Thanatos Ransomware Removal (+.thanatos File Recovery) June 2018 Update

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Thanatos Ransomware for free. Our instructions also cover how any .thanatos  file can be recovered.

The topic of the article below is the infection caused by a version of a ransom-demanding, file-encrypting virus named Thanatos . As you might expect, such a program is highly malicious as it belongs to the Ransomware cryptovirus category.

This means that your most important personal data could get encoded by this virus with the help of a sophisticated encryption code – a process that you might not be able to ever reverse.

However, you are not alone and we are going to offer you some measures and instructions to help you minimize the effects of such a hazardous infection.

Thanatos Ransomware


More about Ransomware:

Ransomware is generally known as the most malicious virus group ever. It is believed to have been first created in Russia at the end of the XXth century. At first there used to be two kinds of Ransomware:

*file-encrypting Ransomware those viruses use encryption to lock-up personal user files (Thanatos is a part of this malware group):

*lock-screen Ransomware – those viruses are only capable of affecting the screens of all your devices – they are known to target computers, laptops, smartphones and tablets. The screen remains locked until the money is paid (or an alternative solution to unlock it gets utilized).

More about the cryptoviruses:

  • To start with, such malicious programs can invade their device on their own or by receiving help from some other malware (a Trojan Horse, for instance). Such an infection could take place in different ways. However, it is very likely to occur via email letters and their attachments. Immediately after you have loaded any of them, an infection could follow. Another possible case is to catch such a virus by visiting contaminated web pages. What’s more, you might end up getting your PC infected if you (intentionally or unintentionally) click on a malicious ad. Such an ad could redirect you to an infected website, where various forms of malware may automatically infect your system.
  • Nonetheless, there are plenty of other likely sources – some torrents and video-streaming web sites, for instance. In this case the method of infiltration is similar – you get attacked by a virus automatically once you visit the site or sometimes, when you click on some of its contents.
  • The next stage of the contamination process is the scan, which Thanatos is able perform of all your device’s drives. Such a scan usually targets all your hard disks and focuses on finding the data that belongs to certain file formats. After that Thanatos prepares a list with all such files – their names and locations in the storages.
  • After that the actual infection process takes place. Normally, Thanatos Ransomware  continues with making all the previously enlisted data absolutely inaccessible. Once every file from the mentioned list has been encrypted, you normally get a message from the hacker. The message informs you about the encryption that has just taken place and includes all the details about paying the required ransom.


Thanatos Ransomware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt Thanatos files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

Is paying off the ransom going to be what it takes to solve this Thanatos Ransomware-caused issue?

The answer is – it depends. The hackers may just keep your files encrypted forever when they already have your money or they might send you the decryption details – you can never be sure.

If we were you, we wouldn’t rush into paying the cyber-criminals. It is just better to first try some alternative methods and only if they do not work, consider making the payment if the files are so important to you. Here are couple of other options that you might go for:

  • Ask a professional for some help. Perhaps some of the experts have their own means of dealing with such terrifying viruses. Also, it is wiser to pay for their assistance or know-how. Maybe in the end you will recover your data. However,  keep in mind that in some cases even the experts will be useless as some Ransomware viruses are too advanced and complex.
  • Make sure to check whether you can remove this infection by following the instructions in our specifically designed Removal Guide. Indeed, doing that might help you, however, we can’t guarantee you that your files will get unlocked even if you try our guide.

The most important aspect of fighting Ransomware

Obviously, dealing with such an infection is no easy task and there are often no guarantees for success. However, there is one method of handling such a virus that is far more effective than anything else and that is preventing the malware from entering your PC. Therefore, you ought to make sure to stay safe on the internet, use your common sense when exploring the online world and avoid any suspicious or potentially harmful web contents in order to ensure that your machine stays safe and secure in future. Also, remember to back-up important data! This is certainly one of the best way to deal with a possible attack from a Ransomware.


Name Thanatos
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Leave a Comment