How to remove .xtbl Virus

Files encrypted by .xtbl Virus (Troldesh Ransomware): Is there any solution?

Threat Summary

Threat Name: .xtbl Virus, XTBL Ransomware, Troldesh Ransomware

Threat Type: Ransomware, File Virus, Crypto-Malware

File Extension: “.XTBL”

Cybercriminals’ email ID: “[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]

Description: This dubious file virus locks all types of files stored in your computer and demands ransom payment for decryption.

Distribution methods: Malicious emails and attachments, suspicious hyperlinks, fake software updaters, installers and downloaders

Motives of attackers: Aims to collect your personal information and shares it to illegal ones.

Malware removal method: To remove .xtbl Virus or similar malware, we recommended you to scan your System with powerful antivirus software.

Data recovery solution: After complete ransomware removal, you can restore all files locked by ransomware using strong data recovery software.

What is .xtbl Virus? What it does?

.xtbl Virus or “XTBL Ransomware” is also known as “Troldesh Ransomware” that is designed to target your Microsoft Windows Operating System and locks all of your personal files stored in your computer. This dubious file virus is made using RSA & AES encryption algorithm techniques by cybercriminals. It renames each file by adding a line of random numbers indicates the victim’s unique ID and email addresses pointing the cybercriminals behind this ransomware and .xtbl appendix. For example, it modifies “1.png” filename to “1.png.[VICTIM’S ID].[DEVELOPERS’ EMAIL].xtbl”. After encryption process is finished, it drops “How to decrypt your files.txt” text file as ransom note in each folder of your computer that explained the only way to decrypt or recover files locked by ransomware is to purchase & use its decryption software/keys. Otherwise, they will delete all files & folders of your computer permanently.

.xtbl Virus locks all types/formats of files including images, audios, videos, games, pdf, ppt, xlx, css, html, text, documents, databases and other files of your computer. In other words, you can’t access or open your personal files anymore due to its dubious behaviors. As mentioned in ransom note, the message states that all files stored in your computer have been locked due to security reasons and you need to pay $538.06 amount of ransom money in Bitcoin cryptocurrency (0.5 to 1.5 BTC) for decryption. Initially, XTBL Ransomware appeared as part of CrySiS Malware family. However, this file extension was also used by Scarab Ransomware to lock files. It asks you to contact the cybercriminals behind this ransomware attack via given email address.

As proof that they have right decryption keys/software, they provide initially free decryption service for some encrypted files and ask you to send 2-3 locked files on given email ID. After that, attackers force you to pay demanded ransom money to decrypt rest of the files. Keep in mind that they are not going to recover your files locked by ransomware even when ransom money is paid. So, we recommended you to stop paying any amount of extortion money to them. In order to pay ransom money, they can keep record of your some information such as IP address, URLs search, username & password of your various accounts, banking information and more details. If your System is already infected with this type of malware, then you should try to remove .xtbl Virus or similar malware from machine as soon as possible.

Prevention tips: How to protect your System against Ransomware attacks?

  • Any hyperlinks and attachments presented in spam or irrelevant emails must not be opened.
  • You should check if “Anti-Spam Filter” feature is enabled. This feature when enabled, all the spammy emails automatically delivers to “spam folder” of mail service you use like Gmail.
  • You should try to block the senders’ email addresses from sending spam emails
  • Never reply spammy or irrelevant emails
  • Avoid downloading/installing and/or activating any applications from unofficial sources
  • Scan the PC for malware or viruses with powerful antivirus software regularly
  • Updated security software including antivirus helps to detect/delete latest malware or threats also in machine so you should keep up-to-date your security software.
  • To restore all files encrypted by ransomware, you can recover them from a backup or use powerful data recovery software.

Let’s take have a look at message displayed on ransom note:


email – [email protected]

Your files are now encrypted!



All your files have been encrypted due to a security problem with your PC.

Now you should send us email with your personal identifier.

