How to remove Erenahen virus and restore encrypted files

Guide how to delete Erenahen ransomware virus and decrypt files corrupted by ransomware. Effective antivirus and programs that can restore lost information.

Erenahen ransomware virus

Erenahen ransomware had penetrated many computers in different parts of the world with help of easiest manner: scam e-mails with dangerous attachments. Also, scammers use zero-day vulnerabilities to take control over the PC, but big software companies promptly fix them. After the infection, ransomware checks the hard drive, determines the number of files to be encrypted and their rough value. Currently, any new virus is able to encrypt text, audio, video and image files in all popular formats. Extra attention is paid to business documents, because representatives of business are the main objective for hackers. All programs on PC will be untouched since criminals are interested only in information. Encryption is performed with the help of famous encryption algorithms, and its complexity is so above the average level that decipherment of files without a key is impossible. Such complexity gives reason for such a stunning efficiency of ransomware in recent years: common PC operator, even if he has a fairly high experience in suchlike things, won't ever be able to recover the data, and will have no way out except paying the ransom. The single manner to decrypt files is to hack the fraudster's site and retrieve the encryption keys. Also there's a way to withdraw the keys due to flaws in viruse's program code.

For any kinds of ransomware, one thing is correct: it's much simpler to prevent it than to cure it. For ransomware this is very relevant, since, in contradistinction to regular viruses, after eliminating ransomware from the PC, the fruits of its doings won't disappear anywhere. To protect your information, you should understand a few elementary rules:

    • Be careful with the e-mails which contain files. If the message was sent from an unknown sender and it notifies about earning some prize, a lost package or something like that, this might be ransomware. The second most effective type of these letters is a forgery for business correspondence. It is normal to be interested and read the e-mail even if it's sent to the improper address, but remember that one click on the attached file can cost you a lot of efforts, money and time.
    • Do not neglect the signs that your computer displays. File encryption is a complicated act that needs a large amount of PC resources. If you observe a noticeable decline in laptop power or see a unwanted string in the Process Manager, you need to switch off the machine, start it in safe mode, and run the antivirus. These measures, in case of penetration, will save a lot of your files.
    • Don't admit any changes to your computer, coming from strange programs. If the workstation is polluted by ransomware, it will endeavour to eliminate the shadow copies of your files, to make the recovery less possible. The removal of copies needs administrator rights and confirmation from the user. If you'll stop for a moment before verifying the changes, it may save your files and your efforts.

Erenahen removal isn't the happy end - it's just a one step in the long road before the total file restoration. To decrypt the files you should follow the instructions in the next section of this article. To deelete any virus, user needs to load the PC at safe mode and run the scanning with AV-tool. We do not recommend trying to uninstall the virus in manual mode, since it has numerous security mechanisms which will interfere you. Qualitative viruses are able to fully delete cyphered information, or some of it, if user attempts to uninstall the program. To neutralize this, follow the instructions below.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner

Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you performed all conditions, described in previous paragraph - it's time to decypher the files. We won't try to decypher the files, but we'll get them back through Windows features and the particular programs. There are the certain chances, but usually file recovery takes a lot of time and efforts. If you're very interested in the independent file recovery - take a look at this item, which shows all the very efficient methods.

To restore information, follow the article about files decryption.

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.