Tuis Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Tuis is a variant of Stop/DJVU. Source of claim SH can remove it.


Tuis is considered by cyber security experts to be a ransomware variant. More specifically, Tuis falls into the subcategory of file-encrypting ransomware, which makes it particularly dangerous.

The Tuis virus will leave a _readme.txt file with instructions

If this virus has infected your PC, then you already know that it has encrypted a large number of files in your system, which has essentially rendered those unreadable for any type of software. Basically, the principle on which ransomware like Powz, Pohj operates is it robs its victims of access to their data. And as a result, if they need it badly enough, the users are then forced to pay a ransom in order to have their access restored.

This, in turn, happens with the help of a special decryption key, which is unique for each and every case of infection. And one of the reasons we generally don’t recommend paying the hackers is that, because of this very fact, there’s a lot that can go wrong, and you may simply waste your money in vain. There’s a high chance that the decryption key you receive may not be meant for you, or there can be a mistake in the code, or the criminals (being criminals, after all) may just leave you hanging and forget about you altogether as soon as they’ve received your payment.

Therefore, we have come up with an alternative solution for victims such as yourself. Below is a removal guide, with the help of which you should be able to remove Tuis from your PC. And in the second part of the guide, you will find a set of suggestions regarding what you can do to restore your encrypted files.

The Tuis virus

The Tuis virus normally benefits from extreme stealth and is therefore hardly ever detected by its victims. Furthermore, because the Tuis virus uses encryption, most antivirus programs let it slide under their radars.

The reason for this is that we rely on encryption in our everyday lives to complete basic tasks like make purchases online, check our emails and even just check our bank accounts. Hence, if antiviruses were to block all of these transactions, we wouldn’t be able to use the internet to its fully capacity, and we would be very limited.

This is an extreme advantage that ransomware such as Tuis has, and therefore the only sure way to battle it is to regularly back up our important files and store copies on separate drives. Even keeping copies on a cloud service can still prove effective in the event of a ransomware attack.

The Tuis file distribution

Another good way to combat this virus is by knowing how the Tuis file is distributed. And in most cases, you are likely to land the Tuis file from an infected online ad or a spam message.

Tuis File

Typically, in the case of the latter, there may be a Trojan horse virus involved, as it is often used as a backdoor for ransomware like Tuis. And in such a case, it would be wise to run a full system scan for other malware once you have removed the cryptovirus from your system.


Detection Tool

*Tuis is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Tuis Ransomware


Firstly, click the Bookmark (star icon at the upper left corer of your URL bar) icon to save this guide. This will allow you to reffer back to it  quickly as there are steps below that will require you to quit your browser.

After you have bookmarked the page, start your system in Safe Mode




*Tuis is a variant of Stop/DJVU. Source of claim SH can remove it.

Once the computer reboots in Safe Mode, you are ready to move to the actual Tuis removal steps.

Start with pressing CTRL + SHIFT + ESC keys to open your Windows Task Manager. Then, select the Processes Tab. Take a look at the processes in the list and find the ones that are related to Tuis. Also, look for other processes that seem dangerous and don’t originate from a legitimate program or the system. 


When you detect a questionable process, tap on it to highlight it and then right-click on it. This will display a menu where you have to select Open File Location. Use the free online virus scanner on this page to scan the files found in that location:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If they get flagged as dangerous, don’t hesitate to end the processes related to them and delete their folders immediately. 



    After you have terminated the questionable processes from the Task Manager, go back to your desktop and press the Start and R keys from your keyboard together. This will open a Run dialog box where you have to carefully copy and paste this:

    notepad %windir%/system32/Drivers/etc/hosts

    Click the OK button after you have pasted the above. The Hosts file of your computer will get opened on your screen.

    In it, find the “Localhost” section and see what is there. If you detect numerous IP addresses under “Localhost”, then, this might be an indication that your computer has been hacked. The image below explains how the Virus Creator IPs should look like:

    hosts_opt (1)


    Please write us in the comments below this article if there are suspicious IPs below “Localhost” in your Hosts file so we can advise you what to do next.

    Next, you need to open your System Configuration window. The easiest way is to type msconfig in the search field and hit enter. This will immediately display the following pop-up:



    Select the fourth tab which says “Startup”. You will see a list of programs that launch with the startup of your computer. Find the ones that are linked to Tuis and remove the checkmark before them. Also, do this for any other programs that seem suspicious or have unknown Manufacturer.  

    • Important! Malicious apps like Tuis may have a different name for their processes and a fake Manufacturer. Thus, please make sure that all the programs in this list are legitimate.


    *Tuis is a variant of Stop/DJVU. Source of claim SH can remove it.

    Once you have unchecked the dangerous programs in Startup, your next job will be to enter the Registry Editor and find the entries related to Tuis in it.

    To open the Editor, type Regedit in the windows search field of your computer and hit the Enter key of your keyboardOnce the Registry Editor window opens, open the Find dialog (CTRL+F key combination) and type the Name of the virus in the empty text field. Then, click on the Find Next button. Search for the ransomware  in your registries and delete the entries related to it.

    Attention! Be extremely careful what entries you delete! You may cause a serious damage your system if you delete entries not related to the ransomware!

    Next, type each of the following five commands in the Windows Search Field one after the other and for every single one of them check if there has been something recently added to them:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything that you find in the Temp directory.

    If you run into any trouble during the completion of this guide, don’t hesitate to write us in the comments! A member of your team will do his best to assist you.



    How to Decrypt Tuis files

    The decryption of ransomware files is one of the most difficult tasks. Fortunately, our “How to remove” team has a file-recovery suggestion that may help you get some of your encoded data back. 

    Even for skilled cyber security experts, decrypting ransomware-encrypted data may be a formidable challenge. This is partially caused by the fact that different strains of ransomware require different decryption techniques, which makes recovering encrypted data much more difficult. If you look at the file extensions of the encrypted files, you might be able to figure out what kind of ransomware has attacked your computer.

    Before attempting to recover any data, however, it is essential that you run a full virus scan on your system using a sophisticated anti-virus tool, such as the one provided on this website. You shouldn’t look into ways to recover files until you know the results of the malware scan. If the malware hasn’t been removed, it could encrypt once more any files you manage to recover.

    New Djvu Ransomware

    STOP Djvu ransomware is a newly discovered variant of ransomware that stealthily encrypts data and requests payment from infected users. This threat has been reported from different countries, and victims have noted that it encrypts their files and then adds the Tuis suffix to them. Those who have experienced data loss, however, should not pay the ransom, since decryptors like the one provided in the link below may be able to assist them in recovering their files.

    Once you click the link above, you can read more about the decryptor tool and its abilities. To download the STOPDjvu executable file to your computer, click on the Download button in the upper right corner of the page. Carefully read the license agreement and the usage guide, and launch the exe file as an administrator. There are several restrictions to this software, despite the fact that it has a lot of potential, so keep in mind that the program may not be able to decode files if they have been encrypted online or with an unknown offline key.

    Ransomware threats like Tuis can be very stubborn, thus, if you have tried everything in the guide, but the malware is still present on your computer, we advise you to download the anti-virus program recommended on this page or try our free online virus scanner


    About the author


    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1