Tuow Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Tuow is a variant of Stop/DJVU. Source of claim SH can remove it.


Tuow is a malicious infection of the ransomware type that is aimed extorting money from web users through the methods of file encryption. Tuow targets valuable digital files and renders them inaccessible so that it can demand a ransom payment for their decryption.

The Tuow ransomware will leave a _readme.txt file with instructions

If you are reading these pages, you possibly have fallen victim to Tuow which is one of the latest ransomware infections. Looking for how to recover from the strong encryption that this malware has applied on your most needed files can be very frustrating but the good news is that, on this page, we have a removal guide that is specially designed to assist you. The instructions in it will explain to you how to get the Tuow infection removed and, hopefully, how some of your files can be restored. Our “How to remove” team has created detailed screenshots and step-by-step descriptions that will direct you through the entire manual removal process.

The Tuow virus

The Tuow virus is a ransomware infection that robs users of their digital files by encrypting them. Once the file encryption has been applied, the Tuow virus generates a ransom-demanding message that requires a money transfer from the victims.

A group of cyber criminals has created this cryptovirus with the only objective of generating plenty of money through blackmail. The scheme that the Tuow (or Pooe and .Zqqw) ransomware uses is quite simple: as soon as the infection sneaks into the system, a powerful encryption algorithm is applied to all files stored on the victim’s machine. These could be images, digital documents, archives, databases, audio and video files, etc. The ransomware can even change the file extensions of the encrypted information in order to make it unrecognizable to the device and any software that is installed on it.

Unlike other viruses that hide their presence and continue to perform malicious tasks stealthily, the ransomware alerts you of its presence by displaying a ransom message on the computer immediately after the encryption process has ended. In this message, the victims can find instructions for obtaining a decryption key through the ransom payment. The cyber criminals typically ask for a fixed amount of money for the decryption key that is supposed to be used to recover the victim’s files.

The .Tuow file encryption

The .Tuow file encryption is a harmful process during which user files become inaccessible without a decryption key. The .Tuow file encryption is performed in secret and the users are notified about its consequences with the help of a ransom note.

Tuow File

The victims always have the dilemma about how to deal with a ransomware infection in the best possible way. Paying the ransoms seems to be the fastest way, but no one can guarantee that the crooks will really give the decryption key, let alone that it will work flawlessly. On the other side, not paying the ransom leaves not so many choices for you. In any case, the system is still vulnerable to malicious attacks if you don’t remove the infection. That’s why our suggestion is to remove Tuow from your device using the instructions below and try our free suggestions for file recovery.


Name Tuow
Type Ransomware
Data Recovery Tool Not Available
Detection Tool

*Tuow is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Tuow Ransomware



Tuow is known for starting a number of malicious processes that operate in the background of the system without the victim’s knowledge. Therefore, the first thing that users who want to remove this ransomware should do is to find those processes and stop them.

Before doing that, however, we advise you to click on the Bookmark icon (top right) and save this page with removal instructions for reference later in the guide where you will need to get back to it after each system reboot.


*Tuow is a variant of Stop/DJVU. Source of claim SH can remove it.

Now, head to the Start button and click it. Type Task Manager in the search bar and open the first result at the top.

In the new window, click on the Processes Tab.

Then, carefully scroll the list of processes and search for a dangerous process that could be related to the malicious activity of Tuow on your system. Pay special attention to any process with an odd name or unusual activity and do the following:

  • Select the suspicious-looking process and right-click it.
  • Select Open File Location

Scan whatever files are found in that location with the free online virus scanner below :

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If the scanner detects danger in the files, end the related processes (right-click on it >>>End Process), and remove its files and folders.

    You can repeat the scanning process above for every single process that you find suspicious until you are sure there are no more dangerous processes running in the Task Manager.


    In the second step, we recommend that you reboot the infected computer in Safe Mode (use this guide from the link to do that quickly) to prevent any other possible malicious processes from running in the background without your knowledge.

