus implies it will try to blackmail you for money by keeping your files hostages for ransom.

In essence the first time HELP_DECRYPT Virus installed on your computer it began a process of scanning your files. The files it targets are those most commonly found in your computer and closely related to the things you do – documents, archives, movies, music, pictures etc. It then began to encrypt them – essentially rewriting them into random bits of data using an encryption key. Once a file is done getting encrypted it is assigned an additional file extension composed of random letters. For example a file named Invoice. PDF turns into Invoice. PDF.XNLDZBL This new file is utterly useless – unless you come into the possession of the encryption code and use it to reverse the process. The hackers will “generously” try to sell the code for HELP_DECRYPT Virus for the hefty price of several hundred dollars.

HELP_DECRYPT Virus and many other similar viruses generally propagate through infected email messages. The most common tricks they employ involve sending E-mails that contain some kind of great offer – or a coupon. You are required to download an online form and fill it on order to claim the price and this form is actually the virus. Alternatively they will try to pose as work-related messages that some sometimes also threatening. These emails could be about just about anything, but there is one thing that connects them all – the virus file included will be an Executable file (.exe) or maybe an archive with the .exe inside. The removal of these things is very hard – it’s easier not to fall prey to them than to fix what happened.

NEVER download and run any executable file you receive by E-Mail unless you know the sender and you were expecting the file in question.

DON’T PAY THE THIEVES ANYTHING  – unless these files are absolutely vital for you

The virus wants you to believe that everything is lost and your only option is paying the ransom, but this is of course a lie. In fact even if it wasn’t there is still no good reason to pay the blackmailers simply because you have no guarantee your files will be decrypted. You are dealing with crooks and criminals here and they have no reputation to protect and the authorities are already after them, so they’ll grab whatever money then can.

Repairing the encrypted files without the encryption key is indeed impossible, but that doesn’t mean that all hope is lost. It is still possible to go around the HELP_DECRYPT Virus virus and recover your files, especially if you reacted swiftly and looked for help immediately after noticing the problem.

The workaround involves restoring the files to a state of existence before HELP_DECRYPT Virus ecrypted them. To do that we’ll be using some specialized software in addition to the in-build Windows Restore service,  more details on that can be found in the removal guide below. Note that this method is not totally foul-proof and there is a chance that it might not work or at least some of the files won’t be recovered. Try it first and if you still have some of your files encrypted and they are absolutely vital for you then you can try playing the ransom for HELP_DECRYPT Virus. But remember – no guarantees that you will get your files anyway. The truth is that if you have files worth paying for on your computer it’s also a good idea to buy quality anti-virus and anti-malware software to protect them and have a successful HELP_DECRYPT Virus removal.

HELP_DECRYPT Virus Removal

STEP 1:Cryptowall 3.0 Removal

Before you can successfully get rid of the HELP_DECRYPT Virus file extension you need to remove CryptoWall, because if you fail to do so, the virus may just encrypt your files yet again.

For Windows 98, XP, Millenium and 7 Users:

Restart your computer. To be sure you don’t miss the time when you need to press it, just spam F8 as soon as the PC starts booting. In the new menu, choose Safe Mode With Networking.

Proceed to Step 2.

For W. 8 and 8.1 Users:

Click the Start button ,then Control Panel —> System and Security —> Administrative Tools —> System Configuration.Administrator permission required


Then check the Safe Boot option and click OK.  Click  Restart in the new pop-up.

Proceed to Step 2.

For Windows 10 Users:

  1. Open the Start menu.
  2. Click the power button icon in the right corner of the new Start menu to show the power options menu.
  3. Press and hold down the SHIFT key on the keyboard and click the Restart option while still holding down the SHIFT key.

Windows 10 will perform the reboot. Next do the following:

Click the Troubleshoot icon, then Advanced options —> Startup Settings. Click Restart.
After the reboot click on Enter Safe Mode With Networking (Fifth Option).


Continue with Step 2.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

There are several ways to get rid of CryptoWall. Unfortunately, it is quite hard to make a proper removal guide for this locker, because the directories CryptoWall installs itself in change with each iteration. However we can help you with the following:

  1. Type regedit in the Windows Search Field. Search for CryptoWall or TeslaCrypt in your registries and delete anything with that name. But be extremely careful – if you delete the wrong thing here, you can permanently damage your system.
  2. Type %temp% in the Windows Search Field and delete all the files in the folder you are transported to.

Hopefully these two things can remove the virus for you. However if it does not, your only solution is likely to employ a professional CryptoWall remover.

STEP 3: How to Decrypt files infected with the HELP_DECRYPT Virus

There is only one known way to remove the HELP_DECRYPT Virus successfully, barring actually giving in the to the demands of the people who created Cryptowall 3.0 – reversing your files to a time when they were not infected.

There are two options you have for this:

The first is to do a full system restore. This can take care of the .aaa file extension for you completely. To do this just type System Restore in the windows search field and choose a restore point. Click Next until done.

system restore_opt

Your second option is a program called Shadow Volume Copies.

Open the Shadow Explorer part of the package and choose the Drive (C or D usually) you want to restore information from. Right click on any file you want to restore and click Export on it.

Did we help you? Please, consider helping us by spreading the word!