Exterminate It! Antimalware


Known threats:700,086 Last Update:March 16, 12:51


You guys are freakin' awesome, love the program, love the personalized service, and my pc loves it too :D

Justin S.


Location of DECRYPT_INSTRUCTION.URL and Associated Malware

Check whether DECRYPT_INSTRUCTION.URL is present in the following locations:

DECRYPT_INSTRUCTION.URL file locations that are Windows version independent:


Windows 2000, Windows XP, Windows Server 2003 specific DECRYPT_INSTRUCTION.URL file locations:

  • C:\Documents And Settings\USER_NAME\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific DECRYPT_INSTRUCTION.URL file locations:

  • C:\Users\USER_NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL

If you find DECRYPT_INSTRUCTION.URL file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The DECRYPT_INSTRUCTION.URL file is associated with malware only if found in the locations listed above.


Different Variations of DECRYPT_INSTRUCTION.URL File^

File SizeFile Md5Last Seen
274850D5FA85B4108EA1C02F4B54ED76DC1Aug 15, 2014
2541DE343C56E976B859BCB6DAF6DE44DF9Aug 26, 2014
2540AB81376AAA69419478CCA339D1EA9E6Sep 4, 2014
25479CE097C257FA78CB8A27ACF683CE76FSep 9, 2014
254222EBB29527D5A144D27765ADA9F0250Sep 19, 2014
2545B7EC3AFAA8310EB041ADE649772A608Sep 21, 2014
2783141927FCD7C62C0F777AA6C07A4E70ESep 24, 2014
2780A3BAB90E6FB92D3206DCCCDC648DF14Oct 25, 2014
272944ECD806B48DB86A6F437F2BF7F1D5CNov 10, 2014
2725E5019BC363C352A2F3382EB8865EBB0Nov 14, 2014
408E83B48FC42246E1C6555D3486DC8C57FNov 24, 2014
408DD8A8713BA0F5D37C4AC9BB68FDE9910Nov 26, 2014
280D5FC3D128AFD61862E5833DDEF4E88A1May 3, 2015
4089B3429E695E91AC638FE701F610DC6F6Sep 7, 2015
432725C9E2899B5871A7FD1ABB3E2629452Sep 13, 2015
4203425E568AB1B9BF1961D989481CBAA82Aug 22, 2014
274AE2224E1C80F11A287E3AAF142F0DE5ANov 11, 2014
414F784ACA7C2F3ED805BDAA6CE35D70F21Nov 11, 2014
408DECE36F3778500AAA2F9471AB4A5EC9DNov 13, 2014
28411DD8F64AB3F060294539B3E4C0A1F0DFeb 4, 2015

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.


  1. To enable deleting the DECRYPT_INSTRUCTION.URL file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select DECRYPT_INSTRUCTION.URL and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of DECRYPT_INSTRUCTION.URL and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of DECRYPT_INSTRUCTION.URL and Associated Malware.
  6. Notes:

    • The deletion of DECRYPT_INSTRUCTION.URL will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of DECRYPT_INSTRUCTION.URL will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a DECRYPT_INSTRUCTION.URL malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type DECRYPT_INSTRUCTION.URL. The name of the first found registry value referencing DECRYPT_INSTRUCTION.URL is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to DECRYPT_INSTRUCTION.URL, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of DECRYPT_INSTRUCTION.URL and Associated Malware.