Nuis Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Nuis is a variant of Stop/DJVU. Source of claim SH can remove

Nuis

Nuis is a very malicious file-encrypting Ransomware infection that blackmails web users in return for recovery of access to their personal files. The Nuis infection takes hostage of digital documents, databases, archives, images, audio and video files and other commonly used information.

Nuis File

If you have been denied access to your personal records, photographs and other valuable data that you store on your PC and you have been asked to pay some money to regain access to it through a scary ransom note, then you have probably become a victim of Nuis, Weui, Lisp or another ransomware. The good news is that on this page you will find a guide with instructions on how to remove the infection and some free suggestions on how to possibly recover your encrypted files without paying a ransom.

The Nuis virus

The Nuis virus is an infection which seeks to encrypt user files with the intentions to ask a ransom for them. The victims of the Nuis virus get notified about the attack after their files become inaccessible and a ransom-demanding message gets shown on their screen.

nobu virus
The Nobu virus will leave a ransom note with instructions

The blackmail scheme that ransomware infections like this one are using has developed into a lucrative money-extortion model for numerous hacking organisations, and every day new and more sophisticated threats of this kind emerge. Victims are typically allowed to get their encrypted documents back if they pay a certain amount of money for a decryption key. Sadly there is no assurance that if they fulfill the ransom demands they will obtain one. This is the reason why most security experts don’t advise users to go for the ransom payment and encourage them to remove the ransomware and explore alternative file-recovery solutions like those in the removal guide below.

One of the most challenging aspects about dealing with ransomware and preventing it has to do with the fact that it can remain under the radar of most antivirus programs. This means that the malware can silently complete its agenda in the background of the system without being interrupted and the victims will come to know about the attack only after it is too late.  

As soon as the malware sneaks into the targeted device, it immediately detects the files that the user is using the most and encrypts them without noticeable signs that may indicate what is happening. Just when the whole encryption process is complete does the cryptovirus expose itself. In general, the hackers do their best to scare the victim that if they don’t’ pay the required ransom they will never access the encrypted files again. They place a ransom note on the screen of the infected computer, replace the desktop background with it and put it in a folder containing encrypted files just to make the victim pay as quickly as possible.

The Nuis file encryption

The Nuis file encryption is a special piece of code that when applied makes your files inaccessible. The reversal of the Nuis file encryption can be very difficult and a special decryption key is usually needed to achieve it.

Nonetheless, since there is no assurance that you will receive such a decryption key from the hackers behind Nuis, we suggest that you first explore the free methods that can help you remove the ransomware and recover the information that it has encrypted – and we have listed them in the removal guide below.

SUMMARY:

NameNuis
TypeRansomware
Detection Tool

*Nuis is a variant of Stop/DJVU. Source of claim SH can remove

Remove Nuis Ransomware


Step1

One very important thing before you proceed with the removal steps below is to Bookmark this page. You will need to refer back to it, but some of the steps below will require you to quit your browser. That’s why make sure that you click the start icon before you being with the removal process of Nuis.

The other very important thing related to the preparation for the removal of Nuis is to enter your PC in Safe Mode. Safe Mode runs only the basic system processes and will hopefully make the removal of Nuis easier for you.

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

*Nuis is a variant of Stop/DJVU. Source of claim SH can remove

After you have done the preparations described in step 1, use the CTRL + SHIFT + ESC key combination on your keyboard to open the Windows Task Manager.

Once in it, go to the Processes Tab. Try to find processes that could have a relation to Nuis. Keep in mind that the malicious processes may not have the same name as the ransomware. That’s why you have to have a bit of computer knowledge to determine which of the listed processes could be malware-related and which are legitimate. Google the names of the processes that seem suspicious to you and research them.

Once you are sure they are malicious, right-click on each of them and choose Open File Location. 

malware-start-taskbar

Use the scanner below to scan all the files found in that location folder:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    In case that the scanned files get flagged as dangerous by the scanner, go back to the Task Manager’s Process tab, find the processes that are related to these files, right-click on them and choose the End Process Tree option. After you do that, delete the folders that contain the flagged files with all the content in them.

