How to remove Rectot

What is Rectot

Rectot is a serious virus that affects computers running the Windows operating system. Rectot is a type of ransomware (cyber extortion) that encrypts files to make them inaccessible until a ransom is paid.

The symptoms of Rectot

Files that are encrypted by Rectot are named .Rectot. Not only are they renamed, but they’re also totally encrypted. Editing them will not fix them. A ransom note put into a _readme.txt file. The ransom note changes very little from the other DJVU/STOP viruses (Dotmap, Drume, Promorad2) and starts like this:

How to remove Rectot

The criminals’ email addresses are included in the ransom note –,, and @datarestore (a Telegram account).

The impact

A Rectot infection can easily cause stress and lose time and even money. Rectot is part of the STOP/DJVU group which has been going strong for a few months now. The encryption that Rectot uses on the files is strong and hard to break. Almost all the user-created files are encrypted — pictures, songs, documents. If the encryption is well implemented, it won’t be broken without the decryption keys (which only the developers of Rectot have). Decryption is generally very useful for protecting private information, for example, securing banking operations, so it has been developed to be very resistant to breaking.

Download Removal Toolto remove Rectot

Contacting Rectot might seem tempting, especially when they threaten that the decryption will become more expensive if too much time passes between the infection and the contact: $490 might rise to $980. However, even if the ransom is paid, the files are not sure to be restored by the criminals. Online extortionists do not have a good reputation for keeping their promises. A Rectot infection might also signify more malicious viruses being present because some versions of the DJVU/STOP virus are distributed together with some other malware, like keyloggers. Rectot can even modify Windows settings to prevent you from accessing some websites, or cripple the installed antivirus program.

The best defense against ransomware is having good backups, but even then, the files there might be slightly outdated, and it can take a lot of time to remove all malware and restore the files.

How Rectot is distributed

Rectot might sneak into a computer through: Malicious spam email (this seems to be the primary way for ransomware to spread). Hacked Remote Desktop connection, Freeware bundles, Peer-to-peer filesharing. It’s important to always update your antivirus and scan files before opening or running them. Even files that look innocent could cause harm.

To be safe against infected spam emails, learn about phishing messages and their red flags: the impersonal way of addressing the recipient, the urgency, the unnecessary attachments or link, and how unexpected the message is. Phishing might seem crude, but it can be powerful, especially spear phishing. A lot of high-profile hacking is done by obtaining someone’s login credentials through phishing. Don’t overlook the importance of passwords — they should not be easy to guess.

And finally, it’s essential to keep multiple copies of any important files. Not just because of ransomware; Disks can break or fail, a laptop could be stolen, things might be deleted accidentally. Backups should:

Download Removal Toolto remove Rectot

Be recent (and updated when needed), Be disconnected from the computer that is being backed (otherwise a virus would still be able to reach it), Be tested (know that the backups will work, that you know how to quickly restore from them).

How to remove Rectot

First, it’s important to get rid of all malware, if any is still infecting your computer. Anti-Malware Tool, Anti-Malware Tool, or another powerful antivirus would be able to do that. As for the files, if you don’t have backups to restore the files from, there is a decryptor — direct link — that might decrypt a few of the Rectot files (or none, there’s no guarantee). The decryptor is being developed by a volunteer named @demonslay335 on his spare time.

As a final resort to recover the lost files, look at the guide below and see if something works, for example, data recovery might be able to restore some of them, depending on your circumstances.

Stage 1: Delete Browser Extension

First of all, we would recommend that you check your browser extensions and remove any that are linked to Rectot. A lot of adware and other unwanted programs use browser extensions in order to hijacker internet applications.

Remove Rectot Extension from Google Chrome

  1. Launch Google Chrome.
  2. In the address bar, type: chrome://extensions/ and press Enter.
  3. Look for Rectot or anything related to it, and once you find it, press ‘Remove’.

Uninstall Rectot Extension from Firefox

  1. Launch Mozilla Firefox.
  2. In the address bar, type: about:addons and press Enter.
  3. From the menu on the left, choose Extensions.
  4. Look for Rectot or anything related to it, and once you find it, press ‘Remove’.

Delete Rectot Extension from Safari

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Select Preferences from the list.
  4. Choose the Extensions tab.
  5. Look for Rectot or anything related to it, and once you find it, press ‘Uninstall’.
  6. Additionally, open Safari Settings again and choose Downloads.
  7. If Rectot.safariextz appears on the list, select it and press ‘Clear’.

Remove Rectot Add-ons from Internet Explorer

  1. Launch Internet Explorer.
  2. From the menu at the top, select Tools and then press Manage add-ons.
  3. Look for Rectot or anything related to it, and once you find it, press ‘Remove’.
  4. Reopen Internet Explorer.In the unlikely scenario that Rectot is still on your browser, follow the additional instructions below.
  5. Press Windows Key + R, type appwiz.cpl and press Enter
  6. The Program and Features window will open where you should be able to find the Rectot program.
  7. Select Rectot or any other recently installed unwanted entry and press ‘Uninstall/Change’.

Alternative method to clear the browser from Rectot

There may be cases when adware or PUPs cannot be removed by simply deleting extensions or codes. In those situations, it is necessary to reset the browser to default configuration. In you notice that even after getting rid of weird extensions the infection is still present, follow the below instructions.

Use Chrome Clean Up Tool to Delete Rectot

  1. Launch Google Chrome.
  2. In the address box, type: chrome://settings/ and press Enter.
  3. Expand Advanced settings, which you can find by scrolling down.
  4. Scroll down until you see Reset and Cleanup.
  5. Press on Clean up computer. Then press Find.

This Google Chrome feature is supposed to clear the computer of any harmful software. If it does not detect Rectot, go back to the Clean up computer and reset settings.

Reset Mozilla Firefox to Default

If you still find Rectot in your Mozilla Firefox browser, you should be able to get rid of it by restoring your Firefox settings to default. While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

  1. Launch Mozilla Firefox
  2. Into the address box, type: about:support and press Enter.
  3. You will be redirected to a Troubleshooting Information page.
  4. From the menu on the right side, select Refresh Firefox.
  5. Confirm your choice by clicking Refresh Firefox in the new window.
  6. Your browser will close automatically in order to successfully restore the settings.
  7. Press Finish.

Reset Safari Browser to Normal Settings

  1. Launch Safari.
  2. Press on the Safari Settings icon, which you can find in the upper-right corner.
  3. Press Reset Safari.
  4. A new window will appear. Select the boxes of what you want to reset or use the screenshot below to guide you. Once you have selected everything, press ‘Reset’.
  5. Restart Safari.

Restore Internet Explorer to Default Settings

  1. Launch Internet Explorer.
  2. From the top menu, press on Tools and then Internet Options.
  3. In the new window that opens, choose the Advanced tab.
  4. At the bottom of the window, below Reset Internet settings, there will be a ‘Reset’ button. Press that.

While extensions and plug-ins will be deleted, this will not touch your browser history, bookmarks, saved passwords or Internet cookies.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>