HOWDECRYPT

The HOWDECRYPT virus (also known as the how_decrypt virus) is dangerous  malware categorized as ransomware or a cryptovirus, that similar to CryptorBit and CryptoDefense, and targets all versions of the Microsoft Windows Operating System including Windows XP, Windows Vista, Windows 7, and Windows 8. When infected with the HOWDECRYPT virus, this ransomware will scan your computer and encrypt any data file it finds regardless of the file type or extension.

HOWDECRYPT virus

The HOWDECRYPT virus locks a computer system, encrypts the files on the machine, and demands a fine to de-encrypt the files and release the computer. The HOWDECRYPT virus will create a HowDecrypt.txt file and a HowDecrypt.gif in every Windows folder that HOWDECRYPT encrypts. The GIF and TXT files that download alongside the HOWDECRYPT virus will contain instructions to access a fraudulent payment website that pay the fake ransom. The HOWDECRYPT payment site is located on the Tor network and you can only make the payment in Bitcoins.

When HOW_DECRYPT encrypts a file it does not actually encrypt the entire file, instead the HOW_DECRYPT virus replaces the first 512 bytes of the file.

The message displayed by the HOWDECRYPT virus is utilized in order to scare victims into paying an unnecessary ransom. If you are infected with HOWDECRYPT malware do not pay the fine and do not click any links or available navigation buttons! Instead use the free removal instructions below or seek professional assistance.

The message displayed on the common HOWDECRYPT screen is listed below:

All files including videos, photos, and documents, etc on your computer are encrypted.
Encrypition was produced using a unique public key genereated for this computer. To decrypt files, you need to obtain the private key.
The single copy of the private key, which will allow you to decrypt the files, located on a sevrec server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files.

1. In order to decrypt the files, open site
4sfxctgp53imlvzk.onion.to/index.php and follow the instructions.

(end sample, start new sample)

File Decryption costs ~ $ 500.

In order to decrypt the files, you need to perform the following steps:
1. You should download and install this browser http://www.torproject.org/projects/torbrowser.html.en
2. After installation, run the browser and enter the address: 4sfxctgp53imlvzk.onion
3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.

Guaranteed recovery is provided within 10 days.

IMPORTANT INFORMATION:

Your Personal CODE: 00000001-xxxxxx

As you can see this message is primarily used to frighten victims of this dangerous computer infection. In reality, this message is only produced to cause further complications. Please note, messages and lock-screens may vary.

If you paid the fine please contact your credit card or bank institutions to dispute charges and receive further safety instructions.

How did HOWDECRYPT virus get on my computer?

HOWDECRYPT virus is usually distributed via malicious spam email attachments, exploit kits, and instant message spam. The ransomware employs social engineering in order to trick unsuspecting victims into downloading a file under the guise that it is something it is not. Once the file is manually executed by the user ransomware will begin to advance on the computer system and carry through it’s various functions.

Email spam messages that spread this ransomare will often claim to be receipts, invoices, payments, or contain other similar information.


How to remove HOWDECRYPT virus and decrypt files

This thor virus removal guide will help you remove thor ransomware from your computer and recover files encrypted with the .thor extension.

1. Download and Install Recuva by Pirform.

download recuva

2. Run the program and start the Recuva Wizard.

3. Select All Files and click Next.

4. Select a file location. Click I’m not sure to search everywhere on your computer.

5. Click Start.

6. Select All Files with your mouse and click the Recover button. If you cannot restore your files with Recuva we recommend to try using Shadow Explorer to restore your files.

7. Download and Install Malwarebytes Anti-Malware software to detect and remove malicious files from your computer.

download malwarebytes

buy now button

8. Open Malwarebytes and click the Scan Now button – or go to the Scan tab and click the Start Scan button.

9. Once the Malwarebytes scan is complete click the Remove Selected button.

10. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer if promoted to do so.

11. Download and Install HitmanPro by Surfright to perform a second-opinion scan.

download hitmanpro

12. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.

13. Once the HitmanPro scan is complete click the Next button.

14. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.

15. Click the Reboot button.

16. Download and Install CCleaner by Piriform to cleanup junk files, repair your registry, and manage settings that may have been changed.

download ccleaner

buy now button

17. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.

18. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.

19. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.


How to stay protected against future infections

The key to staying protected against future infections is to follow common online guidelines and take advantage of reputable Antivirus and Anti-Malware security software with real-time protection.

Real-time security software

Security software like Malwarebytes and Norton Security have real-time features that can block malicious files before they spread across your computer. These programs bundled together can establish a wall between your computer and cyber criminals.

download norton security
Common Online Guidelines

  • Backup your computer and personal files to an external drive or online backup service
  • Create a restore point on your computer in case you need to restore your computer to a date before infection
  • Avoid downloading and installing apps, browser extensions, and programs you are not familiar with
  • Avoid downloading and installing apps, browser extensions, and programs from websites you are not familiar with – some websites use their own download manager to bundle additional programs with the initial download
  • If you plan to download and install freeware, open source software, or shareware make sure to be alert when you install the object and read all the instructions presented by the download manager
  • Avoid torrents and P2P clients
  • Do not open email messages from senders you do not know
Helpful Links

Reader Interactions

Comments

  1. “Howdecrypt” as infected windows 7 OS.
    Ran Malwarebytles
    Virus removed
    Files are encrypted
    Restore point not available

    What would be the next procedure to decrypt the first 512Bytes of all files infected?

    Regards

    Gary

Leave a Reply to Paolo Cancel reply

Your email address will not be published.