Oilas Virus


Oilas is a malware program of the infamous ransomware cryptovirus family. As such, Oilas encrypts specific files types and uses them as leverage in order to blackmail users for money.

Oilas Ransom Note
The Oilas file virus ransom note

The most likely reason you are on this page is a malicious software program known under the name of Oilas. If it has recently snuck inside your computer, it has likely already managed to place an advanced encryption code on most or all of your personal files, thereby making them inaccessible to you regardless of what software you may have tried using in order to open them. This can be particularly unpleasant and problematic if some of the locked files are related to your work or education or if they have sentimental value to you.

The Oilas virus

The goal of the Oilas virus is to blackmail its victims using the locked files and the access code to them as leverage. The victim of the Oilas virus is told in a ransom note that a certain sum of money needs to be sent to a provided crypto-wallet address or else the files will never again be accessible.

Should the user give in to the blackmailer’s demands and make the payment, they would supposedly receive a unique key that can unlock all of the files that have been sealed by the malware. There, however, is an obvious problem with this potential course of action if the user decides to go for it – there is no guarantee that the said key for decrypting the locked files will really be sent to the victim of Oilas and Towz.

And, of course, once you send the money to the blackmailing criminal, that money is gone regardless of whether you receive the means of recovering your files. Therefore, it is normally a good idea to try some other possible ways of handling this predicament without necessarily paying the ransom. One such suggested potential solution is the one that you will see explained in the removal guide for Oilas down below.

The Oilas file encryption

Sadly, there is simply no surefire solution or method that will guarantee the recovery of your data from the Oilas file encryption. As mentioned, not even making the payment can guarantee the reversal of the Oilas file encryption.

Unfortunately, in this regard, the situation is similar with the recovery steps we’ve offered you inside the file restoration section of our guide. We cannot promise that following the steps there will always result in your files being recovered. However, if you go for the guide as the course of action of your choice, you should at least be able to get rid of the malware and clean your computer of the infection. This is really important with regards to the safety of any new files you may create or download onto your PC in the future. Besides, the guide we’ve offered you will also not involve sending a significant amount of money to some anonymous cyber crooks that may never really keep their promise of sending you back a decryption key.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
SymptomsThere are not many symptoms you may expect – usually, the only thing that could potentially indicate a ransomware attack would be an increase in the amounts of RAM, CPU time and hard drive space that is being used on the computer.
Distribution MethodThere are all kinds of distribution methods – spam, pirated programs and games, malicious ads coming from unreliable sites and many more.
Data Recovery ToolNot Available
Detection Tool

Remove Oilas Ransomware


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.



    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    hosts_opt (1)


    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:



    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!



    How to Decrypt Oilas files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1