    Once the computer reboots in Safe Mode, use the Windows and R key combination to open a Run dialog box on the screen. Then,  copy the line below in the Run box and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    Inside the text of the Hosts file that opens, search for Localhost and check what is written below. If you find suspicious IP addresses there, just as in the image below, please write us in the comments with a copy of those IPs. We will take a look at them and will tell you what to do in case they turn out to be dangerous.

    hosts_opt (1)

    Otherwise, if you detect nothing suspicious, you shouldn’t worry.


    A common place where ransomware threats like Tuow may add malicious entries is the Startup tab in System Configuration.

    For that, type msconfig in the search field and hit enter to open the System Configuration screen. After that, in the Startup tab, search for  startup items that aren’t related to any of the programs that usually start when the system boots.

    Entries with unknown Manufacturer or odd names are most likely to be part of the threat, so once you detect them, remove their checkmark to disable them.


    Finally, click OK to save the changes that you have made.


    *Tuow is a variant of Stop/DJVU. Source of claim SH can remove it.

    The Registry is another system location where Tuow may add malicious entries without the victim’s knowledge. Therefore, it is especially important that you check it out for dangerous items that need to be deleted.

    For that, start the Registry Editor by typing Regedit in the windows search field.

    Select the first result and once the Editor opens, press CTRL and F keys from the keyboard together.

    In the Find box that appears on the screen, write the exact name of the ransomware and click on Find Next. If there are entries with that name in the Registry, delete them. If needed, repeat the search again until no more entries are found.

    Caution! There is a high risk of involuntary  system damage if you delete entries not related to the ransomware. To avoid that risk, please use a professional removal tool that can scan and clean your entire system.

    Once you are done with the Registry, go to the Windows Search Field and type each of the five listed lines below one by one:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    In each of them, check for recently added files that could be related to Tuow. When you open the Temp folder, make sure you delete all of its content.


    How to Decrypt Tuow files

    Decrypting the files encrypted by Tuow require different actions that are not related to the steps you used above to remove the ransomware. Therefore, to separate things and avoid confusion, in this final step, we have added a link to a removal tool that may help you decrypt your files.

    In order to successfully recover from a ransomware attack, you need to pay careful attention to the specific variant of ransomware that has infected your system, since the steps that are required to deal with each variant may be different. The file extensions that were added after the ransomware encrypted your files may assist you in identifying the exact variant of the threat.

    As a start, you will need to check that the ransomware virus that was present on your computer has been removed entirely. To guarantee that, it is strongly recommended that you use either the manual removal guide that was given above, a professional anti-virus product, an online virus scanner, or a combination of all of these methods.

    If you are sure that you have been attacked by the Tuow variant, below is a tool that you may use to try and decrypt your files so that you can access the information contained inside them again.

    New Djvu Ransomware

    STOP Djvu is a new variant of the Djvu Ransomware that is now targeting users all over the world. You can recognize the threat thanks to the .Tuow suffix that it adds to the files it encrypts.

    Regaining access to files encrypted with new ramsomware threats is a challenging task. This is something that we are all aware of. However, there is still a possibility of recovering the files encrypted with Tuow if an offline key was used during the encryption process. A decryption tool is available for you to use at the link below.  You may save the decryptor to your computer by clicking on the link below, then, clicking on the Download button on the page that opens.


    Launch the decryptor with administrative privileges, then click the Yes button to confirm. Before continuing, please ensure that you have read the terms of the license agreement as well as the instructions shown on the screen. Next, in order to decode the information you have, you will need to click the Decrypt button. Please be aware that it is possible for the application to be unable to decrypt files that have been encrypted offline using unknown keys or files that have been encrypted online.

    If you need help during any of the steps on this page, please drop us a comment below. Also, know that if Tuow turns out to be more persistent than expected, you can use the free malware scanner and the recommended removal program from this guide to remove any hidden traces of the ransomware from your computer.


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1