Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Hentai Onichan Ransomware

When Hentai Onichan Ransomware attacks, all personal files are encrypted and the ".hor" extension is added to the original names to mark them. So, for example, a file before encryption named "picture.jpg" is renamed to "picture.jpg.hor." We cannot understand why this specific extension was used, but the creator of the threat is responsible for naming it. The name is included in the ransom note that is dropped once files are encrypted. The purpose of this note is to convince them to pay a ransom, but the size of this ransom is ridiculously high, and so we believe that perhaps this malware is still being developed. Maybe someone has more time on their hands than usual, and they are simply building inactive ransomware threats for their own entertainment. We hope that that is the case, but we also have to consider the possibility that this threat is spreading actively. Continue reading to learn how to secure your system and also how to remove Hentai Onichan Ransomware if it slithers in.

Hentai Onichan Ransomware might use spam emails or bundled downloaders to trick users into executing the infection’s launcher themselves. Other active threats and existing system/software vulnerabilities could be exploited also. All in all, the fact that this malware managed to get in signifies that you do not have reliable protection for your Windows operating system, and that is a huge problem. If you yourself do not catch and delete Hentai Onichan Ransomware right after it is executed, the threat encrypts files immediately. It also drops its own malware files. According to our research team, the ransomware creates temporary files in the %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup folder, and the names of these files are likely to take on the names of legitimate files. For example, "lsass.exe," "svchst.exe," "chrome32.exe," "mysqld.exe," crcss.exe," "firefox.exe," "opera32.exe," "spoolcv.exe," "calc.exe," or "ctfmom.exe." These files, just like the launcher file, should delete themselves after files are encrypted and the attack is complete. Of course, you should inspect your system for any potential leftovers anyway because you do not want to miss any threats.

The main file dropped by Hentai Onichan Ransomware is called "HELP_ME_RECOVER_MY_FILES.txt," and it represents the ransom note. The message inside informs that victims have to pay a ransom of 30 Bitcoin to the 1ErGqSg86nW2kEH6dFwe217SNSCdcwWJQ7 Bitcoin Wallet and then confirm the payment and send a unique ID code to If you have not figured that out yet, 30 Bitcoin is an incredibly large sum of money. At the time of research, that converted to around $200,000. Perhaps, this is why the Bitcoin Wallet was also empty. Of course, it is more likely that Hentai Onichan Ransomware is not actively spreading at all. That being said, if you are hit by this malware, you DO NOT want to contact the attackers via email, and you certainly do not want to waste any of your money on the decryption services or tools allegedly offered by the attackers. In all cases, ransomware threats are designed primarily to extort money, and the attackers behind them could not care less about what happens with the victims’ files. This is why you always want to have backup copies stored outside the computer that holds the original files. If you have backups, you can use them to replace the files that were corrupted after you remove the infection.

Hopefully, Hentai Onichan Ransomware deletes itself after your files are encrypted, in which case, you do not need to worry about finding and eliminating malware files. Of course, no one can guarantee that malware will act as predicted, which is why you want to check for leftovers. See the guide below for tips. Obviously, we recommend installing anti-malware software to help you with Windows security. Hentai Onichan Ransomware is just one of thousands of file-encrypting threats that could slither into your unguarded system, and so it is time for you to bite the bullet and invest in your virtual security. If you install anti-malware software, malware components that could have been left behind will be removed automatically. Another thing we suggest doing is creating file backups. If you have spacious external drives, you can use those to store copies of photos, docs, and other personal files you want to protect. Alternatively, you can implement cloud storage systems to back up files online. This might be the more convenient solution because online backups allow accessing files from any device.

Hentai Onichan Ransomware Removal

  1. Delete every copy of the ransom note file named HELP_ME_RECOVER_MY_FILES.txt.
  2. Delete all recently downloaded files from Desktop and the Downloads folder.
  3. Simultaneously tap Win+E to access File Explorer and enter %temp% into the field at the top.
  4. Delete any suspicious files or, better yet, delete all files.
  5. Enter %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup into the field at the top.
  6. Delete any suspicious files. Note that names can be misleading and deceiving.
  7. Empty Recycle Bin to complete the removal of any files you may have gotten rid of.
  8. Install a trusted malware scanner to inspect your system for leftovers.
Download Spyware Removal Tool to Remove* Hentai Onichan Ransomware
  • Quick & tested solution for Hentai Onichan Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.