Removal Guide

Remove [email protected] Virus and Restore Encrypted Files

Parasite may reinstall itself multiple times if you don't delete its core files. We recommend downloading SpyHunter to scan for malicious programs installed with it. This may save you hours and cut down your time to about 15 minutes. 

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

If your computer has been infected by the [email protected] Virus (or simply hairullah virus) you are definitely in a tight spot and the goal of this article is to help you get out of it – preferably without loosing a good chunk of your wallet in the process.

[email protected] Virus is classified as a Ransomware virus and is among one of the nastiest things you can have on your computer. Its origins can be traced back in time through a long line of viruses. Two of the most well known among the line are TeslaCrypt and CryptLocker. In fact little has changed during the years – these viruses still follow the order of operations set by its predecessors.

When [email protected] Virus first infects your computer it lies dormant and begins a scan on all of your hard drives. It is actually selecting the files it is going to target in the next phase – and it is a wide selection indeed. Anything that is useful to you and not related to the functioning of programs will be targeted – pictures, movies, documents, archives… it’s a long list that includes everything you might consider useful. Once [email protected] Virus has categorized these files it begins encrypting them – a process that turns the files into a random jumble of unreadable data with the help of a code. Once the process of encryption is done the original files are deleted and only the encrypted copy remains – and it is completely unusable unless you come in possession of the encryption key/code used during the process. This is exactly what the hackers will try to blackmail you into buying. Once [email protected] Virus is done encrypting everything it will present itself to you and demand payment – and it will also set a deadline to put pressure on you.

Should you pay?

The short answer is NEVER, at least until you explore every other option available.

You are dealing with criminals and hackers here – paying them anything will just encourage them to improve their technique. Also since they are criminals anyway they are in no way obliged to keep up their part of the deal – it’s not like they have a reputation to defend or they can be brought to court if they don’t give you the code despite paying or if their system is faulty and the files are recoverable anyway. Only ever consider paying if you’ve exhausted all other options (keep reading for those) and they didn’t work – and you also can’t possibly live without these files.

Brute forcing the encrypted files is practically impossible of course, but if the virus is likely also claiming that tampering with the encrypted files will make them unusable even if you pay for the key – and that is a total lie. This can only happen if you outright delete the encrypted files or change their file extension – and you won’t be doing that.

Instead of decrypting the files we’ll try to recover the deleted original files before them. For that we’ll be using specialized software in addition to the shadow file copies of the originals. The bigger your hard disk is, the faster you responded to the threat and the more empty space you had before [email protected] Virus the better are your chances of recovering everything. Of course this system is not perfect – it may or may not be able to recover all the data fully, but it sure as hell beats paying a few hundred dollars to hackers.

You need to deal with the virus itself first

But all of this concerns recovering your files. Before you are able to recover anything you need to deal with the virus itself first – otherwise anything we recover will be immediately encrypted again. The safest and best option overall is to use a good quality anti-malware solution. Look for our recommendation above. Not only will it get rid of [email protected] Virus, but it will also search for whatever other virus installed [email protected] Virus in the first place. Ransomware viruses are rarely installed directly – they are often “dropped” by other unwanted applications and if you have been seeing a lot of Ads lately this is likely the case.

If you are strapped for cash or generally prefer the “The do it yourself approach” then keep on reading.

Remove [email protected] Virus

STEP 1: [email protected] Virus Removal

For Windows 98, XP, Millenium and 7 Users:

Restart your computer. To be sure you don’t miss the time when you need to press it, just spam F8 as soon as the PC starts booting. In the new menu, choose Safe Mode With Networking.

Proceed to Step 2.

For W. 8 and 8.1 Users:

Click the Start button ,then Control Panel —> System and Security —> Administrative Tools —> System Configuration.Administrator permission required


Then check the Safe Boot option and click OK.  Click  Restart in the new pop-up.

Proceed to Step 2.

For Windows 10 Users:

  1. Open the Start menu.
  2. Click the power button icon in the right corner of the new Start menu to show the power options menu.
  3. Press and hold down the SHIFT key on the keyboard and click the Restart option while still holding down the SHIFT key.

Windows 10 will perform the reboot. Next do the following:

Click the Troubleshoot icon, then Advanced options —> Startup Settings. Click Restart.
After the reboot click on Enter Safe Mode With Networking (Fifth Option).


Continue with Step 2.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

There are several ways to get rid of [email protected] Virus. Unfortunately, it is quite hard to make a proper removal guide for this locker, because the directories [email protected] Virus installs itself in change with each iteration. However we can help you with the following:

  1. Type regedit in the Windows Search Field. Search for the ransomware  (try typing its name) in your registries and delete anything with that name. But be extremely careful – if you delete the wrong thing here, you can permanently damage your system.
  2. Type %temp% in the Windows Search Field and delete all the files in the folder you are transported to.

Hopefully these two things can remove the virus for you. However if it does not, your only solution is likely to employ a professional [email protected] VirusX remover.

STEP 3: How to Decrypt files infected with [email protected] Virus

There is only one known way to remove this virus successfully, barring actually giving in the to the demands of the people who created the virus – reversing your files to a time when they were not infected.

There are two options you have for this:

The first is to do a full system restore. This can take care of the file extension for you completely. To do this just type System Restore in the windows search field and choose a restore point. Click Next until done.

system restore_opt

Your second option is a program called Shadow Volume Copies.

Open the Shadow Explorer part of the package and choose the Drive (C or D usually) you want to restore information from. Right click on any file you want to restore and click Export on it.

Did we help you? Please, consider helping us by spreading the word!


Leave a Comment