How to remove Horon virus and restore encrypted files

This article is dedicated to Horon ransomware, which penetrates PC around the world, and cyphers the files. Here we have gathered full information on what is ransomware and the removal of Horon from your system. Besides, we will tell you how to get back the cyphered information, if possible.

Horon ransomware virus

Horon ransomware had penetrated thousands of machines around the world through easiest way: fraud messages with viral attachments. Sometimes scammers use exploits to get into the computer, but well-known software companies promptly fix them. When infection takes place, the virus scans the PC memory to find the files for encryption and their rough value. Currently, any new ransomware is able to encrypt audio, image, text and video files in all most used formats. Extra attention is attracted to businesslike information, because businesspersons are the priority target for fraudsters. Horon targets only files with information, and does not spoil the software, so that the man can pay the ransom with help of an infected PC. Encryption is performed via well-known encryption algorithms, and its complexity is so above the average level that decryption of files without a key is impossible. This is the base for such an incredible effectuality of ransomware in recent years: common user, even having a good experience in suchlike things, will never restore the data, and will need to pay ransom. The sole manner to decrypt files is to hack the scammer's site and obtain the encryption keys. Sometimes it is possible to withdraw the keys due to faults in viruses’ program code.

The knowledge of computers is highly substantial in our century, since it assists you to guard the machine from harmful programs. Unfortunately, 90% of users see the significance of computer literacy just after ransomware infection. To defend yourself, you should understand these few elementary principles:

  • Do not accept any alterations to your computer, coming from weird software. The simplest manner of data recovery is the restoration via Shadow Copies, and the makers of Horon have included the removal of shadow copies in the basic features of malware. Anyway, deleting of shadow copies requires administrator rights and operator's confirmation. So, not confirming alterations from a strange software at the right moment, you will reserve the chances to decrypt all corrupted information for free.
  • Keep an eye on the status of your workstation. It takes a big part of hardware power to encrypt the data. If you notice a strange decrease in computer power or see a weird string in the Process Manager, you can unplug the machine, boot it in safe mode, and scan for ransomware. These measures, in case of infection, will save some of your data.
  • Be cautious with the e-mails that contain data. The #1 pattern of fraud e-mails is the notification about prize gaining or package obtaining. The other popular sort of such letters is a forgery for biz correspondence. It is OK to take an interest and read the letter even if it might be not for you, but remember that one click on the viral file may cost you lots of time, headache and money.

Virus removal is not the happy end - it is just a one move on the long road before the complete file restoration. If you delete Horon, you will not recover the data immediately, it will take multiple actions written down in the "How to restore encrypted files" section. To eliminate Horon, user needs to boot the computer in safe mode and run the scanning with antivirus. We do not advise you to eliminate ransomware manually, because it has different security mechanisms, which could interfere you. Qualitative malware can fully delete corrupted data, or part of it, when trying to uninstall the virus. To neutralize this, follow the advices below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you did all actions, mentioned in above paragraph - it is time to recover the files. We are not able to reverse the encryption, but we will recover them through Windows features and the additional programs. There are the few chances, but usually file restoration takes a lot of time and money. If you do not want to linger and are willing to get back the information by hand - here is the useful article on data recovery: article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.