Piiq Virus


Piiq is a Ransomware cryptovirus that blackmails its victims for their money by encrypting their files and using that as leverage. To make the victims pay, Piiq demands from the users a ransom payment for the private decryption key that will unlock the files.


The Piiq Virus ransom note

To remove Piiq properly, it is important that you understand exactly how this Ransomware operates and what issues it may cause. That’s why, in the paragraphs below, we will try to give you as much information as possible about the features of the infection and the different options you have at the moment.

The Piiq virus

The Piiq virus is a Ransomware infection that encodes user files with a complex algorithm. In this way, the Piiq virus renders the files inaccessible and blackmails the victims for a ransom in order to access them again.

Many security researchers claim this malware is the most problematic and dangerous type of malware a computer user can face. Typically, the contamination with Ransomware happens when the users click on an infected email attachment, a fake ad, a misleading hyperlink, or a fake pop-up message. Sometimes, a Trojan Horse virus that the user may have caught earlier can also help the infection process by acting as a backdoor for the Ransomware.

Once the file-encryption process gets completed and all the target files are inaccessible, Piiq will show a ransom-demanding message on the screen of the infected computer. This is the moment when the victim discovers that they have been contaminated. Sadly, most of the time, the entire file-encryption process can run unnoticed in the background of the system. This gives an advantage to the hackers behind the Ransomware that allows them to surprise their victims with their ransom message and to scare them into paying as soon as possible in order to regain access to their files.

The Piiq file encryption

The Piiq file encryption is a file-encoding process that converts user files into unreadable pieces of data. As soon as the Piiq file encryption process gets completed, a ransom-demanding notification appears on the screen, requesting a fixed amount of money in exchange for a decryption key.

Piiq file

The Piiq file virus ransomware

The Ransomware creators are typically unscrupulous people and the victims can’t be sure that if they pay the required amount they will really get back the access to the encrypted data. Therefore, the last possible course of action one should take is to pay off the requested money to the hackers. Before that, the victims should focus on how to remove the Piiq or Ddsg infection from their computers. This is extremely important if they want to be able to use the machine for the creation of new files in the future or if they want to connect file backup sources. With an active Ransomware in the system, every new file they store there will most likely fall under the same encryption so removing the virus is a must!

The removal of the infection is even more important in case it has been delivered to the system with the help of a Trojan Horse because the presence of this malware can lead to new contamination. That’s why both the Piiq Ransomware and the Trojan Horse that has brought it to the computer it should be deleted as soon as possible. The instructions in the removal guide below will guide you through the process but we also highly recommend you scan your computer with the attached professional removal tool that is linked on this page.



Name Piiq
Type Ransomware
Detection Tool

anti-malware offerOFFER *Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

Before you start Here are a couple of important notes that you must bear in mind before you proceed with the removal steps.
  • The first thing we should point out is that it is preferable if your PC stays disconnected from the Internet while you are completing the steps – this may prevent Piiq from communicating with the server of its creators, and thus help you with the removal process.
  • Next, we strongly recommend that you disconnect any USB flash memory sticks, smartphones, external HDDs, or any other devices that have storage space of their own because the Ransomware may try to lock the data that’s saved on them.
  • Thirdly, before you start the removal of Piiq, you must first decide whether you’d go for the ransom payment (which we do not recommend) or try alternative recovery methods to restore your files. If you decide on the former option, it is better to leave the Ransomware on your PC for the time being – removing Piiq may make it impossible to get the decryption key from the hackers even after you pay them. Of course, after you make the payment, you should still remove the virus.
  • Finally, know that the Ransomware may have already deleted itself from your PC after encrypting your files in order to make the decryption process more difficult. If Piiq seems to have automatically removed itself, then you should directly go to our How to Decrypt Ransomware article, skipping the current guide.
With those considerations in mind, it is now time to begin with the removal steps.

Remove Piiq Ransomware

To remove Piiq, all rogue programs and processes must be eliminated, after which you should revoke the system changes that the virus may have made.

  1. Uninstall anything from the Programs and Features window that you think could be the reason for the Ransomware infection.
  2. Try to single out the virus process in the Task Manager and disable it.
  3. Open the Startup list and the Hosts file and restore them to their regular states, and then visit the System Registry and clean it from Ransomware items.
  4. To remove Piiq, the final thing you ought to do is clean the Temp, AppData, LocalAppData, ProgramData, and WinDir folders from anything placed in them by Piiq.

You can find details about each step down below.

Detailed Guide


Access the Control Panel through the Start Menu and open Programs > Programs and Features. If you find a program that looks like it could have been the one that brought the Ransomware virus to your system, Uninstall it.

Note 1: Look for recently installed programs – it is likely that the program responsible for the malware attack was installed not long before the Piiq virus encrypted your files.

Note 2: Some uninstallation wizards may give you the option to keep in the system personalized settings or other non-essential data related to the program you are in the process of removing. When you are uninstalling a potentially undesirable/malicious program, you should never use those options – everything needs to be deleted.

