How to remove 492 virus and restore encrypted files

492 is the harmful software penetrating workstations mainly via e-mail spam and Trojans. Also, hackers use zero-day vulnerabilities to infect the computer, but they are quickly corrected. When infection takes place, ransomware examines the computer memory to find the folders for encryption and their general price. Nowadays, any modern virus can encrypt audio, video, image and text files in all popular formats. Ransomware cyphers all folders, but the ones that might be business records go first. Virus encrypts only files with information, and doesn't touch the programs, so that the user can use the PC to make the payment. The operation is made with the help of famous AES and RSA algorithms, and it is so sophisticated that that it can't be bruteforced. Such complexity gives basis for unbelievable efficiency of ransomware in last years: usual user, even having a pretty good experience in suchlike things, won't ever get back the data, and will have no choice except paying to criminals. The single manner to decrypt the data is to hack the scammer's webpage and withdraw the master key. Some skilled malware researchers can get the keys via flaws in viruse's program code. When encrypting files, 492 switches the extension of files to .492, and requires 0.1 bitcoins as a ransom.

This entry is about virus called 492 that penetrates customers' systems in different countries of the world, and encrypts the data. Here you will see full info about what is 492, and the deletion of 492 from your computer. In addition, we will explain how to recover the encrypted files and is it possible.

There is one common feature for all kinds of dangerous software: it is way simpler to dodge it than to remove its effects. Statistically, most people comprehend the significance of computer knowledge only after ransomware infection. To guard yourself, you should remember these few basic rules:

    • Be cautious with the e-mails which contain data. The most efficient model of scam e-mails is the notification about prize winning or package receiving. The #2 efficient sort of these letters is a "business letters". It is normal to take an interest and click on the e-mail even if it's sent to the incorrect address, but don't forget that a single click on the attached file might cost you lots of time, money and efforts.
    • Monitor the condition of your laptop. It takes a big part of hardware resources to encrypt the files. If you observe a noticeable reduction in computer performance or see a weird string in the Process Manager, you can shut down the workstation, load it in safe mode, and scan for ransomware. This, if the laptop is really infected, will save a lot of your files.
    • Don't accept any alterations to your system, originating from unknown software. If the laptop is infected by virus, it will attempt to delete all copies of the files, to make the recovery less possible. The removal of shadow copies requires administrator rights and confirmation from the operator. The second of thinking before verifying the pop-up might save your files and your time.

We draw your attention to the fact that removing ransomware is just a first and obligatory move for the regular operation of the workstation. If you get rid of virus, you won't restore the data immediately, it will require multiple actions described in the "How to restore encrypted files" section. To eliminate 492, you need to boot the computer in safe mode and check it with antivirus. We do not advise trying to delete 492 by hand, since it has numerous protection mechanisms which can interfere you. The most common viral protection technique is the removal of information in event of data restoration or malware removal attempt. To avoid this, abide to the guide below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of virus: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects virus on the computer, you will need to purchase malware removal tool for $39,99 to delete viruses. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After removing 492 from the computer, you just need to decrypt the corrupted data. Actually, this is not literally decipherment, since the encrypting methods owned by swindlers are extremely complicated. There are the few chances, but usually file recovery takes plenty of time and money. If you don't want to wait and are ready to restore the information by hand - here's the useful entry on data recovery.

To restore information, follow the article about files decryption.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.