Intrum Justitia Virus Removal

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Intrum Justitia Virus. These Intrum Justitia Virus removal instructions work for all versions of Windows.

If you have seen a message appear on your screen, telling you that some of your files have been coded and you cannot access them any longer and also offering you to pay in exchange for regaining access to those files – you’ve been infected by Intrum Justitia Virus. Not to alarm you, but this is among the most dreadful pieces of malware that could have entered your system. It belongs to the type of programs known as ransomware, because it demands ransom for the encryption key you need to get your files back.

What started out as a Russian phenomenon back in the nineties, Intrum Justitia Virus and others like it have gained baffling popularity since then and have expanded to the rest of the world. Main reason for this: Bitcoins. Yes, the famous (or infamous) crypto-currency, which has been discussed and speculated about far and wide, just so happens to be nigh untraceable. Convenient, isn’t it? Cyber-criminals tend to think so as well, which is why their majority work with this monetary form and thus ensure they can’t be tracked down by the authorities.

So now what?

Well, below we’ve put together detailed instructions as to removing Intrum Justitia Virus and (because that alone will not restore your files) decrypting the encoded data. But first we’d like to give you a little more insight, so you can better understand the mechanisms by which Intrum Justitia Virus and other ransomware operates. This knowledge will allow you to better protect yourself in the future from having to deal with problems like these.

To begin with, let us go over the primary issue at hand: how Intrum Justitia Virus came to be on your computer. Most times, it will have been distributed via email. You probably received a message from some unknown, peculiar-looking sender with an attached file in it, or it may have included a link to some website. Regardless which of the two it was, by opening either one of them, you will have allowed the Trojan horse virus (which was packaged in there) to download Intrum Justitia Virus onto your PC. Naturally, your consent wasn’t requested. Furthermore, you probably would have had no idea what was happening and that is the reason why Intrum Justitia Virus is so notoriously dangerous – you can hardly ever detect it. Unless, that is, you have a large amount of files and/or you’re processor isn’t exactly the fastest one out there. Then you might notice some substantial slacking in your computer’s performance, which should already raise questions on your side. The proper thing to do here would be to check your Task Manager for the processes using the most memory. If among them you notice something unfamiliar and alarming – shut down your computer at once and seek professional help.

How to proceed

In most cases the encryption process goes unnoticed and it will only be made known to you, once it’s been complete and you see the above mentioned message. Which is also probably why you’re here. It’s possible that the ransom demand frightened you into believing that you should pay the money as soon as possible, or you’ll risk permanently losing your files. Consider this: if you pay these hackers, they might send you the encryption key. They might not. Who’s to make them? If they do send it, they most certainly aren’t going to help you out, when it turns out that there was some sort of flaw and not all files were decrypted. Not to mention that by giving them money, you will be encouraging these dishonest brainiacs to continue breaking into more people’s computers and violating their property.

We recommend you try dealing with this issue with the help of this guide first, before attempting to get into contact with the hackers. If nothing else, it will not harm your files and won’t cost you money. The choice is always up to you.

 By the very least we would like you to be protected from future threats, so we’ve also put together some very basic and simple tips that will ensure a safer browsing experience.

  • Be extremely cautious when opening emails from unknown sources, especially if those include attachments and/or links;
  • Stay away from potentially risky websites, which may have viruses lurking on them;
  • Avoid downloading content from untrusted websites;
  • Always, at all times, have a proven antivirus program functioning;
  • Run virus checks regularly.


Name Intrum Justitia Virus (CTB Locker)
Type Ransomware
Danger Level High (Very dangerous virus and highly difficult to detect; may lead to potential inability of accessing certain files).
Symptoms Loss of access to some of the files stored on your PC. Message will appear on screen demanding ransom for encryption key.
Distribution Method In most cases, via email. Virus is downloaded with the help of Trojan horse virus, which might be sent as an attached file.
Detection Tool Intrum Justitia Virus may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove Intrum Justitia Virus

Readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Intrum Justitia Virus may have hidden some of its files.

Hold the Start Key and R – copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with Intrum Justitia Virus

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”


If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment