Uyit Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Uyit is a variant of Stop/DJVU. Source of claim SH can remove it.


Uyit is a ransomware cryptovirus that targets most popular file types on the computers of its victims. Uyit encodes these files using a complex encryption algorithm, thus robbing users of access to said files.

Stop 2 1024x575

This is all part of virtual blackmail scheme that originated back in the late 80’s and has been going strong since. The idea behind it is that your files are basically held ‘hostage’ by the hackers in charge of the ransomware attack. And in order to ‘free’ them, victim users are required to send a certain amount of money in ‘ransom’. In turn, the way the files are freed is with the help of a special decryption key, which the hackers promise to send as soon as they receive your payment.

However, there are several issues with this deal. For one, there’s no guarantee that you will in fact receive a decryption key, and practice has shown that not everyone does. And for another, the decryption key is unique for each instance of infection. Therefore, it is possible for mixups to occur, and you could easily end up receive the wrong key – which will not do anything to decode your data. Obviously, the criminals don’t do refunds and you can pretty much forget about getting the correct key.

This is why we generally encourage our readers to try and approach this matter using alternative solutions. Unlike what the cybercriminals will have you believe, there are other ways you can potentially regain access to the files that have been locked by Uyit, Uyro, Kcvp or other STOP/Djvu Ransomware. And in the below removal guide, our team has dedicated a separate section specifically to these possible solutions. However, before you attempt any of them, it is vital that you first remove Uyit form your system. This will prevent any further instances of encryption from occurring later on.

The Uyit virus

The Uyit virus is notoriously stealthy and may bypass most antivirus software on the market. This allows the Uyit virus to operate undisturbed, sometimes for hours at a time.

The encryption process is often a tedious one, as files are generally encrypted one by one. And if your machine doesn’t have the most processing power, and/or if it’s overloaded with data, the whole malicious act may take very long to complete. This may even result in a significant slowdown of your system, which may sometimes prompt victims to investigate what the reason for it may be. And in such cases, it’s possible to intercept the virus by noticing it in your Task Manager, which should, in turn, immediately prompt users to switch off the computer at once and seek professional assistance.

The Uyit file distribution

One of the keys to preventing an attack like this is being aware of the Uyit file distribution channels. And the two most common ways in which in the Uyit file distribution occurs is with the help of spam messages and malvertisements.

Uyit File

Sometimes a Trojan horse virus may be employed to act as a backdoor, so it may be a good idea to scan your system for malware once you’ve removed Uyit.


Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Uyit is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Uyit Ransomware

You are dealing with a ransomware infection that can restore itself unless you remove its core files. For this reason, we are recommending that you follow the steps from the removal guide below. It covers in-depth instructions on how to:
1. Locate and scan malicious processes in your task manager.
2. Identify in your Control panel any programs installed with the malware, and how to remove them. 
3. How to decrypt and recover your encrypted files (if it is currently possible).


To get things going, we suggest that you bookmark this website by selecting the bookmark button in your browser’s address bar.

After that, restart your computer in Safe Mode, and then come back to this page to complete the rest of the Uyit removal steps.



*Uyit is a variant of Stop/DJVU. Source of claim SH can remove it.

To do extensive harm, ransomware threats like Uyit often operate in the background of the computer system. Consequently, being able to identify and terminate any potentially hazardous processes connected to the ransomware that are already running on your computer is one of the most tough jobs when dealing with this type of malware.

To see what processes are running on your computer, open the Windows Task Manager (CTRL+SHIFT+ESC) and go to the Processes tab. If you see any processes that look strange in their resource use, name, or other characteristics, right-click on them to bring up a quick menu and click on “Open File Location” to access the associated files.


You may use the free online virus scanning tool provided below to check whether the files in the file location folder include any malicious code.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    In the event that any of the files you scan turn out to be malicious, you should immediately end the associated process and remove the dangerous files from your computer.

    Repeat this step for every running process that uses unusually high amount of system resources, has a strange name or has malicious files until the system is completely safe.


    Disabling the Uyit-related processes in Task Manager isn’t the only thing to do. If the ransomware has introduced potentially malicious startup items to the system, you should disable them too.

    You may do this by going to the Windows search bar, typing “msconfig“, and then clicking on the System Configuration window that opens on the screen. After that, check the Startup entries and remove the checkmark from anything that is related to the infection:


    If a startup item has an “Unknown” Manufacturer or a random name, you should research it online and uncheck it from the list if you find sufficient evidence that it is related with the ransomware. Additionally, check for any additional startup items on your computer that you are unable to relate with any of the authorized applications that you have installed on your computer. It is recommended that you only keep items that are connected to applications that you trust in or that are essential to your system.

    Another location that you need to check for changes is the Hosts file. To access it, hold the Start Key and R together and  copy + paste the following, then click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    In the text of the file, find Localhost. If you are hacked, you will see a number of suspicious IPs like those on the image below: 

    hosts_opt (1)

    In case you detect questionable IPs below “Localhost“, please write to us in the comments.



    *Uyit is a variant of Stop/DJVU. Source of claim SH can remove it.

    In the fourth step, it is required to do a search of the registry to identify whether the ransomware has added any dangerous entries there. You can launch the Registry Editor by going to the Windows search field, typing “Regedit”, and then clicking the Enter key on your keyboard.

    Next, hold down the CTRL and F keys on the keyboard, and write the name of the ransomware infection in the Find box. Doing so will help you search for the virus more quickly. After that, choose the Find Next option and delete any items in the search results that include names that are identical to the malware.

    Don’t remove anything from your registry that you aren’t quite sure about. Doing so might end up doing more damage to your system than good. Instead, use professional removal solutions in order to thoroughly erase Uyit and any other files associated with ransomware from your registry. This will help you prevent any accidental harm to your system.

    Next, do a manual search in each of the locations listed below for suspicious files and folders that seem like they belong to Uyit or are related with the threat. You may get accetss to these locations by opening them one at a time using the Windows Search field, and then pressing the Enter key on your keyboard.

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Any file or a folder that might be seen as a risk should be carefully removed from these locations, but again, if you are not sure about deleting them, turn to a professional removal software for assistance. When open Temp, choose everything included inside, and then delete it all in order to clear your system of any temporary files that could have been saved there.



    How to Decrypt Uyit files

    It’s possible that you’ll need to try a few different approaches until you find one that works for the particular ransomware variant that has attacked your machine. If you want to know which variant of Ransomware you’re up against, look at the extensions the virus has appended to the encrypted files.

    New Djvu Ransomware

    STOP Djvu is the newest representative of the Djvu Ransomware family. The malware appends the .Uyit suffix to the files it encrypts. Thus, victims may quickly and easily recognize that they have been infected by this new threat. Unfortunately, current decryption methods only work with files that were encrypted using an offline key. If you click the following link, you will get access to a decryption tool that might be useful:


    To use the decryption tool, then right-click the downloaded file, choose “Run as Administrator” and launch the application. Please read the license agreement and the instructions that explain how the software works before continuing.

    You may start decrypting your data by selecting the app’s Decrypt button. Remember that this tool may not be able to decode data encrypted using unknown offline keys or online encryption. In any case, we still believe that it is a better alternative to the ransom payment.

    Important! Before trying to decrypt any data from an infected computer, you must first erase any files and registry entries associated with the ransomware. You can get rid of Uyit and other viruses that spread over the internet by using an online virus scanner and an anti-virus software, which you can find on our site.





    About the author


    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.


    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1