How to remove CryptoHitman (Virus Removal Guide)

CryptoHitman virus

CryptoHitman virus is a re-branded version of Jigsaw ransomware that now uses the popular Hitman character from the video games and movie. In addition to the new re-branding of the ransomware and use of the Hitman character the computer virus will also lock the screen and display pornographic images.

CryptoHitman

The CryptoHitman virus is ransomware that will encrypt your computer data and personal files with AES encryption and amend your files with a new .porno extension. Once this task is complete it will lock your screen with pornographic images and demand a ransom payment in order to decrypt your files. To pay the Hitman ransomware ransom you will be required to send a payment to cryptohitman@yandex.com. The infection utilizes a timer and if the virus is not repaired or fine is not paid in a certain amount of time it will delete your files.

How to remove CryptoHitman (Virus Removal Guide)

  1. Scan your computer with Malwarebytes
  2. Scan your computer with HitmanPro
  3. Cleanup and repair settings with CCleaner

1. Scan your computer with Malwarebytes

The first step to remove CryptoHitman ransomware and malicious traces from your computer is to download and install Malwarebytes Anti-Malware software in order to perform a full system scan for malicious files.

1. Download and Install Malwarebytes Anti-Malware software.

2. Open Malwarebytes and click the Scan Now button or go to the Scan tab and click the Start Scan button.

3. When the Malwarebytes scan is complete click the Remove Selected button.

4. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer once promoted to do so in a pop-up message from Malwarebytes.

2. Scan your computer with HitmanPro

The second step to remove CryptoHitman ransomware and malicious traces from your computer is to download and install a second opinion scanner called HitmanPro by Surfright in order to perform a full system scan for malicious files.

1. Download and Install HitmanPro by Surfright.

2. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.

3. When the HitmanPro scan is complete click the Next button.

4. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.

5. Click the Reboot button.

3. Cleanup and repair settings with CCleaner

The third step to remove CryptoHitman ransomware and malicious traces from your computer is to download and install CCleaner by Piriform in order to delete leftover junk files, tracking cookies, registry entries, unwanted start-up tasks, and more.

1. Download and Install CCleaner by Piriform.

2. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.

3. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.

4. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.

CryptoHitman files

%LocalAppData%\Suerdf\
%LocalAppData%\Suerdf\suerdf.exe
%AppData%\Mogfh\
%AppData%\Mogfh\mogfh.exe
%AppData%\System32Work\
%AppData%\System32Work\Address.txt
%AppData%\System32Work\dr
%AppData%\System32Work\EncryptedFileList.txt

CryptoHitman registry entries

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mogfh.exe %AppData%\Mogfh\mogfh.exe