Remove Cryptodefense Virus & Restore Cryptodefense Encrypted Files

Cryptodefense virus (“Troj/Ransom-ACP”, “Trojan.Ransomcrypt.F”) is actually a Ransomware software and whenever infects your pc, encrypts your important files and practically is hard to be decrypted. 




Once your computer is infected with Cryptodefense virus, then a message appears on your screen that demands a payment in order to decrypt them. But many users on the Internet complained that the files remained encrypted even after having paid the ransom. So it’s at your own decision (and risk) to pay (or not) the ransom.

Attention: If your computer is infected before 1st April 2014, then you can try to decrypt your files using Emsisoft’s Decryptor Utility. The detailed instructions can found here: How to decrypt files encrypted by CryptoDefense.

In this article you can find instructions on how to remove the Cryptodefense virus from your computer and restore the encrypted files in their previous versions by taking advantage of the Windows 7 System Restore feature (if it is previously enabled on your computer).


How to clean Cryptodefense – How_Decrypt – virus.

Step 1. Start your computer using “Safe Mode with Networking” option.

First of all you have to boot your computer into safe mode to prevent Cryptodefense virus from running. to do that:

  • Restart your computer and hit the “F8” key while your computer is starting up (before the appearance of Windows Logo).
  • When “Advanced options” menu appears on your screen, navigate to “Safe Mode With Networking” option (using your keyboard arrow keys) option and hit Enter.


Step 2. Check and Terminate all malicious running processes:

  • Download and run RogueKiller.
  • Press the “Scan” button (when pre-scan operation is complete).
  • Be patient until Rogue Killer  scans your system.
  • Finally review its findings and press the “Delete” button to clean all malicious entries.


Step 3: Remove remaining malicious registry entries and files.

  • Download and install “Malwarebytes Anti-Malware Free“. (Beware: at the last screen of installation, uncheck the box next to “Enable free Trial of Malwarebytes Anti-Malware PRO” in order to use the free version of this GREAT software).
  • Run Malwarebytes Anti-Malware.
  • Update the Database.
  • Press the Scan Nowbutton and then wait until the scan process is finished.
  • When the scan is completed select all items found and then press “Quarantine All”.
  • Restart your computer if needed and you ‘re done.

One final step: Perform a full scan with your antivirus program


How to Restore Cryptodefense Encrypted Files using Windows System Restore feature.

  1. Open Windows Explorer and select the encrypted folder or file that you want to restore in a previous version.
  2. Press your mouse’s “Right-Click” on it.
  3. From the menu that appears, choose the “Restore Previous Versions” option.
  4. Select the previous version (Date Modified) that you want and then press the “Open” button to view the contents of the selected file (or folder)
  5. If you can successfully open the encrypted file and view its contents then press the “Copy” button. (Otherwise select an older modified version (of your file) until you find a version that you can open (without encryption).
  6. At the “Copy Items” window specify a DIFFERENT destination -than the original-, to copy (save) the restored file and press the “Copy” button.
  7. Make the same procedure for all your encrypted files.
  8. When done then your can transfer the restored files at their original location.

That’s all folks! Did it work for you? Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about these really annoying crap Windows infections.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue fighting spam while keeping this site free: