Wdlo Virus


7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Wdlo is a variant of Stop/DJVU. Source of claim SH can remove it.

Wdlo is a recently-reported file-encryption infection that has already managed to lock up the files of a large number of users. Threats like Wdlo are oftentimes paired with Trojan Horse viruses that insert the virus into the attacked computer without raising any alarms.

Djvu Stop 1024x499
The Wdlo virus file ransom note

While most forms of computer malware target the overall “health” of your computer system and the data on it, the malware category that we are going to be focusing throughout the next lines targets the access to your most important and valuable pieces of data which you keep on your computer’s HDD. Wdlo is the main reason we are writing this post – this is a new representative of the Ransomware cryptovirus category. Similarly to the rest of its virus family, this insidious malware program seeks to lock-up the users’ files once it manages to infect the targeted computer. In order to render the personal data of its victims inaccessible, the nasty program uses an encryption process to seal the files. Once the encryption has been placed on the targeted files, the only way to open them again is through the use of a unique decryption key that Wdlo itself generates after it finishes with the encryption process. Naturally, the key would only be available to the hackers behind the malware and they would ask their victims to pay a certain amount of money if the latter want to receive the key. However, here is where we must warn you that it is typically not a good idea to give in to the demands of the hackers and send them your money because this will not guarantee the restoration of your files. After all, who is to say that the hackers won’t decide to further blackmail you for more money or that they won’t simply refuse to send you the key even after you have carried out the ransom transaction. There are just no guarantees here and since not only your files, but also your money would be at stake, we’d advise you to look for a more sensible and less risky alternative. One such alternative option is what we have tried to provide you with in the following removal guide for the Wdlo cryptovirus. In it, you can find instructions on how to remove the infection from your machine as well as a separate section with some data recovery suggestions. And while we can’t promise you that your files will be restored after you complete the guide, we still strongly the use of our guide or the use of other alternatives to the ransom payment.

The Wdlo virus

The Wdlo virus is a threat that will take only a few minutes to render all your data inaccessible with the help of a powerful encryption algorithm. The encryption that the Wdlo virus uses has the potential to keep your data locked even after you’be managed to remove the actual virus.

The nasty threats of the Ransomware category are well-known for their stealthiness and for how difficult it is to detect them on time. There are, of course, many factors such as the number and the size of the files in your PC, the amount of RAM your machine has, the power of your CPU and so on that determine how long the encryption process would take to be completed – it could happen in a matter of moments or it could take hours. Generally, the longer it takes, the better, since that would give you a higher chance of spotting the malware’s activity and intercepting it before it has finished with the encryption of your data. However, the problem is that even if the encryption takes an extended period of time to be completed, it could be rather unlikely for you to notice it. Some symptoms you might encounter are increased use of system resources like CPU time, RAM memory and hard-disk space but on a more powerful machine the difference might not be that big and you might not be able to notice anything suspicious. The same applies to your antivirus program – since Wdlo won’t really damage anything per se and would only use encryption on your files (an inherently harmless process), even your security program might fail to spot the infection with a cryptovirus and its activities on your computer. This is why, it’s simply best if you never again allow any Ransomware to get inside your computer.

The Wdlo file decryption

The Wdlo file decryption is the preferred method of recovering files from the Ransomware’s attack. However, without the corresponding access key, completing the Wdlo file decryption may not be possible and you will need to resort to other, less reliable options.

Wdlo File
The .wdlo file virus

Every user should know that if they want to keep their files and computer systems safe, they need to avoid web locations and online content that might put their machines in danger. Such could be the spam e-mails you might receive or the shady ads you might come across on the Internet. Pirated programs and illegally distributed software can also come with nasty viruses like Wdlo, PphgSsoi and Rguy. Also, if you have some other hazardous piece of software inside your system like, for example a Trojan Horse, it might also make your computer exposed to Ransomware threats. Make sure to avoid all of these as well as any other suspicious and fishy-looking forms of content you might come across and also remember to regularly backup any important files that you might have on your system and place their backup copies on external drives and devices or store them online using a cloud service.


Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Wdlo is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Wdlo Ransomware


Just like with other ransomware variants, the removal of Wdlo requires your undivided attention. There may be a few computer restarts required during the ransomware removal process, therefore, bookmarking the page in your browser so that you can follow along with the instructions in this article is an excellent idea.

