Remove Sobig Virus Ransomware (+File Recovery) March 2019 Update

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

How irritating is this problem? (7 votes, average: 5.00)

This page aims to help you remove Sobig Virus Ransomware for free. Our instructions also cover how any Sobig file can be recovered.

While most forms of computer malware target the overall “health” of your computer system and the data on it, the malware category that we are going to be focusing throughout the next lines targets the access to your most important and valuable pieces of data which you keep on your computer’s HDD. Sobig Virus is the main reason we are writing this post – this is a new representative of the Ransomware cryptovirus category. Similarly to the rest of its virus family, this insidious malware program seeks to lock-up the users’ files once it manages to infect the targeted computer. In order to render the personal data of its victims inaccessible, the nasty program uses an encryption process to seal the files. Once the encryption has been placed on the targeted files, the only way to open them again is through the use of a unique decryption key that Sobig itself generates after it finishes with the encryption process. Naturally, the key would only be available to the hackers behind the malware and they would ask their victims to pay a certain amount of money if the latter want to receive the key. However, here is where we must warn you that it is typically not a good idea to give in to the demands of the hackers and send them your money because this will not guarantee the restoration of your files. After all, who is to say that the hackers won’t decide to further blackmail you for more money or that they won’t simply refuse to send you the key even after you have carried out the ransom transaction. There are just no guarantees here and since not only your files, but also your money would be at stake, we’d advise you to look for a more sensible and less risky alternative. One such alternative option is what we have tried to provide you with in the following removal guide for the Sobig cryptovirus. In it, you can find instructions on how to remove the infection from your machine as well as a separate section with some data recovery suggestions. And while we can’t promise you that your files will be restored after you complete the guide, we still strongly the use of our guide or the use of other alternatives to the ransom payment.

More essential information about Ransomware

The nasty threats of the Ransomware category are well-known for their stealthiness and for how difficult it is to detect them on time. There are, of course, many factors such as the number and the size of the files in your PC, the amount of RAM your machine has, the power of your CPU and so on that determine how long the encryption process would take to be completed – it could happen in a matter of moments or it could take hours. Generally, the longer it takes, the better, since that would give you a higher chance of spotting the malware’s activity and intercepting it before it has finished with the encryption of your data. However, the problem is that even if the encryption takes an extended period of time to be completed, it could be rather unlikely for you to notice it. Some symptoms you might encounter are increased use of system resources like CPU time, RAM memory and hard-disk space but on a more powerful machine the difference might not be that big and you might not be able to notice anything suspicious. The same applies to your antivirus program – since Sobig Virus won’t really damage anything per se and would only use encryption on your files (an inherently harmless process), even your security program might fail to spot the infection with a cryptovirus and its activities on your computer. This is why, it’s simply best if you never again allow any Ransomware to get inside your computer.

Preventing future Ransomware attacks

Every user should know that if they want to keep their files and computer systems safe, they need to avoid web locations and online content that might put their machines in danger. Such could be the spam e-mails you might receive or the shady ads you might come across on the Internet. Pirated programs and illegally distributed software can also come with nasty viruses like Sobig. Also, if you have some other hazardous piece of software inside your system like, for example a Trojan Horse, it might also make your computer exposed to Ransomware threats. Make sure to avoid all of these as well as any other suspicious and fishy-looking forms of content you might come across and also remember to regularly backup any important files that you might have on your system and place their backup copies on external drives and devices or store them online using a cloud service.


Name Sobig
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms The only symptoms you can expect are increased RAM and processor use during the encryption of the targeted files.
Distribution Method Anything could be a Ransomware source – a spam message, a fake ad, a pirated program download and so on.
Data Recovery Tool Currently Unavailable
Detection Tool

Remove Sobig Virus Ransomware


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Sobig files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Leave a Comment