This email will be as confirmation you are ready to pay for decryption key.

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.

After payment we will send you the decryption tool that will decrypt all your files.

Contact us using this email address: [email protected]

Free decryption as guarantee!

Before paying you can send us up to 2 files for free decryption.

The total size of files must be less than 1Mb (non archived), and files should not contain

valuable information (databases, backups, large excel sheets, etc.).

| How to obtain Bitcoins?

| * The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click

| ‘Buy bitcoins’, and select the seller by payment method and price:


| * Also you can find other places to buy Bitcoins and beginners guide here:


| Attention!

| * Do not rename encrypted files.

| * Do not try to decrypt your data using third party software, it may cause permanent data loss.

| * Decryption of your files with the help of third parties may cause increased price

| (they add their fee to our) or you can become a victim of a scam.

email – [email protected]

Do You Suspect Your Computer May Be Infected with ‘.xtbl Virus’ & Other Threats? Scan Your Computer for Threats with SpyHunter

Spyhunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like .xtbl Virus as well as a one-on-one tech support service.

For more information, read SpyHunter’s EULA, Threat Assessment Criteria, and Privacy Policy. The scanner you download here is free version and is able to scan your system for possible threat’s presence. however, it requires a 48 hour period to remove detected threats without any charge. if you want not to wait for that period, you will have to purchase its licensed version.

(Data Recovery Soution)

The first recommendation is to recover your encrypted data with backup files you have created. In case there is no backup available, try to restore your encrypted data with data recovery tool suggested here.

Recommended methods for .xtbl Virus removal and restore encrypted files

.xtbl Virus is very harmful crypto-malware designed to encrypt all types of files including photos, audios, videos, documents and other files, and make them inaccessible. After encryption process, it spreads the ransom note in each folder of your computer that claims the decryption is possible only when you use its data recovery service. We recommended you to please avoid paying demanded ransom money to them.

In that case, you need to remove .xtbl Virus and all the related components from PCs immediately and then perform data recovery process. Here, we are discussing about both malware removal and data recovery method that could help you to solve your problem. Ransomware removal method will help to find the location of this nasty crypto-malware in your computer and remove them completely while data recovery method will help you to get back your damaged or locked files in your machine. Let’s go for the solution.

Remove .xtbl Virus using “Safe Mode with Networking”

  • Restart your PCs and press “F8” function key multiple times you see the “Advance Boot Options” window
  • Select “Safe Mode with Networking” in the list
  • Now, log in to account with .xtbl Virus infection
  • Open your internet browser and download the legitimate anti-malware software. You can download “SpyHunter” anti-malware software that has the ability to delete all types of malware or spyware from machine.
  • Update the anti-malware software and starts the “Full Scan” operation to remove all programs related to .xtbl Virus from machine.

Remove .xtbl Virus using “Safe Mode with Command Prompt” and “System Restore”

  • Restart your computer and press “F8” function key multiple times until “Windows Advance Options” menu appears

  • Select “Safe Mode with Command Prompt” option in the list

  • Now, type “cd restore” command in command Prompt and hit “Enter” key to execute it

  • After that, type “rstrui.exe” command in command line and hit “Enter” key
  • Once “rstrui.exe” command executed, “System Restore” window will appear
  • Click on “Next” button

  • Choose one of available “Restore Points” and click on “Next”

  • In the confirmation dialog box, click on “Yes” to start “System Restore” process

  • After restoring your computer to previous date, download/install and scan your computer with powerful anti-malware software to eliminate any remaining malicious programs related of .xtbl Virus. You can download the powerful antivirus software via “download link” below

Download Spyhunter Anti-Malware Tool

Restore files encrypted by .xtbl Virus using “Windows Previous Versions” feature

To restore individual files encrypted by .xtbl Virus, follow the steps below:

  • To restore a file, right-click on it and go to “Properties”
  • Select the “Previous Versions” tab
  • If the relevant files has a “Restore Point”, select it and click on “Restore” button

Note: This method is only effective if “System Restore” function was enabled on your Windows operating System. On other hand, some ransomware variants like .xtbl Virus are known to remove “Shadow Volume Copies” of the files. So, we can say that this method may not work for data recovery.

