English

Change Language

.porno virus

Posted by Lisa Blanc on May 17, 2016

What is .porno virus?

If your system gets infected by .porno virus, you should know that this malware infection is also known as CryptoHitman Ransomware. This is a serious blow to your operating system and your personal files. As you may guess from its name, it is a crypto ransomware that actually encrypts your files and demands a ransom in return for decrypting them. This infection infiltrates your system through a Trojan program; therefore, it is often categorized as a Trojan ransomware. Unfortunately, you may lose all your files if this malware finds a way to your system. You may feel that your only chance to recover your files is to pay the ransom fee, but you should consider that these are cyber criminals and experience shows that they may not even keep their promise. Generally the only way to save the day is to have a backup copy of your files on a removable drive. But our malware specialists at Anti-Spyware-101.com say that it is possible to find a recovery program for this infection, which may be able to decrypt your files. We believe that this is great news since most ransomware threats result in files lost in such an attack. The only way for you to make sure that your computer is safe again is to remove .porno virus and all other possibly harmful applications.

Where does .porno virus come from?

According to our specialists, this infection is actually a new version of Jigsaw Ransomware. This ransomware can sneak onto your computer without your knowledge and permission even though you are the one actually who initiates its drop. Let us tell you how so that you may be able to avoid such a terrible mistake next time. Ransomware programs usually use Trojans to penetrate an operating system. This Trojan can mostly attack you in two ways. First, the most often used method is the application of spam e-mail attachments. These attached files can be images, videos, or documents. The main trick regarding these malicious spam mails is that they try to look urgent or important because otherwise you may not want to open them, download the attachment, and run it. We recommend that you only click on mails and attachments when you are 100% sure that you are supposed to receive those.

It is also possible that you download this Trojan through a suspicious websites by clicking on infectious content, such as third-party advertisements and links. These websites are most commonly related to pornography, dating, gaming, and file sharing. You should keep away from such pages if you want to protect your computer from similar threats. You may also download freeware bundles through these sites, which would mean multiple security threats attacking your computer. If this happens to you, removing .porno virus will not be enough to restore security on your system. It will be just as important that you check your PC with a reliable online malware scanner.

How does .porno virus work?

This ransomware infection uses AES (Advanced Encryption Standard) encryption algorithm to encrypt your documents, photos, videos, and databases. Since this algorithm is part of the Windows operating system, it may finish its job within one minute. This speed does not leave you a big time window to act if you realize that you cannot access your files. In fact, it is possible that this infection takes as little as 10 seconds to finish encryption. So we can rule out the possibility that you catch .porno virus in the act. Believe it or not, your encrypted files all get a “.porno” extension, hence the name of this infection. After encrypting your files, this ransomware displays its scary and annoying ransom note screen on your desktop, on top of all other active windows to make sure that you do not miss it. This screen contains pornographic pictures and an image of the Hitman figure from the well-known PC and console games.

You are given one hour to pay the ransom fee of 150 USD in Bitcoins, which is 0.33 BTC right now.

If you do not comply with the demands, every hour one of your encrypted files is deleted. You can check the list of the encrypted files by pressing a button labeled “View encrypted files.” From this list it is also clear which files get removed. There is another button on this screen that supposedly deciphers your files after you have transferred the required amount. We cannot stop you from paying the fee but you should definitely think twice. Our research shows that these criminals may not decrypt your files even after you pay. The only real option you have to clean your system and possibly recover the encrypted data is to read on our report to learn how you can remove .porno virus and what you can do not to lose all your files.

How can I delete .porno virus?

Although this pushy and scary ransomware does everything to extort the fee from you, it may also shock you with a pop-up message when you try to end its running processes via Task Manager. We still believe that this is what you should do if you want to free up your computer from this vicious attack. We have prepared step-by-step instructions for you so that you can manually kill this beast. Once this threat is out of your way, you should ask an advanced computer user or a professional to download a recovery tool or decryption tool for this threat and apply it for you. Another and easier option for you, of course, is to copy all your backed up files from a Flash drive, if you have such a copy saved. If you want to make sure that all infections are eliminated, we suggest that you employ an authentic up-to-date anti-malware application. If you keep this tool always updated, your system will be protected against all known malware infections. Should you have any questions regarding the removal of .porno virus, please let us know by leaving a comment below.

Remove .porno virus from Windows

Press Win+R and enter taskmgr. Click OK.
End the malicious processes (Suerdf suerdf.exe and mogfh.exe) by selecting them and clicking on End task.
Press Win+R and enter regedit. Click OK.
Locate HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mogfh.exe registry value name and remove it.
Exit the Registry Editor.
Press Win+E to open the File Explorer.
Locate the following files and delete them:
%APPDATA%\Mogfh mogfh.exe
%APPDATA%\System32Work\Address.txt
%APPDATA%\System32Work\dr
%APPDATA%\System32Work\EncryptedFileList.txt
%LOCALAPPDATA%\Suerdf suerdf.exe
%UserProfile%\Local Settings\Application Data\Suerdf suerdf.exe
Empty the Recycle Bin.
Restart your system.

100% FREE spyware scan and
tested removal of .porno virus*

Disclaimer

Disclaimer

Trojans

Leave a comment ?

0 Comments.

Leave a Comment Cancel reply

RSS Feed

France

My name is Lisa and I am an experienced writer/editor. I am very interested in the media industry, and have been involved in it for a number of years, and, with time passing by, I have grown my skills as a real wordsmith in this respectable company. Some say that I am a talented writer, with a flair for capturing the essence of a moment, be it in the realm of print or online media, and I am convinced that one can only reach excellence through words. Lately, I have caught the interest in analyzing and breaking down all things computer security related, and my goal is to bring this information to the public in a way that even the most inexperienced computer users would understand how to deal with their systems and any arisen problems.
My Google Profile+