Znws Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Znws is a variant of Stop/DJVU. Source of claim SH can remove it.


Znws is a dangerous piece of Windows-attacking malware that falls under the category of Ransomware viruses. Infections like Znws employ a complex encryption algorithm that they use to block access to valuable user data and then ask the victim to pay ransom.

The Znws ransomware will leave a _readme.txt file with instructions

If you have been hit by this malicious computer virus, you must learn about the possible ways you can mitigate this problematic situation. One thing we must get out of the way right now is the fact that the future of the data that this Ransomware has managed to encrypt cannot be guaranteed. We may be able to help you recover some of your files but we simply cannot promise if or how many of them will be released in the end. You will just have to try all the possible methods and see what works best for you.

The Znws virus

The Znws virus is an advanced form of computer malware that is known for applying encryption to the files of its victims, thereby locking them. The Znws virus is designed as an extortion tool and its goal is to make you pay ransom.

If you refuse to send some of your money to the people who are behind Znws, Znto , Isza you will never again be able to access the files locked by the virus, or at least that is what the blackmailers would have you believe. Unfortunately, in many cases, this is exactly what happens after a Ransomware attack – the victims never manage to regain access to their data. However, this absolutely doesn’t mean that if you pay the ransom, this will guarantee the restoration of your data. It is totally possible that the hackers still won’t provide you with the means to restore your access even after you pay them. This is why the payment “option” should really only be your last resort. There are other things out there that you can try and which do not involve the payment of a ransom to some anonymous online hackers.

The .Znws file extension

The .Znws file extension is a filename suffix corresponding to a nonexistent file format. After the .Znws file extension gets applied to your files during the encryption process, your programs become incapable of recognizing the encrypted files because they no longer have their regular formats.

Znws File

You cannot manually remove the Ransomware extension for your files. The only way to bring back the old extension (the one that your programs would be able to recognize) is through the decryption of the locked files. However, to decrypt those files, you will need a special key that is possessed by the hackers. The ransom payment demanded by them is for that key, but we already told you why going for that option might be a bad idea.

However, if you remove the virus following the steps from our guide, you will have the chance to try some alternative methods of recovering your data. Those methods will be shown to you in the second part of the removal manual.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
Data Recovery ToolNot Available
Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Znws is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Znws Ransomware


You may want to save these instructions as a bookmark in your browser, so that you don’t have to keep looking for them after every system reboot. Before moving on to the next step, we also recommend that you restart the computer in Safe Mode by using the instructions from the link.



*Znws is a variant of Stop/DJVU. Source of claim SH can remove it.

Press CTRL+SHIFT+ESC on your keyboard to open Task Manager, then click on the Processes tab and look for any suspicious processes. If there are processes that don’t appear to be related to any of your usual programs, as well as processes that demand a large amount of CPU and RAM resources for no apparent reason, right-click on each of them and select Open File Location.


Then use the free online virus scanner below to check the files of the suspicious-looking process for malware. To perform a scan, simply drag and drop the suspected process’s File Location folder’s contents into the scanner.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    Delete any files that have been identified as potentially harmful after the scan has been completed. To do that, you may need to end the suspicious process first by right-clicking on it and selecting End Process from the quick menu.


    System Configuration may be opened via the Windows search bar by searching for the command msconfig in it. Open the Startup tab and check if it contains Znws-related startup items.


    To be on the safe side, all startup items with “unknown” or “random” names should be carefully researched, and their checkboxes should be unchecked if you find enough evidence that they could be related to the threat.

    Another place where malicious changes can be made without your consent is the Hosts file, which can be accessed by  using the Win key and R key combination and copying the following code in the Run box:

    notepad %windir%/system32/Drivers/etc/hosts

    Press Enter to run the command which will open the file and then look at the content under “Localhost” to see if there are any strange IP addresses. 

    Let us know if you detect any strange IP addresses in the file under Localhost, as seen in the screenshot below. These IPs will be investigated by one of our team members.

    hosts_opt (1)

    *Znws is a variant of Stop/DJVU. Source of claim SH can remove it.

    In order to evade anti-malware solutions, malware programs are becoming more creative at inserting malicious registry entries into the system. Therefore, if you want to deal with Znws effectively, our recommendation is to check your registry for any malicious files by using the Registry Editor. This may be accomplished in a number of ways. Using the Windows search bar, type Regedit in and press Enter. Next, press CTRL and F at the same time to open the Registry Editor’s Find window,. To begin the search for ransomware-related files, input the name of the ransomware in the Find box and click on Find Next.

    Carefully remove any ransomware-related search results from the results page. You may need to search the registry again to see whether there are any more files with the same name.

    Attention! In the process of removing the ransomware-related files, you may accidentally remove files unrelated to the infection, which might harm your computer’s operating system. At the same time, the ransomware may resurface if you do not erase all registry entries related with the danger. Therefore, in order to protect your computer against malicious software and potentially harmful registry entries, we suggest that you use a reliable anti-virus program.

    The five locations listed below should also be checked manually for malicious files. To do that, in the Windows search field, type them exactly as they are shown (including the percent sign) and click Enter to open each one at a time.

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete any files that appear to be suspicious that were recently uploaded to these locations. You may also want to erase all of your system’s temporary files by selecting the files in your Temp folder and pressing Del on your keyboard.


    How to Decrypt Znws files

    People who have had the ransomware removed, are next faced with the issue of regaining access to their data. The methods utilized to decrypt the ransomware-encrypted data may differ based on the variant of malware that has infected your computer. To figure out the exact variant of ransomware you’re dealing with, look at the file extensions.

    An anti-virus check of the infected computer should be performed prior to any file recovery attempts. Once you ensure that you have a virus-free and ransomware-free machine, you may test various file recovery methods and link backup sources to the clean system.

    New Djvu Ransomware

    The STOP Djvu ransomware variant of the Djvu ransomware has just been detected by security specialists. Each file encrypted with this threat typically ends with the .Znws extension. The good news is that it is possible to use an offline key decryptor like the one at this site to potentially decrypt data that has been encrypted by this malware.


    To open the STOPDjvu.exe file, click “Run as Administrator” and then click on Yes in the pop-up window that appears. You can begin decrypting data, after reading the license agreement and any accompanying brief instructions. Please keep in mind that the decryption of files encrypted using unknown offline keys or online encryption may not be possible with this program.

    If you find yourself in trouble, please use the anti-virus software on this website to swiftly remove the ransomware. Additionally, you may use the free online virus scanner to individually check any questionable files on your computer.


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1