This image has an empty alt attribute; its file name is uninstall1.jpg



Press from your keyboard [Ctrl] + [Shif] + [Esc] and then click the Processes button from the top of the Task Manager window that opens. You must now identify and quit the Ransomware process (if it is still running).

To make singling out the rogue process, it may help if you sort the list by order of virtual memory or CPU usage, since Ransomware processes usually require a lot of both of those resources. Look at the ones that are consuming the most of your system’s resources, and then pay attention to the names of each process. When/if you find one that looks questionable, write its name in Google, Bing, or another trusted search engine service and see what comes up in the search results. This should usually let you know if you are dealing with a rogue process.

Another helpful thing you can do to find out if the process may be harmful is to right-click on it, open the File Location folder, and scan everything that’s’ in it for malicious code. We strongly recommend using the following online scanner to test the location folder files. No installation s required to use this scanner, and it’s free to use on our site.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    This image has an empty alt attribute; its file name is task-manager1.jpg

    A single file detected as a threat in that folder is enough to confirm that the process is malicious.

    If, whether by looking up the process, scanning its files, or both, you determine that the process is harmful, Quit it and then delete everything in its folder.

    Once the rest of this Piiq removal guide is completed, delete the location folder as well.

    This image has an empty alt attribute; its file name is task-manager2.jpg


    It’s important to prevent Piiq from launching its rogue processes again – to make sure that doesn’t happen, boot your PC into Safe Mode.


    To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

    If you want to avoid the risk, we recommend downloading SpyHunter
    a professional malware removal tool.

    More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

    There are several fodlers where you may find malware data that needs to be deleted. However, you msut first make hidden files and folders visible on your PC. To do that, open the Start Menu, type Folder Options, press Enter, and then select the View section in the next window.

    Find the Show hidden files, folders, and drives setting and enable it and then disable the Hide extensions for known file types and Hide empty drives in the Computer folder options. After that, exit the window by clicking on OK.

    Next, copy the lines shown below, one by one place them in the Start Menu search bar, hitting Enter after each one.

    • %AppData%
    • %LocalAppData%
    • %ProgramData%
    • %WinDir%
    • %Temp%

    When you get to each respective folder, delete all data in it that has a creation/last modification date after the Ransomware’s arrival, and also delete all files and folders located in the Temp folder.


    Now you must clean the Startup items on your PC – to do that, click the Start Menu, type msconfig, and open the app that appears. In it, select the Startup tab and make sure that every unfamiliar item or item with an unknown developer (manufacturer) shown there gets deselected, after which click on OK.

    Next, go to Computer/(C:)/Windows/Syste32/Drivers/Etc and open the file named Hosts. It will ask you to pick a program with which to open it – pick the Notepad app. In the file, copy everything below “Localhost” and send us what you copied in the comments. We will have a look at your comment, and after we determine if the text there has been added by Piiq, we will inform you in a reply to your comment and tell you if it needs to be deleted from the Hosts file.

    This image has an empty alt attribute; its file name is hosts2.jpg


    For this last step, you must go to the system’s Registry and clean it. You can find the Registry Editor in the Start Menu, by typing regedit. Open the app that shows up in the search results (should be regedit.exe) and click on OK when asked if you are sure you want to start the app.

    Next, from the menu labelled Edit, go to Find and use the search bar to look for Piiq items in the Registry. Anything that gets found must be deleted, but remember to repeat the search after each deletion to see if there are any more Piiq items left in the Registry.

    This image has an empty alt attribute; its file name is 1-1.jpg

    Once everything related to Piiq is deleted, check the next locations from the left panel of the Registry Editor for suspicious items.

    • HKEY_CURRENT_USER > Software
    • HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
    • HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main

    By suspicious, we mean any item with a name that looks random and/or too long – something like this “3289rjf983489th420r9uj98grh829rj48et“.

    If the manual steps didn’t help Many Ransomware viruses are helped by Trojans, Rootkits, and other secondary threats, which could be the reason Piiq may be still on your PC. If you haven’t been able to eliminate this Ransomware thus far, we advise you to use a specialized anti-malware tool to fight the malicious program and to delete any additional harmful software that may be helping it. A tool we can recommend for this job is the one linked on the current page – it can help you clean your computer from any threat as well as boost its overall protection against all sorts of malware.

    How to Decrypt Piiq files

    To decrypt Piiq files, you should first the methods that do not involve paying the ransom because otherwise you’d be risking your money. Before you attempt to decrypt Piiq files, however, you must delete all traces of the Ransomware that may still be on your computer.

    One way to ensure that no rogue files are left in the system is to use the free online scanner we have on our site to test for rogue code any files that you deem suspicious. After you’ve ensured that the system is clean, it is time to visit the detailed How to Decrypt Ransomware article that we have here and try the data-restoration methods suggested in it.


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.


      • Hi ismail kahlout,
        I would suggest to you to follow the removal guide on this page. Then determine with what version you are infected. You can be infected with an offline id which files you can decrypt or you can be infected with an Online id
        where decryption is impossible.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1