Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

XUY Ransomware

XUY Ransomware might look like a vicious threat, but in reality, it is not as scary as it might appear to be. Our researchers tested the malicious application and revealed it does not ruin the computer’s Master Boot Record (MBR) or system’s Registry files even though its note could say different. Nonetheless, it is true what is said about the user’s data. The threat encrypts targeted files with a strong encryption algorithm. The only good news is that the malware locks data only in particular locations, which means a huge part of the victim’s data might remain unaffected. If you want to know more details about XUY Ransomware, we invite you to read the rest of this article. The instructions below the text can help you erase the malicious application manually, although if they look too challenging, you should not hesitate to acquire a reliable antimalware tool instead.

XUY Ransomware could be distributed through various channels, for example, Spam emails, chat messages, unreliable file-sharing web pages, and so on. However, we do not think it could be spread widely. The research revealed the hackers behind the malicious application do not care about getting paid as the payment information provided on the threat’s ransom note is all made-up. Therefore, it is likely the malware could be used for getting revenge on someone the hackers might be quarreling with. In any case, to avoid ransomware applications or other malicious programs, users should stay away from files, links, or content alike that comes from people you do not know or from suspicious web pages. To ensure the computer is protected, we recommend employing a reliable antimalware tool too. If you keep it active and up to date it might be able to warn you about potentially dangerous material. Also, it would be smart to scan all files received from questionable sources with the chosen tool first.

Upon entering the computer, the malicious application should check if it contains a file named trig in the %ALLUSERPROFILE% directory. If it does not, XUY Ransomware should begin encrypting files in the %USERPROFILE% and %PUBLIC% locations. If the mentioned directories have subfolders, it is possible the files on them could get affected too. During this process, the targeted data should receive a second extension called .xuy, for example, roses.jpg.xuy. Later on, the malicious application should open a ransom note to inform the victim of what has happened to his computer. The note may claim the user’s files were encrypted and that he can decrypt them if he pays around 400 US dollars in twelve hours. After doing it, users are supposed to send proof of their payment via the provided mail address. We cannot say if the email address is fake or not, but the provided Bitcoin wallet address seems to be, which is why it looks like it is impossible to pay it.

Besides the fake payment information, XUY Ransomware’s note also lies about ruining the computer’s MBR and Registry. Also, it does not destroy files if you delete the malware from the system. As for uploading user’s data onto the Internet, we doubt the hackers could carry out this threat either. Since you cannot pay we do not think there is any point in leaving XUY Ransomware on your system. In other words, we recommend removing it at once.

There are a couple of ways to get rid of the malware. The first option is to delete the XUY Ransomware manually. This process could take a few minutes, but if you feel up to the task, you could follow the steps available below this paragraph. For users who find the manual removal process too complicated, we advise installing a reliable antimalware tool that could deal with XUY Ransomware. Once the chosen tool is installed, users should make it perform a full system scan and wait for results. Then review the results and press the given deletion button to erase all identified threats at the same time.

Eliminate XUY Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Choose Task Manager and select Processes.
  3. Find a process belonging to the threat.
  4. Mark it and click End Task.
  5. Exit Task Manager.
  6. Click Win+E.
  7. Find these paths:
  8. Locate the malicious application’s launcher (some suspicious file downloaded before the infection appeared).
  9. Right-click it and select Delete.
  10. Exit File Explorer.
  11. Empty Recycle Bin.
  12. Restart the computer.
Download Spyware Removal Tool to Remove* XUY Ransomware
  • Quick & tested solution for XUY Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.