KeyBTC Virus – Removal Instructions

KeyBTC is a virus that seeks to install itself on an unsuspecting user’s computer. Once there, the KeyBTC virus locks down sensitive files and won’t release them to the computer’s owner until certain terms have been met. Both Interpol and the FBI have eyed a hacker from Russia by the name of Evgeniy Bogachev as being responsible, at least in part, for the development and spread of the KeyBTC virus.

The KeyBTC hackers demanded to be paid the equivalent of $300 in United States currency converted into untraceable funds such as Bitcoins, in an effort to evade detection. Because of its relative success, the virus has since been copied by other unscrupulous hackers in an attempt to extort the innocent. The algorithms used by KeyBTC to encrypt a user’s data have not been cracked in the 30 years since they were developed, making an attempt to simply decrypt the files held ransom by KeyBTC an impossible task.


KeyBTC belongs to a class of worm known as extortion malware. The READ.txt – notepad virus also called KeyBTC attacks files that would be of importance to the computer’s owner, such as pictures, CAD files or documents. It then reconfigures the data of these files into an encrypted format that requires a key to decrypt. For a price paid to the hacker operating the KeyBTC virus, the owner can regain access to the files. If the deadline, usually of a few days, is met without payment, the data is lost to the owner forever. Victims encounter the KeyBTC virus often as part of a legitimate-seeming email.

The email may use the logo of a recognized and trusted company, but contain the KeyBTC virus as an attachment. Once the executable file is initiated, the program installs itself onto the victim’s computer, taking control of certain files. A message from a READ.txt – notepad file is displayed informing the victim that they have a certain amount of time to pay the ransom and recover their data. Another way the KeyBTC virus’s payload is delivered to unsuspecting victims is through the use of a botnet, a collection of widely dispersed programs that communicate with each other and accomplish distinct tasks while separated across the Internet.

KeyBTC Virus

KeyBTC Virus Removal Instructions

The virus removal instructions we have outlined below has been proven remove the KeyBTC virus.

** PLEASE NOTE: If the KeyBTC Virus is on a computer running “WINDOWS 8” see the Windows 8 Virus Removal Instructions

Remember: you must be on the infected computer when performing these 3 easy steps to remove the virus.

STEP 1: Start the computer in Safe Mode with Networking
a. Before starting this step, it is STRONGLY SUGGESTED that you write down our 24HR Toll Free tech support phone number incase you run into any issues or would like any additional help with your PC.

If you need help, this is the number to call!

b. To begin, go ahead and turn off the infected computer and wait roughly 20 seconds, then turn it back on.

c. Next Immediately as the computer begins to turn on, press F8 many times. Pressing F8 allows you to access the Advanced Options Menu. You should see an image like the one below.

Selection the option Safe Mode with Networking

d. Next use your arrow keys and select the Safe Mode with Networking option. Press enter when you have selected that option and the computer will begin to boot into safe mode.

STEP 2: Download the KeyBTC Virus Removal Program
a. Now it is time to open the “Run Command” box.

b.On your keyboard, push and hold the “Windows” key, then press the “R” key. See keyboard diagram below.

Keyboard Shortcut Diagram

c. After you have pressed the “Windows” and “R” key, the Windows Run Box will open. Type the following and press OK:


Windows Run Box

After clicking OK, your computer will connect to the internet and download our recommended virus removal program called Spyhunter.

STEP 3: Installing the KeyBTC Virus Removal Program
a. When you see the download box, click the “Run” button. The picture of the download box is below.

Spyhunter Download Box Click Run

b. Now you should be downloading a program called “Spyhunter 4” this program has been developed by a company called Enigma Software. Through their extensive work on Malware research they have developed one of the worlds most successful Virus and Malware removal programs. This program offers easy “point and click” virus removal.

c. After this program runs the scan, you should see a list of “threats” found on your computer. These Threats can be very harmful and may ruin the computer if not removed. To remove these threats click “fix Threats” and then “register” the program to permanently remove the virus and any other threats found.

*** After registering Spyhunter4 we highly recommend restarting the computer. Then we would like you to make sure everything is working properly. You should notice that the virus has been completely removed. If it has not been removed or the computer is not working 100% to your liking call us immediately at 1-888-895-6053 and one of our techs will help get it working properly again.

Need further assistance? Call us toll free and one of our friendly technicians will kindly walk you through the virus removal process.

Leave a Comment