Restore files locked by .xtbl Virus using “Shadow Explorer”

To restore files, you can use “Shadow Explorer” application. This application allows you to browse the “Shadow Copies” created by Windows OS Shadow Copy Service. “Shadow Explorer” helps if you are unable of access the “Shadow Copies” by default especially in “Windows Home Editions”. Note that “Shadow Copies” can directly be accessed only in Business Ultimate and Enterprise versions.

“Shadow Explorer” provides Volume Shadow copy service and other features including retrieve all the variants of files and folders available, allow to access through shadow copies and show available current copies.

Important Note: This data recovery application is designed to decrypt or recover your files from Shadow copies which is created by “Windows Volume Shadow Copies Service”. But when we talk about .xtbl Virus or other harmful ransomware variants, it usually deletes “Shadow volume copies” and any other backup files using malicious tricks. So if System has already been infected with this type of ransomware virus, then you can’t access “Shadow Copies” using this software. Anyway, you can use “Shadow Explorer” if you want and please check if it works.

How to download/install and use “Shadow Explorer” on Windows PCs?

  • Click on “Download” button below to download the “Shadow Explorer” application

Download Shadow Explorer

  • Double-click on “Installer file” or “Downloaded ZIP file” to install this software
  • Once installed, open “Shadow Explorer” as Administrator

  • Now, from the drop down list you can select from one of the available point-in-time Shadow copies

  • You can right-click on any file or folder and export it
  • After that, choose a folder where the files from “Shadow Copies” are saved to

  • In case if a file or folder in the destination folder already exists, “Shadow Explorer” asks for the confirmation before overwriting. Check the box “Do not show this dialog again”, if you don’t want to show this again.
  • There is a button in the settings (File, Settings) to reset this decision

Recovery of files encrypted by .xtbl Virus or similar ransomware

If you are unable to recover your lost files by using “System Restore”, “Windows Previous versions features” and “Shadow Explorer”, then you can go for another data recovery solution. As said earlier in most of the cases, ransomware variants like .xtbl Virus are capable of deleting “Shadow volume copies” created by Windows OS by default. In this case, you can use “ EaseUS Data Recovery Software”. This powerful data recovery software is designed to recover all files encrypted by .xtbl Virus.

“ EaseUS Data Recovery Software” is user-friendly software for Windows and Mac OS X based devices that features include RAID and Virtual drive recovery and repairing all types of corrupted files. It works with both non-bootable and encrypted drives. In simple word, we can say that this powerful data recover software does great job.

This powerful recovery software takes less time to recover files locked by .xtbl Virus and support all known files type and custom types can be added with advanced options menu. “ EaseUS Data Recovery Software” recovers emails, photos, audios, videos, documents and etc from any storage media devices like hard drives, SSD, DVD, USB drives, and others

On other hand, it recovers crucial data from missing or deleted partitions of hard drive volume in just few steps. It generates a preview of search results during scan so you get to see all the recoverable files before recovery. This preview result appears on screen in “Tree-View” and deleted list formats.

How to download/install and use “ EaseUS Data Recovery Software” on Windows PCs?

  • Click on “Download” button below to download “ EaseUS  Data Recovery Software” in your computer

Download EaseUS Data Recovery Software

  • Double-click on “Installer file” to install the application
  • Once installed, open “ EaseUS Data Recovery Software”
  • Select type of data you want to recover. Option: All Data, Office Documents, Folders, Emails, Audios and Videos. And then click on “Next”

  • Now, select he folder location, drive or volume you want to scan for data and click on “Scan”

  • Wait for the completion. Once done, select the files and click on “Recover” button to save your recover files

Related posts

Leave a Comment