Tastylock Ransomware Removal ( + .tastylock File Recovery) Jan. 2018 Update

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Tastylock Ransomware for free. Our instructions also cover how any .tastylock file can be recovered.

A dangerous infection with very destructive consequences is the focus of this article. The name of the threat is Tastylock – a Ransomware cryptovirus, which should be avoided at all costs because an infection with it could cause the encryption to all of your files. Unfortunately, the malware can sneak inside your system in a very stealthy way and may take your most valuable and commonly used documents, system files, archives, images, audios, videos and many more files hostage and demand a ransom for their liberation. You basically will be threatened to never open or use any of the affected data unless you fulfill the ransom demands and strictly follow the ransom instructions.

If you landed on this page because you have been attacked, you probably wonder how you could deal with such a nasty Ransomware infection and whether there is a way to remove it. Fortunately, you have found the right place because here, we have prepared a detailed removal guide and a few free file-restoration suggestions you can use. If you follow the instructions, you may eventually manage to remove Tastylock from your computer and overcome its attack with as little losses as possible.

Tastylock Ransomware

How can you catch Tastylock?

Our recent analyses show that Tastylock Ransomware is mainly distributed via harmless-looking email attachments. That’s why you should be extra careful if you receive a spam message prompting you to click on a link or download an attachment. Keep in mind that the hackers often spread Ransomware viruses in a combo with a Trojan horse, which could be camouflaged as a PDF file, .exe file, some archive or attractive looking image or document. Do not click or open files from unknown senders and filter your inbox carefully. Also, it is a good idea to stay away from different ads, pop-ups, misleading links and unfamiliar web pages, since you never know what kind of threat they may be compromised with. 

Tastylock Ransomware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Tastylock files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

The blackmail scheme…

Ransomware cryptoviruses are famous for their complexity and the secret file encryption they use. Therefore, there are very few options, which could help you recover from a file-encrypting Ransomware attack to the fullest. Malware like Tastylock is specially programmed to take your data hostage and keep it inaccessible by converting it into an unreadable algorithm of symbols. The malware may even change the file extensions in order to block any software from recognizing the file type and eventually decrypt it. This is done with one sole purpose – to leave you no other option to access your data than the ransom payment. Tastylock blackmails each and every victim to pay a certain amount of money in exchange for a secret decryption key, which promises to reverse the encryption. It displays a ransom notification on the victim’s screen the moment it completes its malicious file-encoding process and sets a firm deadline, after which it threatens to delete the decryption key, double the ransom or destroy the data. Usually, the hackers, who stand behind the Ransomware, require a payment in Bitcoins or some other cryptocurrency in order to remain anonymous and untraceable by the authorities.

Obviously, all the hackers want is to take your money with the help of a nasty online blackmail scheme. However, paying the ransom should be your last course of action. In fact, no security expert would recommend you do so. Not only is this a direct form of sponsorship of the cyber criminals’ scheme, but it doesn’t guarantee you the recovery of your data. You may never get the mysterious secret decryption key or, in case the criminals send you a code, what is the guarantee it will work flawlessly? It is much wiser to remove Tastylock from your PC and seek professional assistance than trusting some anonymous hackers.

How to remove Tastylock?

Keeping a dangerous Ransomware infection like Tastylock on your PC can be very risky. Basically, your entire system is not safe to use if the infection is still in there. That’s why we advise you to remove the threat as soon as possible. The removal guide below contains detailed instructions on that. In case you cannot handle the manual instructions, there is a trusted malware removal tool, which you can safely use for the automatic detection and removal of this virus. However, we need to warn you that the encryption, applied by the Ransomware, may not be removed when the infection is gone. To get some of your files back without paying a ransom, you basically have to rely on your file backup copies. You may also give the file-restoration instructions below a try, but, unfortunately, a full recovery of the data cannot be guaranteed.


Name Tastylock
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Leave a Comment