It’s also a good idea to perform a system reboot in Safe Mode, which disables all but the most essential programs and services on your computer, making it easier to find and remove malicious software.



*Wdlo is a variant of Stop/DJVU. Source of claim SH can remove it.

After you restart the computer in Safe Mode, use the keyboard shortcut CTRL+SHIFT+ESC to open the Task Manager and check the Processes tab for any suspicious processes. Processes that consume a lot of CPU and Memory for no apparent reason should be given extra attention. Right-click on a process you believe to be harmful and select Open File Location from the pop-up menu.


After opening the File Location folder of the selected process, you can scan the files stored there for harmful code by dragging and dropping them into the powerful free online virus scanner below:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    Right-click on any potentially harmful processes and select the End Process option to stop them right away. After that, delete all the files and directories the scanner has flagged as malicious.


    The Hosts file on a computer is a common target for malware. That’s why you need to open the Hosts file and look for any malicious IP addresses listed under Localhost. To do so, press the Windows and R keys simultaneously and paste the following command in the Run command box:

    notepad %windir%/system32/Drivers/etc/hosts

    Click the OK button after that and the Hosts file will open on the screen. If you find strange-looking IP addresses like the ones shown in the example image below, leave us a copy of them in the comments. A member of our team will take a look and let you know if they represent a danger.

    hosts_opt (1)

    Ransomware, such as Wdlo, can cause changes to the System Configuration settings, particularly the Startup tab. The computer’s startup list, for example, may contain harmful items which need to be disabled. You can do that by typing “msconfig” in Windows’ search bar and clicking on the result:


    Any startup item with a strange name or an unknown manufacturer should be unchecked in the Startup tab, so that it doesn’t start automatically. Save your changes and ensure that only legitimate items are checked in the list.


    In order to stay on the system longer and be more difficult to remove by inexperienced users, more advanced malware often adds harmful registry entries. Wdlo is no exception, and it’s possible that the ransomware may have added harmful files to the registry of your computer. There are a number of things you can check in this step to see if the infection is still active in the Registry Editor (Type Regedit into the Windows search bar and press Enter). Make use of the CTRL and F keys to open a Find window and type the ransomware’s name in the Find box. You simply need to press the Find Next button after that.

    Delete any entries that are discovered. Keep in mind, tough, that if you delete files that are not related to the ransomware, your operating system may become corrupted. If you don’t remove all the registry entries that are associated with Wdlo, on the other hand, the infection may reappear. Therefore, the best you could do is to use an anti-malware application to check your computer for any hidden harmful files and remove them automatically.

    Manually searching for ransomware-related entries is also recommended in the following five locations. You can search for them in the Windows search bar and press Enter to open them.

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    It’s highly likely that you’ll need to scan for and remove any potentially harmful entries you find in any of the above locations. In order to delete all the temporary files on your system, open Temp, select all the files there and press Del from the keyboard.


    How to Decrypt Wdlo files

    Following the removal of ransomware, the most pressing issue for its victims is how to recover their encrypted files. This process, however, must be approached with extreme caution.

    First, you should use a professional anti-virus program like the one on this site to remove Wdlo and other malware. If you’re sure that Wdlo has been completely removed from your computer, it’s possible to recover your files by following these steps.

    For each ransomware variant, the method of regaining access to encrypted data varies. Check the encrypted file extensions to see what ransomware variant you’re dealing with.

    New Djvu Ransomware

    STOP Djvu is the latest Djvu ransomware variant. The .Wdlo suffix makes it easy for victims to identify this infection among others. Th decryptor  in the link may be able to help you decrypt data encoded by STOP Djvu if an offline key has been used for the encryption:


    STOPDjvu.exe can be downloaded by selecting the blue Download button in the top right corner of the linked website.

    Select “Run as Administrator” when you save the file on the computer and then press the Yes button to start the program. After you’ve read the license agreement and the brief instructions and clicked the Decrypt button, the decryption process will start. Decryption of data encoded with unknown offline or online keys is not supported by this tool.

    Please note that the anti-virus software on this removal guide can help you remove the ransomware quickly and easily. In the event that you have any suspicious-looking files, you can scan them by using the free online virus scanner.




    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1