Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 250
Category: Browser Hijackers also known as is an email address that sends a ransomware-type program called Master Ransomware. This program was designed to encrypt your files and then demand you pay a ransom for a decryption tool. Removing this ransom is highly recommended, but it would be even better if you deleted the email coming from so that your computer would not become infected with this ransomware in the first place. There is no free decryption tool for the ransomware yet, so you ought to ensure that your computer is secure from infections such as this one. For more information on this email address and the ransomware, please continue reading.

We have found that the developers of Master Ransomware have set up a dedicated email server that that sends this ransomware included in an email. This email is sent via Helponyon. However, we have received information saying that this is not the only email address currently being used to send this ransomware. Furthermore, it is claimed that the email addresses are swapped on a regular basis. features this ransomware as an attached file, and if you open that file, then your PC will become infected with Master Ransomware.

Master Ransomware is similar to Btcware Ransomware and it is more than likely that both of them come from the same developers. Once on your PC Master Ransomware will begin encrypting your files almost instantly. However, it will skip some locations such as $Recycle.bin$, Program Files, Program Files (x86), %PROGRAMDATA%, Windows, NVidia, Intel, and %APPDATA%. It uses an advanced encryption algorithm, and it was configured to generate a public encryption and private decryption keys. The decryption key is set to this ransomware’s server and kept until you pay the ransom. While encrypting your files, this ransomware is set to append the encrypted files with a “.[].master” file extension but some iterations can also append the files with a shorter ".master" extension. The extensions indicate that a file has indeed been encrypted.

It must be noted that this ransomware was configured to delete shadow copies of your files. It executes certain commends in CMD such as “/c vssadmin.exe Delete Shadows /All /Quiet” to erase the copies and it also runs “/c bcdedit.exe /set {default} recoveryenabled No” and “/c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures” to disable startup repairs. Once the encryption is complete, the ransomware drops a file named "!#_RESTORE_FILES_#!.inf" in many locations on your PC and the desktop. This file acts as the ransom note that contains information such as your unique ID that you are ought to send to the provided email address after you have paid the ransom in order to receive your decryption key. This ransomware creates a subkey in Windows Registry to open the ransom note on system startup. The value name of the subkey is DECRYPTINFO, and it is located at HKCU\Software\Microsoft\Windows\CurrentVersion\Run. It is crucial that you do not reboot your PC once it has been infected with this ransomware. If you attempt to reboot it, then your PC will not boot up anymore.

In closing, is an email address used to distribute Master Ransomware. This email can pass over as legitimate, and your PC can become infected with the aforementioned ransomware if you open its attached file and run it. Therefore, we recommend that you delete the email from and also remove the ransomware if your PC happened to become infected with it. See the guide below for more information.

How to delete Master Ransomware

  1. Hold down Windows+E keys.
  2. Enter the following file paths and hit Enter.
    • %TEMP%
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
  3. Find the ransomware.
  4. Right-click it and click Delete.
  5. Type %APPDATA% and hit Enter.
  6. Locate and delete !#_RESTORE_FILES_#!.inf
  7. Empty the Recycle Bin.
  8. Close the File Explorer.
  9. Hold down Windows+R keys.
  10. Type regedit in the box and hit Enter.
  11. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  12. Locate DECRYPTINFO
  13. Right-click it and click Delete.
Download Remover for *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter. Screenshots:


Your email address will not be published.


Enter the numbers in the box to the right *