Matrix Ransomware Removal (+.itlock File Recovery) March 2019 Update

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Matrix Ransomware for free. Our instructions also cover how any .itlock file can be recovered.

As the time passes and the technologies improve, so does the ability of cyber-criminals to hack them. The war against cyber-crime is an ongoing one and the end is nowhere near to be seen. This is the reason why each of our readers needs to be equipped with the latest information regarding the newest and most dangerous software viruses that are ravaging the internet. One such newly created virus is the so-called Matrix Ransomware. This one falls under the category of Ransomware – a type of malicious programs that use encryption to lock their victims’ files and then blackmail them for a ransom payment if the user is to regain access to their data. Currently, this is one of the most threatening and problematic online threats and so far there isn’t a universally effective method to deal with Ransomware viruses. Here, we can give you a possible way of removing the virus and restoring your access to the files without the need to pay anything to the hackers, but keep in mind that we cannot guarantee the success of this method for all possible instances of Ransomware infection. Still, we consider this to be a much better option in comparison to actually agreeing to the terms of the cyber-criminal.

What makes a Ransomware virus so dangerous?

As we already mentioned in the introduction, Matrix does not actually try to damage your PC or files. Instead, it just locks them, making them inaccessible to anyone, who does not have possession of the decryption key. This is important, because it is the main reason why Ransomware viruses are such a major issue. Due to the unique approach of the virus, most security programs are not capable of detecting it. What we mean by “unique approach” is that the method used to lock your files (encryption) is actually not harmful on its own. In fact, is is very widely used for data protection. This is why most antiviruses would allow an encryption process to finish without intercepting it. By exploiting this, hackers are able to lock all personal user files once the Ransomware is on their PC without the virus being detected and prevented from completing its task.

Potential symptoms displayed by Matrix

In order to have a chance at spotting a Ransomware infection, you must be very vigilant and observant so that you can potentially notice its symptoms. Know that oftentimes it is very difficult to actually detect the virus attack but it is still helpful if you know what to look out for. Before we tell you what the symptoms are, you must get a general idea of how a Ransomware encryption works. First of all, the locked files that you end up with are not actually your original ones. Instead, they are identical (but encrypted) copies of the originals that have been created by the virus during the encryption process. However, after the copies are made, the original files get deleted and you are left only with the encrypted ones. All of this requires significant amounts of PC resources. That is why, during the encryption period, you might notice increased CPU and RAM usage (in other words, CPU/RAM spikes) and a decrease in your free hard-drive space because of the copies that have been made. If you manage to notice those symptoms and you think that there is a Ransomware on your PC, make sure to shut down your machine immediately and then have it examined by a professional. That way, you stand a chance of saving some of your data from being locked by Matrix.

You must stay safe!

Bear in mind that Ransomware viruses are only getting worse as the time passes and so far there has not been an universal method for dealing with them. As we said, you can use our guide and it can potentially help you but, as we mentioned, there are no guarantees when it comes to this particular type of viruses. That is why you must ensure that your machine stays safe from now on by remembering and utilizing the next security tips that we will now give you:

  • Since spam emails and online messages are commonly used for spreading malicious and unwanted software, be extremely cautious when checking your inbox – do not click on any links or download any file attachments if you are not absolutely certain that they are safe.
  • It is always a good idea to have a good antivirus tool at your disposal. Reliable security software will keep your PC safe from Trojans that are oftentimes used for infecting the computers of users with Ransomware.
  • Being careful and using your common sense when surfing the internet is a must if you are to keep your machine protected from harmful malware.
  • Do not underestimate the importance of having a backup of your important files. When it comes to dealing with Ransomware, this is one of the best ways to counteract the virus since it would basically nullify its effect.



Name Matrix
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms If a Ransomware virus is currently trying to encrypt your data, symptoms like CPU and RAM spikes as well as a decrease in your hard-drive space can be noticed.
Distribution Method The preferred techniques for spreading Ransomware are all sorts of malicious Internet spam, illegal and sketchy websites and also Trojan horse viruses or some other malware used as a backdoor. 
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Matrix Ransomware Removal


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Matrix files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!

1 Comment

  • we advise you to visit our How To Decrypt Ransowmare article – there you can find instructions on how you can potentially ulnock or restore data that has been encrypted by Ransoware viruses.

Leave a Comment