    Step3

     

    When you complete the instructions in step 2, open a Run box on your screen (Start and R key combination) and copy this in the text field:

    notepad %windir%/system32/Drivers/etc/hosts

    Then, click Ok to run it.

    You should see a new simple text file named Hosts on your screen after the command is executed. In the file, pay attention to the Localhost section just as it is shown on the image below:

    hosts_opt (1)

     

    If you see that a lot of IP’s have been found below “Localhost“, this might be an indication that the computer has been hacked and we advise you to write to us in the comments section below this post so we can advise you further.

    Next, open the System Configuration app (you can type its name in the Start Menu search field and open the result). In the window that opens, head to the Startup tab.

    msconfig_opt

     

    Find the Startup Items that could have a relation to Nuis and remove the checkmark from the checkbox that corresponds to them. Also, don’t hesitate to remove the checkmark for any other “Unknown” items, especially those that have an unnamed or questionable Manufacturer.

    Attention! A ransomware like Nuis may use a different name for coverage and may even include a fake Manufacturer name to its process. That’s why don’t forget to check the legitimacy of every single process by googling it.

    Step4

     

    *Nuis is a variant of Stop/DJVU. Source of claim SH can remove

    The Registry Editor is the most important place where you have to seek for Nuis-related entries. To complete this step, open the Registry Editor app (Type Regedit in the search field of your Start menu and open the result)

    When the Registry Editor window opens, use the CTRL and F key combination to open a Find dialog box. In its text field write the name of the ransomware, which in your case is Nuis. After that, click on Find Next to perform the search.

    Delete every result that corresponds to that name. However, be very careful not to delete anything else that is not linked to Nuis, as this may cause serious system corruption.

    After that, go to your Start Menu and type each of the five items below in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Check if there is anything that has been added recently in these locations by filtering the files in them by date.

    When you reach the 5th %Temp% location, delete everything there. If you are not sure what exactly needs to be removed, don’t hesitate to leave us a comment and ask us for help.

    Step5

     

    How to Decrypt Nuis files

    In many cases, it is not enough to remove Nuis to make the files that it has encrypted accessible. That’s why in this final step we have included a link to a decryption tool that is aimed at helping you decrypt some of your files. 

    If you want to decrypt your data, you’ll need to know which variant of ransomware is responsible for the infection. In a hurry? Check the file extensions of the encrypted files for this information.

    New Djvu Ransomware

    STOP Djvu is the most widespread ransomware variant recently. This virus often appends the .Nuis extension to files after encrypting them. Fortunately, a method exists to decode STOP Djvu-encoded files. This method, however, is only successful for files that were encrypted with an offline key. To learn more about decrypting them, check out the resource link below. When you paste it in your browser, you will open a page to a file-decryption tool.

    https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

    To save the STOPDjvu.exe decryptor on your system, just click the “Download” button on the website. Find the file you downloaded, right-click it, and choose “Run as Administrator” to launch the software. If you’ve read the license agreement and the instructions for use, you’re ready to start decrypting your data. Please keep in mind that the decryptor has some limits. It can’t decrypt files that were encrypted with an online algorithm or an offline key that is not in the program’s database.

    Before attempting to recover files from a computer infected with ransomware, the computer must first be cleaned of the infection. You can get rid of Nuis and other infections by using professional anti-virus software, like the one we recommend on our site. If you’re still having trouble, you may use the free online virus scanner to scan any individual file that raises suspicion. 

    Remember that no matter how carefully you follow the steps in this guide, the ransomware may be much more persistent than you are expecting. That’s why if you run into trouble, drop us a comment below this post or use the automatic removal tool recommended above in the article.

     


    About the author

    blank

    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    2 Comments

      • Hi Nag,
        yes there is. Emsisoft offer such recovery tool. You only have to find out what encryption is done to you. If it is Offline ID you can try to recover your files, but if your files are encrypted with Online ID, decryption might be impossible.

    Leave a Comment