Home » Blog » Cybersecurity » How to remove Ordinypt (Virus Removal Guide)

How to remove Ordinypt (Virus Removal Guide)

What is Ordinypt?

The Ordinypt virus (also called HSDFSDCrypt) is a wiper disguised as ransomware that is currently attacking Germany. The Ordinypt virus does not encrypt personal files but instead rewrites files with random data. The Ordinypt virus will replace the contents of files with random generated characters consisting of uppercase and lowercase letters and numbers.


The Ordinypt wiper tries to appear like ransomware and even drops a ransom note named Wo_sind_meine_Dateien.html (Where_are_my_files.html) throughout the computer. Here’s an example of the ransom note:

Ihre Dateien wurden verschlüsselt!

Sehr geehrte Damen und Herren,

Wie Sie mit Sicherheit bereits festgestellt haben, wurden alle Ihre Dateien verschlüsselt.

Wie erhalte ich Zugriff auf meine Dateien?

Um Ihre Dateien erfolgreich zu entschlüsseln, benötigen Sie unsere Spezielle Software und den dazugehörigen Decrypt-Key.

Wo bekomme ich die Software?

Die Entschlüsselungs-Software können Sie bei uns erwerben.
Der Preis für die Entschlüsselungs-Software beläuft sich auf 0.12 Bitcoin (ca. 600 Euro).

Bitte beachten Sie, dass wir ausschließlich Bitcoin für den Erwerb der Software akzeptieren.

Wo bekomme ich Bitcoin?

Bitcoin können Sie Online sowie Offline erwerben, eine Liste empfohlener Anbieter folgt:

https://www.bitcoin.de/de/ – Online
https://localbitcoins.com/ – Online / Offline
https://btcdirect.eu/de-at – Online
https://www.virwox.com – Online

Bitte transferieren Sie exakt 0.12 Bitcoin an folgende Addresse: 14DeorRVAaqEeLugPHhcHdejyEAL26gdpx

Nach erfolgreichem Zahlungseingang erhalten Sie automatisch die Entschlüsselungs-Software sowie den dazugehörigen Decrypt-Key.


Sollten wir innerhalb von 7 Tagen keinen Zahlungseingang feststellen, gehen wir davon aus, dass Sie kein Interesse an der Entschlüsselung Ihrer Dateien haben. In diesem Fall löschen wir den Decrypt-Key unwiderruflich und Ihre Dateien sind für immer verloren.

Ihre Dateien wurden mit einem 256-Bit AES Algorithmus auf Militärqualität verschlüsselt. Wir empfehlen Ihnen keine Zeit mit eigenhändigen Entschlüsselungsversuchen zu verschwenden, dies würde Sie nur unnötig Zeit und weiteres Geld kosten, Ihre Dateien wären aber weiterhin verschlüsselt.


Zusätzlich zur Entschlüsselungs-Software erhalten Sie nach erfolgreicher Zahlung, hinweise wie die Schadsoftware auf Ihre System gelangen konnte und wie Sie sich in Zukunft vor weiteren Übergriffen schützen können!

Although the Ordinypt wiper does not encrypt files it performs a search for files just like ransomware, but instead just “creates a “pseudo-encrypted-file” which in reality is only a garbage file. The virus actually deletes the original.

How was Ordinypt installed?

Like ransomware, the Ordinypt virus is spread via email spam messages. The emails are currently written in the German language and target German users.

The emails claim to be resumes sent in reply to job advertisements. The emails contain two files — a JPG image of the woman supposedly sending a resume, and a ZIP file containing the resume and a curriculum vitae. The attachments might be named Viktoria Henschel – Bewerbungsfoto.jpg and Viktoria Henschel – Bewerbungsunterlagen.zip.


Ordinypt removal steps

The Ordinypt removal steps on this explain how to remove Ordinypt viruses, malware, and other threats from your computer.

Step 1: Remove malware with Malwarebytes Anti-malware
Step 2: Check your computer for malicious trace files with HitmanPro
Step 3: Clean up and fix system issues with CCleaner

1. Remove malware with Malwarebytes Anti-Malware


  1. Open your browser window and download Malwarebytes 3.0 Premium or Malwarebytes Anti-Malware Free.
  2. Open the executable file (mb3-setup.exe) to begin installing Malwarebytes.
  3. Select your language, click Next, then select “I accept the agreement,” click the Next button several times, and then click the Install button to install Malwarebytes. Click Finish once the install process is complete.
  4. Open Malwarebytes and click the Scan Now button on the Dashboard to begin scanning your computer.
  5. Click the Quarantine Selected button once the scan is finished.
  6. If Malwarebytes says “All selected items have been removed successfully. A log file has been saved to the logs folder. Your computer needs to be restarted to complete the removal process. Would you like to restart now?” click the Yes button to restart your computer.

2. Check your computer for malicious trace files with HitmanPro


  1. Open your browser window and download HitmanPro.
  2. Open the executable file (hitmanpro_x64.exe or hitmanpro_x32.exe) to begin installing HitmanPro.
  3. Click the Next button, check “I accept the terms of the license agreement,” and click the Next button again.
  4. On the Setup page select “Yes, create a copy of HitmanPro so I can regularly scan this computer (recommended)” and add your email address to the registration fields to begin the free trial.
  5. Click Next to begin scanning your computer.
  6. Once the Scan results are displayed click the Next button and click the Next button again on the Removal results page.

3. Clean up and fix system issues with CCleaner


  1. Open your browser window and download CCleaner Professional or CCleaner Free.
  2. Open the executable file (ccsetup.exe or other) to begin installing CCleaner.
  3. Click the Install button to begin stalling the program.
  4. Click Run CCleaner to open the program when installation is complete.
  5. Select the Cleaner tab and click the Analyze button.
  6. When the Analyze process is complete click the Run Cleaner button to clean all files.
  7. Next, select the Registry tab and click the Scan for Issues button to scan for issues in your registry.
  8. When the scan is complete click the Fix selected Issues button and Fix All Selected Issues button to fix the issues.
  9. Next, select the Tools tab and click Startup. Examine each area, search for suspicious entries, and delete any suspicious startup entries by selecting the entry and clicking the Delete button.
  10. Next, click Browser Plugins and search each internet browser for unwanted browser add-ons and extensions. Click the extension you want to delete and click the Delete button to remove it.

Lead Editor

Jared Harrison is an accomplished tech author and entrepreneur, bringing forth over 20 years of extensive expertise in cybersecurity, privacy, malware, Google Analytics, online marketing, and various other tech domains. He has made significant contributions to the industry and has been featured in multiple esteemed publications. Jared is widely recognized for his keen intellect and innovative insights, earning him a reputation as a respected figure in the tech community.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

What is wewillhelp@airmail.cc and how do i remove it?

How to remove Ranscam ransomware

How to remove CryptXXX ransomware