WhyCry Ransomware Removal (+File Recovery)

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove WhyCry for free. Our instructions also cover how any WhyCry file can be recovered.

Ransomware viruses are currently one of the most devastating virus types out there and knowing more about this particular form of malware is key to keeping your PC and data safe. Currently, most Ransomware viruses use a complex encryption code to make the user’s personal data inaccessible once they invade the PC. If a ransom set by the hackers isn’t paid following strict instructions, it is said that the data would stay locked indefinitely. Bear in mind that there aren’t many effective methods to handle such a threat once it infects your PC, which is why it is of utmost importance that you manage to keep your system well protected against these viruses. That being said, we assume that a number of this article’s readers have actually come to this page because their PC’s have already fallen prey to the insidious WhyCry – a newly released Ransomware cryptovirus, which is going to be the focus of the next lines.

What we can offer

If this is indeed the situation you’re currently in and the nasty cryptovirus has already infiltrated your computer, we advise you to read everything that this article has to offer and then head to the removal guide for WhyCry that is located down on this page. There, you can find detailed instructions and guidelines that will teach you how to get rid of the virus program and also possibly restore/decrypt your sealed data. It is, however, uncertain how effective the methods we provide would be for each instance of infection by this piece of malware. A lot depends on the specific situation and circumstances which is why, unfortunately, we cannot give any guarantees with regards to the potential success of our guide. Nevertheless, giving it a go is preferable since it won’t cost you anything and you won’t need to deal with cyber-criminals and hackers. The ransom payment should really only be considered if there’s absolutely nothing else that can be done to restore the locked data via another method and only if the encrypted documents are really that important to make it worth taking such a risk with your money. Remember that there’s always the chance that the criminals who are harassing you might decide to refuse to send you the decryption key even after you pay them the demanded ransom, which would mean that you’ve simply wasted your money. There is a number of previous examples where this has happened to other Ransomware victims so make sure to keep that in mind.

WhyCry Ransomware Removal



Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/

Scan Results

Virus Scanner Result

After you open their folder, end the processes that are infected, then delete their folders. 

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt WhyCry files

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

The reason why Ransomware is so dangerous

In fact, there are a couple of factors that make malware programs like WhyCry such a devastating and global issue. First and foremost, detecting such a threat is highly unlikely even after it has started operating inside the infiltrated machine. The reason for that is the encryption process that is being employed by the Ransomware. This method for protecting important data files is exploited by the virus and turned against the targeted user. However, since the encryption doesn’t cause any real harm to either the computer system or the files that are on it, most forms of software security programs such as antiviruses would probably ignore the said process. This is mainly why most Ransomware infections occur completely unnoticed by the user. The fact there are almost no symptoms doesn’t help either. Increased usage of free hard-disk space or unusually big RAM and CPU spikes can be considered possible infection signs but they could be very difficult to notice on more powerful computers making it next to impossible to intercept the virus in time. The third aspect which makes a typical cryptovirus Ransomware like WhyCry such a difficult to handle threat is the fact that even after the actual virus is removed, the files that have been locked by it would stay that way until another method is employed to restore them to their previous accessible state and as we said, there aren’t very many methods that would prove effective when file-recovery is concerned. The ones that we could come up with are available in a separate section of the removal guide.

What you need to do in order to keep your PC protected

A lot of measures and precautions can be taken in order to boost the overall security levels of yous system. The more protected your computer is – the better. Some general guidelines that you must keep in mind and use as future reference would be to be careful not to visit any fishy and potentially dangerous websites as well as to be on the lookout for e-mails and social network/Skype messages which could be malicious spam. Having an antivirus program is another very important thing aspect of keeping your machine safe since a good security tool would help you detect and stop potential Trojan horse infections. This would effectively keep away Ransomware as well since Trojans are commonly used to distribute cryptoviruses like WhyCry. Lastly, do not forget to regularly back-up your data which would keep it safe in the event that a Ransomware still manages to invade your computer system.


Name WhyCry
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Unusual PC behavior, increase use of physical memory space and increased consumption of RAM and CPU (RAM and CPU spikes), system slowdown, etc.
Distribution Method Various forms of malvertising and spam, illegal and untrusted websites, Trojans used as backdoor into the computer.
Data Recovery Tool Currently Unavailable
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.

Leave a Comment