Danger level 9
Type: Malware
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Blocks system files from running
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes

CryptoDefense Virus

CryptoDefense Virus is a dangerous ransomware infection that intends to steal as much money as possible from terrified computer users. According various news reports, CryptoDefense Virus first appeared in February 2014 and ever since then it has infected over 20,000 computers in more than 100 countries. As a result, the criminals behind this infection managed to collect over $34,000 in ransom fees. If you got infected with CryptoDefense Virus as well, do not even think of paying the ransom, because that paying will not make CryptoDefense Virus go away. You need to remove CryptoDefense Virus from your computer and then invest in a reliable antimalware tool that will secure your system from similar infections.

Due to its behavior, CryptoDefense Virus may seem to be related to CryptoLocker Virus, which is also known as an obnoxious ransomware application. However, there seems to be a stark difference between the two programs. CryptoLocker Virus locks you out of your computer and encrypts your files. Unless you obtain a private key after having paid the ransom, you cannot restore your files (especially if you have not set a system restore point before that). However, the situation with CryptoDefense Virus is slightly different.

When CryptoDefense Virus enters your computer and blocks you from accessing your files, this infection also demands you to pay $500 or €500 in bitcoins so that you would be able to decrypt your files. Technically, the private key which allows you to decrypt the files should be stored in the infection’s servers, but CryptoDefense Virus makes a mistake by leaving the private key on the infected computer. Therefore, after you have removed CryptoDefense Virus from the system, you can actually decrypt all the affected files yourself.

It is necessary to delete CryptoDefense Virus as soon as possible and then avoid similar infections in the future. To prevent ransomware from getting into your system, you need to refrain from opening spam email and social engineering messages. For example, CryptoDefense Virus is distributed via spam email attachments. Spam email messages that deliver CryptoDefense Virus are often sent from multiple locations and multiple IP addresses, so it is rather hard to determine the culprit behind this scam.

Once the infection takes place, you see a pop-up message that informs you that your files were encrypted:

Your files are encrypted.
To get the key to decrypt files you have to pay 500 USD/EUR. If payment is not made before [date] the cost of decrypting files will increase 2 times will be 1000 USD/EUR.
We are present a special software – CryptoDefense Decrypter – which is allow to decrypt and return control to all your encrypted files.

Luckily, CryptoDefense Virus does not block you from accessing your desktop or the Internet. Therefore, you can download a reliable antimalware tool and terminate the infection automatically without any difficulties. Scanning the system with a powerful antimalware scanner will also help you to determine whether you have other infections on your PC.

How to remove CryptoDefense Virus

  1. Open your web browser.
  2. Type http://www.pcthreat.com/download-sph into the address bar and press Enter.
  3. Click Run on the download dialog box and install SpyHunter.
  4. Run a full system scan.

Once you have deleted all the malicious CryptoDefense Virus files you need to decrypt your files. This malicious infection is known to encrypt most of the files you store on your PC, including *.jpg, *.cdr, *.eps, *.ppt, *.xls, *.docx, *.doc extension files. However, due to the fact that CryptoDefense Virus leave the private key on your computer, you can restore your files via Control Panel.

he only files that will not appear on the list of encrypted files are the .txt files. To decrypt them, you need to go to %TEMP%, %Program Data% or the default AppData\Roaming\Microsoft\Crypto\RSA directories and locate them manually. The .txt files get decrypted automatically once you double-click them. For other files, you should follow the instructions below.

How to decrypt my files

  1. Click Start menu and navigate to Control Panel (for Windows 8, move mouse cursor to the bottom right of the screen, click Settings on Charm bar and go to Control Panel).
  2. Click User Accounts and Family Safety.
  3. Go to User Accounts.
  4. Click Manage your file Encryption Certificates.
  5. Click Next on Encrypting File System wizard.
  6. Select all the files you want to decrypt on Certificate details and click Next.
  7. Choose All Logical Drives and click Next.

In case you have any questions on how to decrypt your files, or the provided method does not word for you, please leave us a comment below and we will reply as soon as possible.

Download Spyware Removal Tool to Remove* CryptoDefense Virus
  • Quick & tested solution for CryptoDefense Virus removal.
  • 100% Free Scan for Windows


  1. Bonnie Gregory Apr 5, 2014

    I really need help. CryptoDefence... removed by spyhunter. Really need to restore file. My computer does not have a Manage your file encryption certificates.
    Found this....Bill Laswell Volume I false encryptions..mean anything?
    Any other way to restore files?

  2. dude Apr 30, 2014

    i wonder if the secret.key file is written to harddisk... and then deleted... maybe you could recover this file with get data back ntfs?

    but this probably works best if you mount the disk in a different pc IMMEDIATELY and read only.

    otherwise stuff gets overwritten fast.

    any other ideas?

  3. james Jul 29, 2014

    CAN u remove virus from my site is locked and blocked I need to unblock please

  4. DrWitherby Nov 5, 2014

    Why do computers with up to date malware protection, still get infected by malware?
    Read this: to find out why your anti-virus software doesn’t work and what you can do about it.

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.