How to remove Pendor virus and restore encrypted files

This article is dedicated to Pendor virus which infects computers in different countries of the world, and corrupts their files. In this article you will see complete information on what is Pendor, and the removal of Pendor from the computer. In addition, we will teach you how to recover the cyphered information, if possible.

Pendor is the dangerous program penetrating PC's mainly with help of Trojans and phishing e-mails. Also, hackers use exploits to take control over the system, but big software developers promptly fix them. After the infection, the virus inspects the computer memory to find the folders for encryption and their approximate price. Currently, any modern ransomware knows how to cypher image, video, text and audio files in all most used extensions. High attention is paid to businesslike files, because representatives of business are the priority target for fraudsters. All programs on computer will be unaffected since criminals want only information. The operation is carried out with the help of famous AES and RSA algorithms, and its intricacy is so high that it can't be bruteforced. This is the basis for such an incredible efficiency of this kind of viruses in recent years: usual customer, even if he has a fairly good experience in suchlike things, won't ever get back the data, and will be forced to pay ransom. The only method to decrypt files is to hack the scammer's webpage and get the encryption keys. Sometimes it is possible to obtain these keys through defects in the code of the virus itself.

The computer knowledge is very significant in progressive world, because it assists you to defend the PC from computer viruses. For ransomware this is very relevant, since, in contradistinction to regular viruses, when you remove ransomware from the computer, the effects of its actions won't disappear anywhere. It's very easy to decrease the chances to get encrypting virus by following these principles:

    • Be careful with the e-mails that contain data. The #1 model of fraud messages is the notification about prize winning or parcel receiving. You also should keep an eye on business-related letters, especially if the sender's address and the content is unknown. lawsuits, Invoices for products and services, summaries, reports and other specific files don't come without warning, and the receiver should know the person who sent it. Otherwise, it is a scam.
    • Monitor the performance of your computer. Data encrypting is a complicated operation that uses a large amount of PC resources. If you notice a noticeable drop in laptop capacity or notice a strange string in the Process Manager, you should switch off the PC, launch it in safe mode, and scan for malware. These measures, in case of penetration, will save some of your information.
    • Do not accept any changes to your PC, coming from weird programs. If the laptop is infected by ransomware, it will try to delete all copies of your data, to make the decryption impossible. However deleting of shadow copies needs admin rights and acceptance from the operator. The moment of thought before confirming the checkbox might save your files and your time.

You should understand that deleting ransomware is only the, first step, which is required for the standard operation of the laptop. If you delete ransomware, you will not return the files instantly, it will require additional actions written down in the following part. To get rid of Pendor, you need to start the workstation at safe mode and check it with AV-tool. Some ransomware can't be uninstalled even through AV-program, and have lots of serious mechanics of security. The most effective viral protection technique is the removal of data in case of data recovery or malware removal attempt. To neutralize this, abide to the tips under this paragraph.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of virus: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects virus on the computer, you will need to purchase malware removal tool for $39,99 to delete viruses. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After removing the virus from the computer, you just need to get back the encrypted files. Actually, this is not literally decryption, because the encrypting algorithms owned by web-criminals are very complex. Generally, to restore the information, you should seek support on anti-malware forums or from famous virus researchers and antivirus program vendors. If you don't want to linger and are going to restore the data by hand - here's the full article on that topic.

To restore information, follow the article about files decryption.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.