CryptInfinite - How to remove

CryptInfinite (aka DecryptorMax) is dangerous virus that might lock files stored on your computer. It is listed as a ransomware, because once inside of your computer it will encrypt your files and will ask for a ransom to get them back.

If you have noticed that your computer is infected with CryptInfinite and you can’t access your files, we suggest to eliminate this infection from your computer as soon as possible. There are two most common methods to eliminate virus like CryptInfinite – you can do it either manually or automatically, so it’s completely up to you which removal method to choose.

It is much easier and less time consuming to do it automatically, therefore we recommend to choose this removal method. All you have to do is to download reliable anti-malware application, such as Spyhunter or Malwarebytes, install it on your computer and then run a full scan of all files stored on your hard drive. It will also protect your computer from similar infections in the future, so it’s worth to keep it installed. You can use other anti-malware of your choice as well.

However, if for some reasons you don’t want to download any additional anti-malware software, you can get rid of CryptInfinite manually as well. This process might be complicated, therefore we have developed a step-by-step CryptInfinite manual removal guide – you can find it below this article. Try to complete all steps correctly and you will be able to eliminate CryptInfinite manually by your own.

To learn more about specific features of CryptInfinite please continue reading this article. If you have some specific questions regarding this topic, feel free to ask them in the comments section below and we will do our best to answer them all.

About CryptInfinite ransomware

This ransomware is really similar to all other ransomware of this type – first of all it secretly enters the system, when encrypts various files stored there and asks for a ransom to receive a decrypter. CryptInfinite can encrypt all most common file extensions, here’s a full list:

sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt

Once this process is over, you will see a message on your desktop that looks something like this:

You will be asked to pay $500 ransom within 24 hours in order to retrieve your files. If you fail to do that, the ransom will be raised to $1000. Do not fall for that trick – they are just trying to frighten you this way. Please notice: there are no guarantees that your files will be decrypted, even if you pay the ransom.

Developers of CryptInfinite ransomware virus also suggest to send them one encrypted file via email so they would decrypt it and prove that decryption is possible this way. Don’t believe that as well.

Decrypt files by having downloaded and executed the CryptInfinite decryptor from here, after you have made the copies of the infected files and have removed the crypto-malware. You should eliminate CryptInfinite from your computer as soon as possible because it can infiltrate other malware into your system or encrypt even more files.

How to remove CryptInfinite virus

The easiest way to get rid of this ransomware is by scanning one’s PC from another user account with Spyhunter, Hitman or other anti-malware tool. If you do not have one, do the following:

1. Reboot, and press F8 while screen is blank.
2. Choose safe mode with command prompt.
3. Run control nusrmgr.cpl, create another account.
4. Reboot and log in that account.
5. Run Anti-Malware scan.

If this fails, there are other options to get rid of CryptInfinite virus:

• Restart your computer;
• Press F8 while it is still restarting;
• Choose between safe modes in following order: Safe mode, Safe mode with command prompt.

Then follow the guides below:

If your computer runs in Safe mode or Safe mode with networking and you see no blank screen instead of CryptInfinite virus one 

1. Launch MSConfig.
2. Disable startup items rundll32 turning on any application from Application Data. Note, that these are typical locations for CryptInfinite virus but some others might be used.
3. Restart the system once again.
4. Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to identify CryptInfinite virus files and delete it.

Here is a video showing how to complete the steps:

If your computer runs in Safe mode with command prompt 

1. Run Regedit.
2. Search for WinLogon Entries. Write down all files it references that are not explorer.exe or blank. Replace them with explorer.exe.
3. Search registry for CryptInfinite virus files and delete the registry keys referencing the files.
4. Try to reboot and scan with Spyhunter.
5. If this fails, try doing system restore from safe mode with command prompt (rstrui.exe).

If none of safe modes could be launched

Hitman Pro USB disk

If you did not succeed using any of the methods above, try scanning PC with a bootable USB or DVD disk. These should be able to remove all versions of CryptInfinite virus, but will not work if your hard drive is encrypted.

For that, we recommend using Hitman Pro Kickstarter USB.

1. Download Hitman Pro on uninfected PC.
2. Run Hitman and ask to create Kickstarter USB (option on initial screen).
3. When USB is ready, reboot infected PC with USB attached and press DEL.
4. Choose USB as primary boot device.
5. Boot normally.
6. Run Hitman Pro and https://www.2-viruses.com/downloads/spyhunter-i.exe . One of these programs should detect and remove malware from your PC.

Automatic Malware removal tools

Manual removal