How to remove THT virus and restore encrypted files

THT ransomware had infected organisations computers around the world via most effective method: false messages with viral attachments. Occasionally hackers use exploits to infect the computer, but major program vendors quickly fix them. When infection is done, THT inspects the hard drive, defines the number of files to be encrypted and their general price. At the moment, any new ransomware can encrypt audio, image, text and video information in all known extensions. Ransomware encrypts all folders, but those that could be business records go first. All programs in the system will be unaffected since scammers want only information. The operation is executed through famous encryption algorithms, and it is so sophisticated that that decryption of information without a key is impossible. This is the ground for such an incredible success of this type of viruses in last years: an ordinary PC operator, even if he has a very high knowledge of the computer, won't ever recover the files, and will have no choice except paying to criminals. The only way to decrypt the information is to hack the scammer's webpage and retrieve the master key. Sometimes it is possible to withdraw these keys via faults in the code of the virus itself. The encrypted files acquire "no data" extension, and asks for 10 BTC for data recovery.

This page is about THT ransomware which gets into laptops in different countries of the world, and corrupts the files. Here we've assembled important information on what is THT, and how to get rid of THT from the computer. Furthermore, we'll explain how to get back the encrypted information and is it possible.

The knowledge of computers is highly substantial in modern world, because it assists customer to guard the system from computer viruses. For encrypting programs it's most important, as, in contradistinction to common viruses, when you uninstall ransomware from the system, the fruits of its actions will stay. To defend yourself, you must remember these three simple regulations:

    • Keep an eye on the condition of your workstation. Information encryption is a complicated process that needs a lot of hardware resources. If you mention an abnormal decrease in workstation performance or notice a weird process in the Process Manager, you can shut down the computer, boot it in safe mode, and scan for viruses. Naturally, some information will be lost, but the other part of them will be safe.
    • Take notice to the pop-ups. The most effective manner of file restoration is the restoration via Shadow Copies, so hackers have added the removal of SC in the primary features of malware. The deleting of copies requires admin rights and user's confirmation. So, if you do not accept alterations from a strange software at the right moment, you will reserve the way to restore all encrypted files free of charge.
    • Attentively study your mailbox, especially the messages that have attached files. The #1 model of fraud letters is the notification about prize gaining or package earning. The #2 efficient kind of such messages is a forgery for biz correspondence. appeals, summaries, lawsuits, Bills for services or goods and other sensitive information don't be sent accidentally, and the receiver should know the sender. Otherwise, it is a fraud.

Virus uninstalling isn't the happy end - it's only a first move from many until the total file restoration. To get back the data you will have to familiarize with the tips in the following section of our entry. To get rid of the malware, user needs to boot the PC in safe mode and scan it through antivirus. We do not advise anyone to remove the virus in manual mode, since it has many defensive mechanisms which could interfere you. The most common viral protection manner is the deletion of data in event of file restoration or malware deletion attempt. This is very bad, and the below paragraph will assist you to avoid it.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After erasing THT from the system, you should decrypt the polluted information. Actually, this is not literally decryption, as the encrypting algorithms used by web-criminals are too complicated. There are the lucky exceptions, but generally file restoration takes plenty of time and efforts. If you're really interested in the independent information restore - take a look at our item, which describes all the easiest ways: article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.