How to Remove 1txt (File Virus)

How to Remove 1txt Ransomware?

The Enigma Ransomware is back, more harmful than ever. We firstly came across this Russian parasite a couple of months ago. Its brand new updated version is even nastier than the original one. As if the prototype wasn’t malicious enough. Enigma Ransomware uses the AES-128 encrypting algorithm to lock your files. Being a file-encrypting parasite, this thing completely denies you access to your own data. Pictures, music, videos, presentations, MS Office documents, etc. You’re unable to open any of it. That is because this parasite changes your files’ formats. Instead of their initial extensions, your files now end with the “.1xt” appendix. Enigma’s older version used to add the “.enigma” file extension. Anything this program locks becomes inaccessible. It goes without saying how much trouble that might cause you. Just think about it. Due to the parasite’s trickery, all information stored on your device is unusable. Enigma Ransomware turns your precious data into unreadable gibberish that the PC can’t recognize. Furthermore, the virus asks for a ransom. Have you had to deal with ransomware so far? It only messes with your files so that hackers could steal some money. This is what the Enigma virus is after too. You’re now stuck with one of the most deceptive and virulent types of malware online. This is a title ransomware has earned through the years. As you could imagine, nobody wants to have their personal information locked. Ransomware’s shenanigans are just getting started, though. While encrypting your data, the virus creates an “enigma_info.txt” file. It contains detailed payment instructions in Russian. You see, hackers offer you a deal. In exchange for 0.4273 Bitcoins, you’re supposed to receive a unique decryption key. The problem is that hackers aren’t famous for playing by the rules. According to their message, it is impossible to free your files without a decryptor. And, for those of you unfamiliar with Bitcoins, the sum demanded is quite a hefty one. The opportunity to restore your files would cost you almost 280 USD. Are you willing to give crooks 280 dollars for nothing? Cyber criminals are only interested in extorting your Bitcoins. That means decrypting your files is their very last concern. Do not make your already bad situation worse by getting scammed. Get rid of this parasite instead.

How did I get infected with?

Crooks usually attach infections to spam messages. Not only do you compromise your computer yourself but you also do so without knowing it. Quite a nasty trick, isn’t it? In the future, pay attention to your inbox. If you stumble across some suspicious email-attachment, don’t rush to click it open. This might be a vicious infection trying to sneak in. Delete what you don’t trust in order to prevent malware installation. Also, stay away from illegitimate websites and unverified software bundles. Ransomware also travels the Web with the help of Trojan horses. Hence, the Enigma virus may not be the only parasite you should be worried about. Check out the device for more infections. Other popular methods are Exploit Kits, fake program updates and corrupted pop-ups. Cyber parasites are incredibly devious and tricky. To protect your safety, you have to constantly keep an eye out for malware. One single moment of haste could result in some long hours of fighting a nasty intruder. Always remember that preventing infiltration is easier than removing a virus afterward.

remove 1txt

Why is 1txt dangerous?

Enigma Ransomware originally targeted Russian PC users only. Its improved version, however, is going global. Thanks to the strong RSA encrypting cipher the pest uses, your files are now unreadable. As mentioned, this program adds the .1txt extension to the data it modifies. Furthermore, all these changes happen out of the blue. Many people give into their panic and despair when dealing with ransomware. Thus, it’s very important to remain calm and take adequate measures. Do not let hackers cause you harm. You might fall victim to your own anxiety so be careful. The parasite’s ransom note also provides you a link to some unreliable Tor browser. Stay away from that web link unless you want to be blackmailed. Enigma Ransomware is a fraudulent menace that must be deleted on the spot. To do so manually, please follow our comprehensive removal guide down below.

1txt Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover 1txt Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.


  • Locate any suspicious processes associated with 1txt encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate 1txt encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment