Woit Virus


Woit is a malicious Ransomware virus that employs an advanced encryption code to block the files of its victims. Files that are encrypted by Woit can’t be accessed or used and their owner is forced to pay a ransom to get them back.


The Woit ransomware will leave a _readme.txt file with instructions

If this virus has attacked your computer but there aren’t any valuable files stored on the infected machine, the damage caused by this virus would be minimized as you wouldn’t stand to lose any particularly important data. The same can be said if you have important files on your machine but you had made sure to back them up before the virus has attacked your computer. In either of those cases, the only concern you’d have is the removal of the Ransomware from your machine as you won’t need to worry about data recovery. However, if the Ransomware has “kidnapped” some data you really need which isn’t backed up, then the problem is more serious because even if you remove the infection, the encrypted files will stay in their inaccessible state until you obtain the decryption key for them or find out another way to recover the files. In the next lines, we will tell you about the different recovery options you may try out in an attempt to recover your unavailable files.

The Woit virus

The Woit virus is a new malware version of the Ransomware virus family that has the ability to block your files through an advanced encryption code. The Woit virus is typically delivered inside the computer with the help of a previous Trojan horse infection.

woit virus

The Woit virus will encrypt your files

Oftentimes, Trojan horse viruses are used as backdoor tools for Ransomware, Spyware, and other forms of malware. The case with Woit, Wiot, Edfc is no different. This is important to keep in mind because it might mean that there is a second piece of malware on your computer in addition to the Woit file-encrypting virus. Therefore, even if you manage to remove the Ransomware, you must still make sure to scan your system for any hidden Trojans that may be there.

The Woit file encryption

The Woit file encryption is a complex algorithm that is used for the purpose of blocking your files by rearranging their code. The Woit file encryption is unrecognizable to any normal program and only the application of its decryption key would make the files accessible.

The goal of the virus is to coerce you to send some of your money to the hackers in order to “purchase” this key from them. We, however, advise you to refrain from doing that. The hackers may promise you the key but you cannot trust them as you have no guarantee that you’d get said key after you pay them.

The other options you could try in order to bring your files back are explained in the removal guide for Woit that you will find on this page. These alternative options are free but they, too, cannot guarantee your data’s full recovery. In the end, it is up to you to decide what to do. Nevertheless, we strongly advise you to at least remove the virus by following the instructions from below so that your computer would be safe and clean once again.


Name Woit
Type Ransomware
Data Recovery Tool Not Available
Detection Tool

Remove Woit Ransomware


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.


    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    hosts_opt (1)

    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:


    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


    How to Decrypt Woit files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment