Click on screenshot to zoom
Danger level 8
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Installs itself without permissions
  • Connects to the internet without permission
  • System crashes
  • Slow Computer

.porno virus

If CryptoHitman Ransomware (the new version of Jigsaw Ransomware) has invaded your operating system, then your personal files must have the “.porn” extension attached to them. Due to this reason, this malicious ransomware is often referred to as the .porn virus. As you can tell by the name of this malware alone, it is associated with pornographic content, and it requests a ransom payment (the reason for identifying it as ransomware). This devious infection attacks your computer and encrypts your files to have leverage when demanding for this ransom payment, and, unfortunately, many users succumb to cyber criminals. If you are about to make this step as well, stop right there! First of all, cyber criminals do not deserve your money. Second, you might be able to decrypt your files without having to lose any money at all. Continue reading to learn more.

The malicious .porn virus does not appear out of thin air. Just like most infections of its kind, it uses spam email attacks to spread to computers. A user opens a spam email and downloads an attachment that is camouflaged as an authentic document or intriguing photo, video, etc. Once opened, the malicious ransomware is executed, and the file encryption process begins. According to our research, files are encrypted using the AES encryption system. The main executable of this infection is responsible for generating a key that is used to encrypt the files by modifying data within them (replaces certain strings). The same file is set up to look at certain directories for certain files, and, according to our research, this infection checks various different directories, including Desktop, Program files, Windows, and Temp. This infection if after your personal files, and the list below shows the types of files it targets.

.doc, .docm, .docx, .dot, .dotm, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .inx, .jar, .java, .py, .ra, .raw, .rb, .rtf, .sdf, .ses, .sldm, .sldx, .sql, .3dm, .3g2, .3gp, .accdb, .aep, .aepx, .aet, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .jpg, .jpeg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptx, .pptm, .prel, .prproj, .ps, .psd,.svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlt, .xltm, .xltx, .xml, .xqx, .xqx, .dat, .db, .dbf

Every single file infected with this ransomware is given the “.porno” extension, and there is no real reason for that. The ransomware does not decrypt files by their extensions, and you can remove them without any problems. According to our researchers, the only reason behind this extension is to get your attention and, possibly, make it easier for you to see which files are encrypted. If you look at this, it is not surprising that more users recognize this infection as .porn virus rather than CryptoHitman Ransomware, despite the fact that “virus” is not even the right term. ImportantDocument.doc.porn is an example of a file encrypted by this malicious infection, and you will probably ask yourself what this extension has to do with pornographic content. As you might have noticed already, this kind of content is shown on the notification that represents the demands of cyber criminals. This also suggests that maybe this infection is spread via websites associated with pornographic content.

The main goal for the malicious .porn virus is to force you into paying a ransom of $150. Users are threatened that this ransom will go up to $300 if the initial sum is not paid within 36 hours. The pressure to pay the ransom is extremely high, and cyber criminals have employed a very aggressive tool to accelerate action from you. They delete several files every hour that goes by, and this is what is most likely to push users into purchasing bitcoins and making the payment via the given BTC address. Based on the fact that some of the information within the notification is presented in Spanish (mostly in English), it is likely that it is targeted at users living in Spain or South America. Wherever you live, if this infection attacks your PC, encrypts your files, and introduces you to a scary message urging to pay a huge ransom, you are in big trouble. The good news is that a decryption tool has been rumored to exist. If you have time – before your files get deleted – look into authentic decryption tools. Maybe you do not need to pay the ransom!

Whatever happens to your files, you MUST delete .porn virus from your operating system. If you end up sacrificing your files (which might be worth it, if your personal files are backed up safely), remove the malicious ransomware and erase all files with the “.porn” extension. We believe it is best to use anti-malware software, especially if you think about further Windows protection and if other threats run along with the ransomware. If this is not an option for you, follow the guide below.

.porn Virus Removal

N.B. If you erase the malicious ransomware, it will seize deleting your personal files every hour.

  1. Simultaneously tap Win+E and the Explorer window will pop up.
  2. Type %LOCALAPPDATA% or %UserProfile%\Local Settings\Application Data (for Windows XP users) into the address bar at the top of the window and tap Enter.
  3. Right-click and Delete the Suerdf folder.
  4. Type %APPDATA% into the address bar and tap Enter.
  5. Right-click and Delete these folders: Mogfh, System32Work.
  6. Simultaneously tap Win+R and the RUN dialog will pop up.
  7. Type regedit.exe, click OK, and the Registry Editor will pop up.
  8. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
  9. Right-click and Delete the value called mogfh.exe.
Download Spyware Removal Tool to Remove* .porno virus
  • Quick & tested solution for .porno virus removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.