How to remove .porno (Virus Removal Guide)

The “.porno virus” is a term used to describe destructive ransomware known as CryptoHitman. If the files on your computer have been renamed with the .porno extension then your computer is infected with CryptoHitman ransomware. CryptoHitman ransomware is a computer virus that encrypts the files and data on your computer and adds the .porno extension to your encrypted files. The virus will restrict access to your computer and your files and will demand a ransom in order to decrypt your data. The .porno ransomware infection will use a lock screen that contains an image of the Hitman character from the video games and movies. The screen will also contain pornographic images, instructions to pay the ransom, and a timer. When the timer runs out the files encrypted by the .porno virus will be deleted and you will not be able to recover them. The virus will additionally ask victims to send a ransom payment to cryptohitman@yandex.com.

.porno virus

It is not recommended to pay the ransom. In fact, the FBI recently issued a public statement suggesting that victims avoid paying ransomware authors what they want. Instead it is recommended to use methods to decrypt your files and remove .porno ransomware and other threats by using a professional or following reputable online instructions. The FBI warns that ransomware is very popular and the only way to curb it is to stop paying the fine.

How to remove .porno (Virus Removal Guide)

  1. Scan your computer with Malwarebytes
  2. Scan your computer with HitmanPro
  3. Cleanup and repair settings with CCleaner

1. Scan your computer with Malwarebytes

The first step to remove .porno ransomware and malicious traces from your computer is to download and install Malwarebytes Anti-Malware software in order to perform a full system scan for malicious files.

1. Download and Install Malwarebytes Anti-Malware software.

2. Open Malwarebytes and click the Scan Now button or go to the Scan tab and click the Start Scan button.

3. When the Malwarebytes scan is complete click the Remove Selected button.

4. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer once promoted to do so in a pop-up message from Malwarebytes.

2. Scan your computer with HitmanPro

The second step to remove .porno ransomware and malicious traces from your computer is to download and install a second opinion scanner called HitmanPro by Surfright in order to perform a full system scan for malicious files.

1. Download and Install HitmanPro by Surfright.

2. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.

3. When the HitmanPro scan is complete click the Next button.

4. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.

5. Click the Reboot button.

3. Cleanup and repair settings with CCleaner

The third step to remove .porno ransomware and malicious traces from your computer is to download and install CCleaner by Piriform in order to delete leftover junk files, tracking cookies, registry entries, unwanted start-up tasks, and more.

1. Download and Install CCleaner by Piriform.

2. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.

3. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.

4. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.

.porno files

%LocalAppData%\Suerdf\
%LocalAppData%\Suerdf\suerdf.exe
%AppData%\Mogfh\
%AppData%\Mogfh\mogfh.exe
%AppData%\System32Work\
%AppData%\System32Work\Address.txt
%AppData%\System32Work\dr
%AppData%\System32Work\EncryptedFileList.txt

.porno registry entries

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\mogfh.exe %AppData%\Mogfh\mogfh.exe

Sean Doyle

Sean is a distinguished tech author and entrepreneur with over 20 years of extensive experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and various other tech domains. His expertise and contributions to the industry have been recognized in numerous esteemed publications. Sean is widely acclaimed for his sharp intellect and innovative insights, solidifying his reputation as a leading figure in the tech community. His work not only advances the field but also helps businesses and individuals navigate the complexities of the digital world.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.