Remove .Reco Virus Ransomware File (+Recovery)



.Reco is a ransomware virus infection that has lately been affecting a lot of users. .Reco is a malware of the file encrypting variety.

The .Reco Virus will encrypt your files, and when is done it will leave a _readme.txt file.

.Reco is a form of Ransomware that can secretly invade your computer, encrypt your files and prevent you from accessing them. You have probably detected the .Reco infection after a ransom note has suddenly appeared on your screen.

The malware ask you for a ransom in order to decrypt the encrypted files and provides you with instructions for payment. Sadly, there is no guarantee that you will ever access some of those encrypted files again and that last part sounds very disturbing. But, on this page, we will do our best to help you deal with .Reco and its attack and offer you some alternative solutions to remove the infection and recover your files. Please note, however, that these two processes are separate and you will not automatically be granted access to the encoded files once you have removed the Ransomware. That’s why, in the guide below, we have listed simple instructions to follow for each of them.

The .Reco virus

.Reco is a file encrypting type of a computer malware known as Ransomware. .Reco is a very dangerous virus which could completely distort a user’s system.

The .Reco virus is a file-encrypting infection that can attack you without visible symptoms. The victims can rarely detect the .Reco virus on time since it rarely shows indications of its operations.

Once the file encryption process completes, however, the Ransomware will notify you about its presence by generating a scary ransom-demanding notification.

In most instances, an infection like .Reco, .Noos or .Xoza can be sent to you via email with an attached file or a hyperlink. Keep in mind that the hackers behind this malware can be very creative and can use different methods to trick you into opening the malicious message. So they may even mimic a letter from some well-known company, or a bill for some service, etc.

Other common methods of Ransomware distribution include malvertisements, which are advertisements that secretly inject the virus to your PC as soon as you click on them. Whatever the case, you likely won’t have any idea that .Reco is in your system and encoding your file, which makes it so dangerous.

The .Reco file encryption

.Reco is a ransomware type of a computer virus. .Reco is a very dangerous file encrypting malware that would cripple a user’s computer and demand a ransom payment in the form of Bitcoins.

The .Reco file encryption is a method that the hackers use to lock your files. The file encryption process runs secretly in the background of the system and is hard to detect.

For most victims, the attack of the Ransomware comes as a blot from the blue. Therefore, they are quite shocked and desperate to get back their files. Reputes security experts, including our “How to remove” team, however, do not recommend paying the ransom money to hackers as a means to recover your files.  This is mostly because by giving money to some anonymous criminals you are imply going to fund them without any guarantee about the future of your encrypted information. Another good point to make is that even if you pay the money, there is no guarantee that you will receive the decryption key for which you have paid. So even if the hackers do send you a key by some chance, there’s still no way to know if it is going to work until you’ve actually paid for it and checked it out. And if it doesn’t work you can rest assured that there will be no refunds or changes. Therefore, we suggest that before risking your money, you should give a try to the removal guide below or explore some other alternatives that may help you avoid the ransom payment.


Name .Reco
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.


Remove .Reco Ransomware

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to .Reco

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the .Reco.


4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and .Reco , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – .Reco

Type each of the following locations in the Windows search box and hit enter to open the locations:






Delete everything you see in Temp linked to .Reco RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: .Reco Decryption

The previous steps were all aimed at removing the .Reco Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Leave a Reply

Your email address will not be published. Required fields are marked *