Ransomware Removal Guide

Do you know what Ransomware is?

You know that Ransomware has invaded your operating system and corrupted your personal files if the “.SAVEfiles” extension was added to their names. The files that are encrypted by this malicious infection cannot be opened, and that is because the data is encoded and becomes unreadable. To make the files readable again, a special decryption key must be applied, but you do not have it, and the cyber criminals behind the infection are unlikely to provide it to you. Unfortunately, they can trick you into wasting $500 in return for a decryptor. Why would that be a waste? That is because cyber criminals are not obligated to give you anything. As soon as they get the money, they can move on to the next victim. Without a doubt, you want to remove Ransomware, but it is most important that you secure your operating system to ensure that malicious threats do not invade again. If you do not take care of this, you might have to delete other malicious threats in the near future.

Are you cautious when opening spam email attachments? Have you secured all remote access channels? Every single security backdoor can be used to help Ransomware infiltrate. Also, you cannot forget about hundreds and thousands of other infections that could do the same. Our research team is trying to report and provide removal guides for all file-encryptors (e.g., Matrix-NEWRAR Ransomware, No_More_Ransom Ransomware, or Pottieq Ransomware), but new threats keep popping up, and, in most cases, the same security backdoors are used for the distribution. This indicates that Windows users continue being careless. Unfortunately, once Ransomware is executed, it is basically impossible to stop it. It immediately encrypts files and creates a copy with a random name in the %LOCALAPPDATA% directory. So, even if you delete the launcher of the infection (in fact, it should remove itself), you might still be unable to stop the infection unless the copy is deleted too. After execution, the ransomware creates one more file, and it is called “!!!SAVE_FILES_INFO!!!.txt.” It is added to the Startup folder, which allows it to automatically launch on Ransomware Removal Ransomware screenshot
Scroll down for full removal instructions

The message in the TXT file created by Ransomware is pretty straightforward: You need to purchase decryption “software and unique private key” to decrypt corrupted files. The price of this software and key is $500, but the process of the payment is not explained. Cyber criminals want you to contact them first, and you are urged to do that via email ( or the BitMessage app ( The message informs that $500 is the price for the decryptor if it is paid in 72 hours. It is unclear what would happen afterward. In any case, we do not advise paying the ransom because that, most likely, would be a waste of money. Instead, we recommend deleting Ransomware. Even if you have already contacted cyber criminals and paid the ransom, you want to delete this infection. Even if you managed to restore your personal files from backup, you still want to get rid of this ransomware.

Are you afraid that you will not be able to remove Ransomware from your operating system? If that is a fear of yours, we want to remind you that you do not need to handle the task all on your own. Instead, you can install a legitimate anti-malware program that will inspect your system and delete all malicious components automatically. Another important reason to install this program is the full-time protection it can produce. Needless to say, you need this if you want to avoid ransomware and all others kinds of malware in the future.

Remove Ransomware

  1. Tap keys Win+E to launch Windows Explorer.
  2. Enter the following paths into the field at the top to find and Delete the file named !!!SAVE_FILES_INFO!!!.txt:
    • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  3. Enter %LOCALAPPDATA% into the field at the top.
  4. Delete the {random name}.exe file that is the copy of the ransomware.
  5. Delete all recently downloaded suspicious files.
  6. Empty Recycle Bin.
  7. Install and use a legitimate malware scanner to examine your system for malicious leftovers.

In non-techie terms:

If Ransomware has invaded your operating system, you need to take care of two things. First, you need to remove the malicious infection. Next, you need to secure the operating system to ensure that malicious threats cannot invade in the future. Both of these problems can be automatically solved by a legitimate anti-malware program, and so we recommend installing it as soon as possible. Unfortunately, you cannot get your files decrypted whether you delete Ransomware using software or manually. You can restore your files only if backups exist. If they do not, you are not in a good position, but that should not make you take risks, communicate with cyber criminals, and even pay money for alleged decryptors. In the future, make sure that your personal files are backed up so that cyber attackers cannot blackmail you again.