Proper Guidance to uninstall .bat Ransomware permanently

.bat Ransomware is a file encrypting malware that locks the targeted files and doesn’t allow the users to access it. Like a general rule with the ransomware, you will be asked to buy the decryption key from the cyber-criminals on paying a very heavy ransom amount. When you try to access the encrypted files, a ransom note namely “RETURN FILES.txt” appears on the screen. This file contains the basic details of this malware and it basically tries to convince you to make the ransom payment. On every encrypted file, it adds .bat extension together with the victim’s unique ID and email address of the associated cyber-criminals. For example, if a file named as .bat Ransomware.jpg gets encrypted, its name will get changed to .bat Ransomware.jpg-id-1PL00E0.[[email protected]].bat”. Technically, .bat Ransomware is a version of Dharma ransomware family and it uses RSA-1024 encryption method for file encryption.

As already mentioned earlier, the aim is to convince or force you to buy the decryption key. Each victim gets a unique victim ID. This ID is to be provided to the cyber-criminal through their email ID namely [email protected] In return, the cyber-criminal will give the crypt-currency wallet address where the money is to be paid to get the decryption tool. As per their claims, once you pay the ransom money, you will receive detailed instruction along with the decryption tool to get your encrypted files back. You will be encouraged to make the payment with-in 7 days of ransomware attack otherwise the decryption key may get overwritten and you will lose your data permanently. They also threat that if you try any other options to recover the encrypted files then you may face permanent data loss. In some cases, they may increase the decryption price. In order to win your trust, they offer to decrypt one of your files for free.

Note: There is no guarantee that you will receive the original or functional decryption key after you pay the ransom money. In many cases, the victims are totally ignored by the cyber-criminals once they receive the money. Until now, there is no free decryption tool that could do file recovery for you. So, it is advised to use the backup files if available to get your data back. You should immediately check the “Volume Shadow Copies” whether it is available or not. You can also try your luck using a third-parity data recovery tool.

It is true that data recovery is important however this is not possible until .bat Ransomware is present in your work-station. So, your immediate focus should be to remove this ransomware so that you can recover the encrypted files and other files that have not been encrypted until now remain safe.

How .bat Ransomware gets inside my PC:

The cyber-criminals uses spam email campaigns as a major trick to circulate malware infection. The other popular sources are bogus software updates, cracked or pirated tools, and unsafe sources to download software, unsafe hyperlinks and pop-ups and so on. In case of spam email attack, the targeted victim will receive tons of emails in their inbox and each of them contains some kind of attachment with them. They are usually MS Office files, ZIP or RAR files etc. As soon as they are downloaded or opened, the malware payloads and scripts get downloaded in the backdoor.

Peer-to-peer file sharing networks such as torrents, untrusted and unofficial download sources etc. are also used to intrude the malware payloads secretly in the background. The malicious files are often disguised as a very helpful and legitimate program.

How to Protect PC from malware Attack:

First thing first, you have to be very careful regarding the emails you receive and the attached files you open. The email that looks suspicious and irrelevant should be avoided. Similarly, you should be very careful while updating any kind of software. Don’t use any cracked software that basically is software that is activated without paying money to its developer. In most cases, they contain suspicious codes and files with them that could be a malware infection. At last, use a powerful anti-malware tool that has strong scanning algorithm and programming logics that can provide you protection in real-time.

Special Offer: 

.bat Ransomware is a perilous malware. In order to avoid its removal, it hides its payloads and scripts deep inside the PC. You may try downloading SpyHunter Malware Scanner and check if it detects this malware for you.


Go through the SpyHunter’s EULA, Threat Assessment Criteria, and Privacy Policy. You must  note that only SpyHunter’s scanner is free. If it detects a malware, it will subject to a 48-hour waiting period, one remediation and removal. In order to remove the malware instantly, you have to purchase its full version.

Steps To Remove .bat Ransomware From Compromised Computer

The infections like .bat Ransomware or similar ones or those belong to other malware category are all designed to generate with only ill intention to make money for its developers who make use of any technique to force you down. However, most of the security experts associated with different security associations say this is not much harmful browser and can be removed from an infected computer by getting through some steps. If you follow the steps in the same order and with full attention as described in the procedures below, we hope you can also free up your PC easily. It’s recommended to take a hard copy of the guidelines on paper or get another computer to assist you following the steps without any hassles.

Step 1:Track and remove .bat Ransomware from computer’s processes from task manager.

Step 2:Locate and delete the definition of this program from startup files, registry files, and host files.

Step 3:Removal of .bat Ransomware from all reputed browsers.

Step 4:Delete .bat Ransomware with an automatic solution(The Safest and most recommended method)

Step 1: Track and remove .bat Ransomware from computer’s processes from task manager.

  • Launch the Task Manager by pressing a key combination CTRL+SHIFT+ESC simultaneously.

  • Review the suspicious processes and note down its file location on computer.end-malicious-process

  • Terminate the processes now.

  • Open the “Run” command box and enter the noted down location to open in file explorer.

  • Delete the file permanently.

Step 2: Locate and delete the definition of this program from startup files, registry files, and host files

  • Launch the file explorer or any folder from my computer.

  • Click on “View” option in the above Menu (Older Windows version’s user may go to control panel to open “Folder options”)

  • Choose “Folder and Search Options”

  • Click over “View” tab.

  • Scroll down to find “Show hidden files and folders” option, and check it in the check box.

  • Find “Hide protected operating system files” and uncheck it. (This will allow you to see super-hidden files in any folder to identify the suspicious ones.)

  • Click “Apply” then “Ok”

Cleaning .bat Ransomware definitions from Windows registry

  • To open Windows registry editor, click Win+R combination.

  • Type “regedit” ro simply copy and paste in the command line

  • Press Ok.

  • Navigate to below mentioned registry files depending on your OS versions (32 bit or 64 bit) and delete the files.

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or


  • Now Launch the Windows explorer and navigate to %appdata% to find and delete suspicios executable files from there, and close the window.

Fixing Hosts file to block the unwanted redirection on all active browsers

  • Open windows explorer and navigate to Windows directory.

  • Go to System32/drivers/etc/host

  • open the host file and notice it. If the system is hijacked by the infection you would see several IP definitions at the bottom.

  • Select those IP addresses and delete them. (Don’t delete the local host entry)

  • Save and close the file, and exit the explorer window.

Step 3: Removal of .bat Ransomware from all reputed browsers (Steps included for Chrome, Firefox & Internet Explorer)

Google Chrome

  • Launch Chrome browser.

  • Click over the main menu icon and select Tools or More Tools, then Extensions.

  • Scroll down to notice the list of installed extensions to find suspicious one and click the bin option beside it.

  • Click remove button to confirm the deletion.

  • Finally, Reset the Chrome settings to default leaving nothing behind.

Mozilla Firefox

  • Launch the Firefox and press CTRL+SHIFT+A to open extension Window.

  • Look for the .bat Ransomware extension and Disable it.

  • Now go to Help section.

  • Click over Troubleshooting information then hit the Reset button.

  • Confirm the act to reset the browser.

Internet Explorer

  • Simply, open the browser and click thee Gear Icon on the upper right corner.

  • Navigate to Internet options and click it.

  • Now, navigate to Toolbars and Extensions, to see the list of installed addons to find unwanted one.

  • Disable or delete the selected extensions permanently.

  • In order to reset the Ie, click over Advanced tab, and click Reset.

  • Press OK button to confirm.

Cleaning the browser’s shortcuts on the computer is also recommended in most of the cases and should be accomplished for all installed browsers, for which the steps are:

  • Select the browser short-cut, and right click on it.

  • Navigate the properties and click it.

  • In the opened window, find the target option, and remove the argument for .bat Ransomware .

  • Apply the changes.

Step 4: Remove .bat Ransomware with an automatic solution

Although the removal method through manual instructions are effective and proven to provide the best results, still some of the victimized users may fail to get the results as per their desire. This can happen due to lack of technical consent to access most of the administrative utilities as used in above guidelines. If you also got stuck through the instructions or seeking the safest method which needs not any high end manual steps, then opting an automatic solution could be the best solution. You just need to do a few instructions taken in practice to install and scan the system deeply that will fix all issues and remove .bat Ransomware completely. The required steps to do so is all here mentioned.

Special Offer: 


.bat Ransomware is a perilous malware. In order to avoid its removal, it hides its payloads and scripts deep inside the PC. You may try downloading SpyHunter Malware Scanner and check if it detects this malware for you.

Step 1:Download and install .bat Ransomware removal tool and install it on your computer (Note:this is a free scanner that will detect the present malwares on your system only. In order to fix the threats completely, you would have to buy its full version to remove the threats.)

Step 1

Step 2: After the installation is finished, run the scanner and you will see the two options as depicted in the image below. Click on “Scan Computer Now” button.

Step 2

Step 3: In this step, you would see the scanning process bar with detection of found threats and its short description along-with its categorized thumbnail.

Step 3

Step 4: Lastly, the scanner finishes scanning the computer to show full list of detected threats on computer. Just click on “Fix Threats” button to complete the removal that hardly takes a few moments depending upon the nature and severity level of the malware items.

Step 4