Shit File Virus Removal

How to Remove Shit File Extension Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:


    All of your files are encrypted with RSA-2048 and AES-128 ciphers.
    More information about the RSA and AES can be found here:
    Decrypting of your files is only possible with the private key and decrypt program, All which is on our secret server.
    To receive your private key follow one of the links:
    If all of this addresses are not available, follow these steps:
    1. Download and install Tor Browser:
    2. After a successful installation, run the browser and wait for initialization.
    3. Type in the address bar: jhomitevd2abj3fk.onion/
    4. Follow the instructions on the site.
    !!! Your personal identification ID: !!!

Well, hackers could have probably chosen a more classy name for this one. Crooks tend to be quite dramatic when it comes to malware, though. The .Shit file extension isn’t even the weirdest thing we’ve come across so far. However, it’s an indication of a particularly virulent parasite. Ransomware. Yes, you have been unlucky enough to install a file-encrypting program. According to many researchers, ransomware is the most dangerous, aggressive and devastating virus online. In addition, the number of ransomware infections is growing. What exactly is ransomware? This type of malware renames your personal files and changes their format. As a result, you’re left with inaccessible, unreadable, unreachable data. Now, back to your problem. You’ve fallen victim to a brand new version of the Locky Ransomware. Unfortunately, Locky is famous for being notoriously problematic. Its latest variant adds the bizarre “.Shit” extension. Seeing this appendix means that the virus has already modified your files. All your files. Ransomware doesn’t discriminate and it locks a huge variety of file formats. We’re talking music, pictures, videos, MS Office documents, etc. Anything the parasite finds on board, it locks. Locky uses the RSA-2048 algorithm and AES CBC 256-bit key. Long story short, it turns your information into gibberish. The Locky Ransomware renames your files with a random combination of symbols. Then it tails on the “.Shit” appendix and that is it. Thanks to its strong encrypting algorithm, you’re being denied access to your own data. As you could imagine, this might cause you serious damage. You’re unable to view your pictures or listen to your favorite music. However, you’re also unable to use documents and other private/work-related files. Do you see why ransomware is so incredibly dreaded? It hasn’t just received the title of “most catastrophic infection online”. Ransomware has earned it. If you thought locking your files was bad, wait till you see what else Locky has in store. The virus creates files which contain detailed (and also aggravating) payment instructions. Those files are called _WHAT_is.html, _[2_digit_number]_WHAT_is.html, and _WHAT_is.bmp files. According to the ransom notes, you need a decryptor to free your data. Of course, this luxury doesn’t come for free. You figured this scheme out, didn’t you? Ransomware is aiming at your money. In order to blackmail you, the parasite encrypts your private files. That means you’re now dealing with a deceptive, cunning infection. The Locky Virus is attempting to scam you. Ignore hackers’ promises for a decryption key because they are not to be trusted.

How did I get infected with?

The most popular infiltration method involves spam emails. This is also the oldest trick in the books. As you can see, though, it’s extremely effective to date. All that crooks have to do is attach the parasite to a bogus email or message. You do the rest. By clicking it open, you practically set the infection free. That means you’re infecting your own machine. Quite a nasty trick, isn’t it? To protect your PC in the future, be careful online. Stay away from anything unreliable and avoid spam email-attachments. Is is much easier to prevent installation than to remove a virus later on. Hence, make no mistake and keep your device infection-free. Ransomware applies other techniques as well. It may get installed with the help of a stealthy Trojan horse or via a malicious torrent. It might also pretend to be a legitimate software update. Our advice is to shun unverified websites, pop-ups and program bundles. As mentioned, the Web is currently full of dangerous ransomware infections. Make sure you never have to tackle such a nuisance ever again.

remove .shit file virus

Why is Shit File Extension dangerous?

Paying the ransom is not an option. For one thing, you’d be making a deal with hackers. There’s no plausible scenario in which such a bargain is reliable. Crooks are the people who locked your files in the first place. Do they really deserve to be paid for that? Locky’s ransom message claims freeing your files would cost a hefty sum of money in Bitcoin. This is how hackers gain illegal profit online and this is why they encrypted your files. Cyber criminals rely on your despair and panic. Thus, you have to keep in mind ransomware is nothing but an attempt for an online fraud. Don’t become a sponsor of hackers and don’t support their malicious business. Every single cent they gain will be used to develop more malware. Eventually, more innocent PC users will end up scammed. To delete the Locky Ransomware manually, please follow our detailed removal guide down below.

Shit File Extension Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Shit File Extension Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.


  • Locate any suspicious processes associated with Shit File Extension encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Shit File Extension encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment