RSA-4096 Virus Ransomware Removal (July 2018 Update)

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove the RSA-4096 Virus and its encryption. These RSA-4096 Virus removal instructions work for all versions of Windows. The “all of your files were protected by a strong encryption with rsa-4096” message that accompanies the virus is what gives it its name.

Ransomware viruses are among the nastiest types of threats your computer is exposed to. This particular branch of viruses focus on encrypting the users data and making it unreadable. A payment is demanded for the code needed to recover this data. Ransomware viruses are not new – the first reported samples date back to the nineties, but they have become hugely popular with criminals due to the fact that many people prefer to pay the money instead of finding a safe and free solution.

all of your files were protected by a strong encryption with rsa-4096 Virus

All Of Your Files Were Protected By A Strong Encryption With RSA-4096

Readers have lately been recorded to receive the following when their PC boots, dubbed as the “all of your files were protected by a strong encryption with rsa-4096” message:



What happened to your files ? 
All of your files were protected by a strong encryption with RSA-4096. 
More information about the encryption keys using RSA-4096 can be found here: 

How did this happen ? 
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. 
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. 
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server. 

What do I do ? 
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BTC NOW, and restore your data easy way. 
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. 

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:

If for some reasons the addresses are not available, follow these steps: 
1. Download and install<Removed>
2. After a successful installation, run the browser and wait for initialization. 
3. Type in the address bar:<Removed>
4. Follow the instructions on the site. 

Your personal pages:

On how the RSA-4096 Virus operates

Ransomware viruses are unique in that the consequences from them are not removed once the virus is uninstalled. The most famous and successful viruses of this type were called Cryptowall and Cryptlocker and they managed to earn their creators in what is estimated to be over $10 million in bit coins. It is understandable why these viruses are growing more popular with hackers with every passing day. It is highly likely the “all of your files were protected by a strong encryption with rsa-4096” message is actually one of these two viruses in disguise.

Basically once inside your computer the virus will target all of your data storing files – program related components are not targeted. Affected files are encrypted – a process which uses a predefined key to make the files unreadable to anyone who does not have the key. The files themselves are not changed – the encrypted copy is is an entirely different file from the original, which is deleted.

Paying the ransom asked by the RSA-4096 Virus is a bad idea

The messages spawned by the RSA-4096 Virus may warn you that all of your data will be lost if you attempt to recover it in any other way then paying them the ransom they demand. This is a lie.

The methods described in this guide do not modify the encrypted copies in any way, but they are also not perfect. It may not be possible to recover all of your files, but it is definitely worth trying them before making any hasty decisions. If you have very important files that remain encrypted after our instructions you can always decide to pay the ransom. That is, however, a really bad idea. Remember that these people are criminals and any money they receive will be used to improve their virus and release new copies of it. The recovery system is also automated any should any problem occur you’ll get nothing for your money. These people are in under to obligation to keep up their end of the bargain – you are totally at their mercy.


Name RSA-4096 (this is the encryption model – the actual virus can be one of many things)
Type Ransomware
Danger Level High (Ransomware viruses are among the most dangerous threats you can face)
Symptoms All of your personal data is encrypted and a ransom demand is sent to your via a message on your desktop.
Distribution Method Usually loaded through the help of Trojan Horses, but can also be installed directly from email attachments. SCAN YOUR PC!
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

RSA-4096 Virus Removal


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


This is the most important step. Do not skip it if you want to remove the RSA-4096 Virus successfully!

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt RSA-4096 Virus files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide didn’t help you, download the anti-virus program we recommended or ask us in the comments for guidance!