Donut Ransomware Removal Guide

Do you know what Donut Ransomware is?

Donut Ransomware is a major computer infection that will encrypt a lot of files asking you to pay the ransom fee. In that aspect, there is nothing unexpected about this application. Users are scared into transferring the ransom fee because the program makes it seem that there is no other way to restore the encrypted files. But computer security experts suggest that even paying the ransom does not guarantee that these criminals would issue the decryption key. You should simply remove Donut Ransomware from your system and then protect it from other infections in the future.

When this infection enters the target system, it targets a great number of file extensions, so there is a very big possibility that most of your files will be encrypted. However, we also have a list of directories this infection skips. According to what we have found, Donut Ransomware leaves Program Data, Program Files, Windows, AppData, All Users, and other directories. Most of these directories contain important system files. It seems that the ransomware program leaves out these files because it needs your computer to still function properly. After all, if your computer does not work, you cannot send out the ransom fee, and the people behind Donut Ransomware would not gain anything.

On the other hand, you will know immediately that a lot of files have been encrypted because Donut Ransomware adds an extension to all the encrypted files, and if you had a dog.jpg file, then after the encryption, the filename will be dog.jpg.donut. It goes without saying that you will not be able to open the encrypted files because the system will no longer be able to read them. It does not mean that your files are lost for good. However, if no public decryption tool is found and you do not have a file backup, you may have to delete your files in the end.Donut Ransomware Removal GuideDonut Ransomware screenshot
Scroll down for full removal instructions

How would it be possible to avoid such an end? First, prevention is the most important thing. You might think that getting a powerful security would save the day, but that is only half of the work. It is sure a good thing to have a licensed antispyware tool on your computer, but security applications cannot and do not revert the damage caused by ransomware infections. It is simply a completely different type of infection, and you may have to refer to a professional technician to deal with some of the consequences.

So the best way to deal with this infection is to avoid it in the first place. And how can we avoid Donut Ransomware and other similar intruders? We need to recognize the main ransomware distribution patterns and get out of the way when the installer file comes flying your way. Perhaps a lot of people think that Donut Ransomware and other ransomware slither into target computers behind users’ backs, but the thing is that users tend to install these applications themselves (without meaning to, obviously).

This happens because Donut Ransomware usually gets distributed in spam email. The spam email that carries this ransomware comes with attached files. The attached files are clearly the installer files that launch this malicious application on the target system. Why would users open these files in the first place? That is because these files often look like important notifications or invoice files from online stores and other reliable sources. If you want to make sure whether the file you have downloaded is safe or not, you can always scan it with the SpyHunter free scanner. If the file is malicious, you will be notified immediately.

Below you will find the manual removal instructions for Donut Ransomware. Please note that removing the infection does not restore your files. For file restoration, you should contact a professional computer security expert. Also, if you happen to have an external hard disk where you store copies of your files, you can simply delete the encrypted files and transfer the healthy copies back into your PC. However, you should do that ONLY when you have removed Donut Ransomware for good. If you transfer your files into your system while the ransomware is still there, the new files might get encrypted, too.

How to Delete Donut Ransomware

  1. Press Win+R and the Run prompt will open.
  2. Type regedit into the Open box and click OK.
  3. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  4. Right-click the donut.exe value on the right side, and select to delete it.
  5. Exit Registry Editor and press Win+R again.
  6. Enter %TEMP% into the Open box and press OK.
  7. Delete the CL7b7lCiqNgPB8AKgyc0IHftPfNfMLAT.exe* and wallpaper.bmp files.

*The .exe file name is generated at random, so each infected system will have a different filename.

In non-techie terms:

Donut Ransomware is a computer infection, and this program encrypts your files. When your files get encrypted, you can no longer open them. To decrypt the files, this program expects you to pay a ransom fee. However, paying the ransom does not guarantee that you will get your files back. Computer security experts recommend removing Donut Ransomware from your system immediately. For file retrieval options, please be sure to leave us a comment. Although it might not be possible to get back all of your files, you can surely get back at least a part of them.