Spora Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 3527
Category: Trojans

Spora Ransomware is a recently detected malicious application which, according to specialists at 411-spyware.com, targets Russian users primarily. Of course, the situation might quickly change in the future because Spora Ransomware is a sophisticated ransomware infection created by cyber criminals who know what to do. It might become prevalent in a number of different countries and infect thousands of users in the future, but it does not seem that it is going to change the way it works. Just like other ransomware infections, it enters computers with the intention of encrypting users’ data and then extorting money from them. Even though Spora Ransomware has fallen into the category of ransomware together with hundreds of similar threats, it is evident that it slightly differs from threats released some time ago. First of all, it does not need an Internet connection to perform its activities, it does not append new filename extensions to those files it encrypts, and, finally, it allows users to decide themselves which payment option to choose. To be frank, paying money might be the only way to get files back, but, of course, we do not encourage users to do that because it is unclear whether these encrypted files will really be decrypted and the ransomware will really leave the computer.

Even though Spora Ransomware slightly differs from other ransomware infections the way it acts, it is distributed just like these older threats – through spam emails. Once a user opens a malicious file (it usually looks like an ordinary harmless document since it has two filename extensions and the one (.hta) is hidden by the Windows OS, e.g. invoice.doc.hta) from such an email, two executable files belonging to this infection are created on the computer. It should be possible to find them on Desktop, %HOMEDRIVE%, %TEMP%, or in a different place. Many users do not even understand that they have become victims of a file-encrypting threat until they find it impossible to access their data. It is because a fake .doc file with an error is opened for them when they launch the malicious file. In other words, they are not immediately told that they have helped a malicious application to enter their systems.

Research has shown that Spora Ransomware targets documents, pictures, and other files that have the following filename extensions: .xls, .doc, .xlsx, .docx, .rtf, .odt, .pdf, .psd, .dwg, .cdr, .cd, .mdb, .1cd, .dbf, .sqlite, .accdb, .jpg, .jpeg, .tiff, .zip, .rar, .7z, and .backup. It seems that not only files stored on the computer are affected, but it also encrypts the so-called network shares (shared resource). To make sure that users can pay money and the computer is not ruined completely, it checks if the file does not have any of extensions ('program files (x86)', 'games', 'windows', and 'program files') that cannot be touched. When the encryption process is finished, Spora Ransomware then deletes Shadow volume copies of files, disables the Windows Startup Repair, and changes the Boot Status Policy. Last but not least, an .HTML file (it leads to the main ransom page https://spora.bz) and a .KEY (contains the unique ID of the victim) file are dropped on the computer.

Because of all these changes Spora Ransomware makes on the infected computer, it does not seem that it will be easy to decrypt files it has encrypted. Actually, it might be true that specialists could not crack the key used and create the free decryptor. There are only two things users can do in such a case. They can go to purchase the service (full restore, immunity, removal, or file restore) offered by ransomware by sending a certain amount of money in Bitcoins, or they can delete Spora Ransomware fully from their computers and then go to recover files from a backup. Only a backup created before the entrance of this ransomware infection can help to get files back for you. As you can see, ransomware infections are sophisticated threats that can cause much harm, so it would be best to ensure the maximum protection of the system in advance in order not to allow them to sneak onto the computer.

Keeping malicious software installed on the computer is always a bad decision, so you should go to erase Spora Ransomware from your system today even though it will not unlock your personal files after you do that. You can either follow the step-by-step instructions prepared for you by our security specialists, or you can scan your PC with an automatic malware remover SpyHunter. Like always, we suggest going to delete a ransomware infection manually only for those users who have experience in the deletion of malware.

Delete Spora Ransomware manually

  1. Press Win+E.
  2. Go to check the following places one by one: %APPDATA%, %TEMP%, %HOMEDRIVE%, and Desktop.
  3. Delete the malicious file (it might have a random 10-digit name or the so-called CLSID name, e.g. XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.exe).
  4. Type %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup in the URL bar of your Windows Explorer.
  5. Find the [Unique ID].html file there and delete it.
  6. Open %APPDATA%\Microsoft\Windows\Templates.
  7. Remove files having .html, .key, and .lst extensions.
  8. Repeat the 7thstep in the %APPDATA% directory.
  9. Pay a visit to %USERPROFILE%\Desktop.
  10. Delete .html and .key files.
  11. Empty the Recycle bin and go to restart your computer.
Download Remover for Spora Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Spora Ransomware Screenshots:

Spora Ransomware
Spora Ransomware
Spora Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *