How to Eliminate “Demo” Ransomware and Restore Corrupted (.Encrypted) Extension Files

“Demo” Ransomware

“Demo” Ransomware – Initial Inspection

Unlike other ransomware, “Demo” Ransomware is unleashed to encrypt victim's photos file only. And demand 0.5 BTC (around 373.00 USD) as ransom payment while the photos files as hostage. During research some interesting facts came into lights like, it created to target Windows users in Germany and in the rare case other countries citizen become the victim too. The ransomware uses AES-256 cipher to encode victims photos files and generate encrypted private & public keys. After completion of encryption process, this ransomware stores private key to C & C server operated by hackers. The ransom note for the "Demo" cryptomalware is dropped as 'HELP_YOUR_FILES.txt' inside each folders having encrypted files. This note features following texts into German language:


Es wurden [number of encrypted objects] Ihrer persönlichen Bild-Dateien mit AES-256 verschlüsselt. Nur wir sind dazu in der Lage Ihre Dateien wiederherzustellen.

Zahlen Sie dazu bitte 0.5 BTC an die unter https://www.criminal-website(dot)ru angegebene Bitcoin-Adresse.

Nach Zahlungseingang erhalten Sie dort ein Programm mit dem Sie Ihre Dateien wiederherstellen können.

Hierzu benötigen Sie folgende Informationen

Key: [331 random characters]

IV: [344 random characters]”

How “Demo” Ransomware fall on your Windows?

  • Primarily via spam e-mail attachments containing exploit kit that may install “Demo” Ransomware,

  • Through freeware packages installation, comes hidden inside free games or software installer packages,

  • By visiting Adult dating websites, Porn site, suspicious link, advertising pop ups displayed on the less reputed sites,

  • Also via peer to peer network such as Torrents platform and USB drives as well.

Characteristics of “Demo” Ransomware infection

  • “Demo” locks your system screen, encodes your saved photos/pictures files,

  • Ransom note in German language keeps popping out at fixed time interval or whenever you boot your system,

  • Remote hackers may access your system remotely because the ransomware opens backdoor for them silently.

  • Default security apps or installed Antivirus may throw warnings related to system security breach.

Therefore, in order to start recovering your Photos files, we first suggest you to remove “Demo” ransomware from your system. Follow the manual removal process, if you are a tech person. But if you are not a tech person then you should follow the automatic removal process to avoid unexpected errors. Instruction is given below: 

Free Scan your Windows PC to detect “Demo” Ransomware


How To Remove “Demo” Ransomware Virus Manually

Step 1 : Restart your computer in safe with networking

  • Restart your computer and keep pressing F8 key continuously.


  • You will find the Advance Boot Option on your computer screen.

Safe mode

  • Select Safe Mode With Networking Option by using arrow keys.

Safe mode

  • Login your computer with Administrator account.

Step 2 : Step all “Demo” Ransomware related process

  • Press the Windows+R buttons together to open Run Box.


  • Type “taskmgr” and Click OK or Hit Enter button.

Type taskmgr in run box

  • Now go to the Process tab and find out “Demo” Ransomware related process.

End process

  • Click on End Process button to stop that running process.

Step 3 : Restore Your Windows PC To Factory Settings

System Restore Windows XP

  • Log on to Windows as Administrator.
  • Click Start > All Programs > Accessories.


  • Find System Tools and click System Restore.


  • Select Restore my computer to an earlier time and click Next.


  • Choose a restore point when system was not infected and click Next.

System Restore Windows 7/Vista

  • Go to Start menu and find Restore in the Search box.

system restore

  • Now select the System Restore option from search results.
  • From the System Restore window, click the Next button.


  • Now select a restore points when your PC was not infected.


  • Click Next and follow the instructions.

System Restore Windows 8

  • Go to the search box and type Control Panel.


  • Select Control Panel and open Recovery Option.


  • Now Select Open System Restore option.


  • Find out any recent restore point when your PC was not infected.


  • Click Next and follow the instructions.

System Restore Windows 10

  • Right click the Start menu and select Control Panel.


  • Open Control Panel and Find out the Recovery option.


  • Select Recovery > Open System Restore > Next.


  • Choose a restore point before infection Next > Finish.


Hope these manual steps help you successfully remove the “Demo” Ransomware infection from your computer. If you have performed all the above manual steps and still can’t access your files or cannot remove this nasty ransomware infection from your computer then you should choose a powerful malware removal tool. You can easily remove this harmful virus from your computer by using third party tool. It is the best and the most easy way to get rid of this infection.


If you have any further question regarding this threat or its removal then you can directly ask your question from our experts. A panel of highly experienced and qualified tech support experts are waiting to help you.