Remove Maktub Ransomware

How to Remove Maktub Ransomware?

Reader recently start to report the following message being displayed when they boot their computer:


Your personal files are encrypted!

Your documents, photos, databases and other important files have been encrypted with strongest encryption and unique key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the key. The server will eliminate the key after a time period specified in this window.

Open hxxp://
or hxxp://
or hxxp://
in your browser. They are public gates to the secret server.

If you have problems with gates, use direct connection:
1) Download TOR Browser from hxxp://
2) In the Tor Browser open the hxxp://

(Note that this server is available via Tor Browser only. Retry in hour if site is not reachable).

Write in the following public key in the input form on server:…

is a nasty ransomware infection. But, let’s be honest, is there any other kind? The tool is hazardous, harmful and once it slithers its way into your system, corrupts it entirely. It targets each and every file you have stored on your computer and encrypts it. After the encryption is complete, the pesky program shows you a statement, which announces its requirements. And, it demands you to pay a ransom if you wish to receive the decryption key, which will free your files. It may sound elaborate, but it’s pretty straightforward. Malicious strangers kidnap your data and require a ransom for their release. Maktub usually asks you to pay an amount, varying between 0.5 and 1.5 Bitcoin, which is roughly the equivalent of $204.55 up to $613.65, depending on the sum. As you can see, that’s no small amount. And, not only does the infection require a staggering ransom, but it also gives you a time frame. Oh, yes. It takes it a step further and demands you pay up within 12 hours. If you choose to go through with the ransom exchange, you have to download the Tor browser, go to Maktub’s website, and follow the further instructions, which you’ll find there. Here’s some advice: do NOT pay the kidnappers! There are NO guarantees that if you comply with their requirements, they’ll keep their end of the bargain. NONE whatsoever. There are several ways the exchange can go down and they all end badly for you. One, you pay the ransom. Then what? You’ll either receive the decryption key or not. If you do, there’s a chance it won’t work, and you’ll be back where you started – with your files encrypted, only this time, you’ve lost money and risked your privacy. Yes, by paying the ransom, you allow the unknown individuals behind the ransomware access to your personal and financial details. Is it worth paying? Then again, the key could work. So, what happens next? You decrypt your files, and they’re free from the infection. But come tomorrow and, odds are, you’ll find your data encrypted once more. How come? Well, the ransomware doesn’t disappear if you pay the ransom. Oh, no. It’s there, lurking somewhere on your computer until it decides to pop up and take over again. That’s right. There is NOTHING to stop the ransomware from kicking right back again and encrypting your files, even though you paid the ransom. That’s the kidnappers way of forcing you to pay once more. So, are you willing to play their game? Are you prepared to put up with their treachery? These are untrustworthy, shady individuals, who’ve unleashed a nasty, hazardous infection on your computer that targeted your data and demanded you pay them a ransom if you were to regain control. Do you honestly think they can be trusted? Hardly. So, just accept the odds are NOT in your favor, and act accordingly. It’s a game you can’t win. Pick your privacy over your files. It’s a difficult choice, but it’s the right one.

How did I get infected with?

Despite Maktub showing up on your computer as if by magic, there’s nothing magical about its appearance. Even if it seems unlikely, you are to blame for its presence. The ransomware tool belongs to the group of infections, which require you to participate in their invasion. In other words, they use you to slither into your system by preying on your carelessness and duping you into permitting their installment. They use various methods to do so, but they all revolve around your distraction, haste, and naivety. For example, if you’re installing freeware, and you don’t do your due diligence and thoroughly familiarize yourself with the terms and conditions but, instead, agree to everything, don’t be surprised to find an infection, lurking on your PC. But that’s just one of the tool’s deceitful means of infiltration. There are plenty more. Like, junk email attachments, torrents in unsafe websites, corrupted links, fake updates, etc. Also, Maktub is often distributed through zipped Word documents. Once the file is extracted and opened, the ransomware invades your PC and goes to work encrypting everything you have stored on it. To prevent that scenario from unfolding, try to extra vigilant and attentive, and don’t rush. In truth, there are dozens of possibilities of infiltration but, ultimately, they all rely on your carelessness. So, if you don’t provide it, you significantly increase your chances of keeping your PC infection-free. Be safe and thorough now, so you aren’t sorry later.

Remove Maktub

Why is Maktub dangerous?

After Maktub is has managed to fool you and sneak past you, it hardly wastes time dilly-dallying. The infection gets to work and begins it encryption process. It locks every single file you have on your computer. Nothing is safe from it, and nothing can escape its reach. After the nasty program is done, you’ll find each of your files has been renamed. Maktub adds an extension to each one that locks it in places and solidifies its control over it. Most of the times, it’s NORV, but it can be any other random extension. To clarify, if you had a picture called ‘summer,’ after the ransomware is through wit it, it would bear the name ‘summer.norv.’ And, when you see it like that, you won’t be able to open it for the extension renders it inaccessible. And, renaming it won’t work. The only way to free your files from the ransomware is to apply the decryption key. And, how do you get the key? That’s right! You guessed it! The infection holds it for ransom. If you comply with its demands and pay up, it grants you the required key, and you’re free to release your data. If you don’t, you’re left to say goodbye to each and every one of your files. But do you know what? Experts advise towards you doing just that, right from the bat. Yes, it may seem unbelievable, but it’s in your best interest to forsake your files instead of giving into the tool’s requirements. If you pay the ransom, regardless of its amount and currency, you are opening a door to strangers with hidden, possibly wicked, agendas, a door, which leads straight to your personal and financial information. And, once it’s opened, it cannot be closed. So, even if you disregard all the variables regarding the ransom exchange, it’s not worth risking your privacy over your data. Files are replaceable. Can you say the same for your privacy?

Maktub Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Maktub Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.


  • Locate any suspicious processes associated with Maktub encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Maktub encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment