.Cspider File Virus – Remove and Decrypt Files - How to, Technology and PC Security Forum | SensorsTechForum.com

.Cspider File Virus – Remove and Decrypt Files

This post will show you how to remove CryptoSpider ransomware and decrypt files that have been encrypted with an added .Cspider file extension.

June 2017 Is the month of the ransomware viruses coming from the open-source Hidden Tear project. Such virus is the CryptoSpider ransomware threat which aims to encode the files on your computer, using AES cipher and then demand you to pay money in order to have your files working again. The virus also adds a lockscreen claiming you have been hacked by ./MR.GHOST-C47. If your computer has been infected by this virus, we suggest that you read the following material and learn how to remove it and decrypt your files.

Threat Summary

Name.Cspider Virus
TypeRansomware, Cryptovirus
Short DescriptionBased on the open-source HiddenTear code. Encrypts files and then asks for a ransom.
SymptomsFiles are encrypted with the .Cspider file extension added to them.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .Cspider Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .Cspider Virus.

.Cspider Ransomware – More Information

The .Cspider virus is from the file encryption type. Being based on the HiddenTear project, it aims to infect users who do not suspect what Is happening. This happens usually via different methods:

  • Being spread via e-mail spam messages.
  • Via malicious files uploaded as fake game patches or cracks.
  • Through multiple different key generators game patches, cracks or other activation software.

After an infection takes place, the .Cspider virus drops it’s malicious file, named CryptoSpider.exe on the victim’s computer.

Then, the virus may modify the registry entries of the infected computer and hence run automatically on system start. In addition to this, the .Cspider ransomware may also delete the shadow volume copies on the infected computer. After doing so, CryptoSpider also aims to encrypt specific files on the compromised computers, like:

  • Documents.
  • Videos.
  • Image files.
  • Audio types of files.
  • Archives.
  • Other often used files.

After the encryption has completed, the files can no longer be opened and have the following file extension:

Fortunately, you do not have to pay anyone to restore the encrypted files, because all HiddenTear versions are now decryptable. But first it is important to remove this ransomware. For the removal and decryption, please follow the instructions below.

Remove .Cspider Virus from Your PC and Decrypt Your Files

Manually delete .Cspider Virus from your computer

Note! Substantial notification about the .Cspider Virus threat: Manual removal of .Cspider Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .Cspider Virus files and objects
2.Find malicious files created by .Cspider Virus on your PC

Automatically remove .Cspider Virus by downloading an advanced anti-malware program

1. Remove .Cspider Virus with SpyHunter Anti-Malware Tool and back up your data

HiddenTear Ransomware Variants – Decoding Instructions

The file-decryption process of HiddenTear ransomware is not as difficult, but you need to be prepared and do it from a safe computer that is powerful. Let’s begin!

Step 1: Download the HiddenTear BruteForcer by clicking on the button below and open the archive:


HiddenTear Bruteforcer


Step 2: Extract the program onto your Desktop or wherever you feel comfortable to easily access it and open it as an administrator:


Step 3: After opening it, you should see the main interface of the brute force. From there, choose “Browser Sample” to select a sample encrypted file of the type of ransomware you are trying to decrypt:


Step 4: After this select the type of ransomware from the down-left expanding menu:


Step 5: Click on the Start Bruteforce button. This may take some time. After the brute forcing is finished and the key is found, copy it and save it somewhere on your PC in a .txt file, you will need it later.

Step 6: Download the HiddenTear Decryptor from the download button below:


HiddenTear Decrypter

Step 7: Extract it and open it, the same way with HiddenTear Bruteforcer. From it’s primary interface, paste the key copied from the BruteForcer, write the type of extension being used by the ransomware and click on the Decrypt button as shown below:


After these steps have been completed, you should immediately copy your files to an external device so that they are safe. After this has been done, we strongly recommend completely wiping your drives and reinstalling Windows on the affected machine.

Vencislav Krustev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share