.porno virus Removal Guide

It is not difficult to see if the devious .porn virus has slithered into your Windows operating system because this infection can be easily identified by the “.porn” extensions attached to the files it encrypts. This dangerous threat is part of the ransomware family that encrypts files using the AES algorithm, and it is more commonly known as the CryptoHitman Ransomware. This infection might have a new name and a new interface, but its functionality is no news to us, primarily because it is just an updated version of the infamous Jigsaw Ransomware, an infection we have analyzed about a month ago. Although this malware is extremely dangerous, it is known that it has a flaw that allows file decryption without the key that cyber criminals hold hostage. If you cannot find a way to decrypt your files yourself, you will be pushed to pay a ransom that, at the moment, is 150 USD, which is around 0.33 BTC (bitcoins). Are you trying to delete .porn virus? Although this will stop the removal of your personal files, it will not initiate file decryption.

When analyzing the .porn virus, it is crucial to discuss its distribution. Needless to say, it is not one of those malicious programs that users download thinking they are harmless. No, this threat is extremely malicious, and it does not try to pretend to be something it is not. However, when it comes to the distribution of this infection, it can use scams and deception. Although it is quite possible that this threat will be spread via sites containing pornographic content (hence the “.porn” extension), our researchers have found that it is usually spread via spam email. The fact that an email goes to the Spam folder is a sign that it is untrustworthy. Sure, in some cases, legitimate, harmless emails are sent to this folder, but you have to be cautious about all of them. It is most likely that the executable of the .porn virus will be concealed as an invoice or some other intriguing document you are more likely to open. Of course, once opened, all hell breaks loose, and, sooner or later, you discover that you can no longer access your personal files.

It is likely that you will discover the existence of the .porn virus when a screen-size message pops up on your screen. This message contains pornographic images, as well as a countdown clock that tells you how much time you have got until your personal files are deleted. Although this infection deletes only a few files at a time (every hour on the hour), it can do that until all of your files are gone. According to the message, you are given 36 hours to make the payment; however, this does not mean that after these 36 hours all of your files will be erased. Instead, the ransom will simply double to 300 USD. Note that your personal files are likely to be deleted also if you restart your computer or try terminating the malicious processes via the Task Manager. If you try this, you will be greeted with a pop-up that says: "You are about to make a very bad decision. Are you sure about it?" The good news is that if you remove the .porn virus, your personal files will no longer be erased.

If your personal files are extremely important to you, but you do not have them backed up, your initial urge might be to pay the ransom. Before you do this, you should exhaust all other options, for example, using third-party decryption tools. Keep in mind that fictitious decryption tools might exist as well, and it is on you to stay away from them. Do you want to contact cryptohitman@yandex.com (an email provided via the ransom message)? This is not something we recommend because if you identify yourself to cyber criminals, they could try to scam you again in the future, even if you remove .porn virus successfully. Are your files backed up? If they are, you do not need to focus on the decryption of your personal files, and you can initiate the removal process. Have you paid the ransom and your files were decrypted (not guaranteed)? You still need to erase this infection. If you are not experienced, we suggest choosing the automatic removal option (click the Download button) instead of the manual option represented below.

How to delete .porn virus

1. Launch RUN by tapping Win+R keys simultaneously.
2. Launch Registry Editor by entering regedit.exe into the RUN box.
3. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
4. Delete the mogfh.exe value.
5. Launch Explorer by tapping Win+E keys simultaneously.
6. Enter %LOCALAPPDATA% into the address bar.
7. Delete the Suerdf folder.
8. Enter %APPDATA% into the address bar.
9. Delete the Mogfh and System32Work folders.

N.B. If your run Windows XP, the %LOCALAPPDATA% directory does not exist. Instead, enter %UserProfile%\Local Settings\Application Data\ into the address bar.