How to remove Horon virus and restore encrypted files

If you fell a victim of a ransomware and you know that it is the Horon program – on this website you will find useful info. We suggest simple and safe advice about Horon deletion and practicable methods to restore the encrypted info.


Ransomware can be considered a scarecrow of mankind, and everyone knows that if a pop-up says: “files are encrypted” – the things are going bad. It is a true, unfortunately. An encrypting virus is the most dangerous threat that you may meet in the Web since a common man has no resources to uninstall it. The single case when you can beat ransomware is if you’re not dealing with a true one, but a screenlocker, that covers the display and attempts to trick you into paying a ransom. In all other events, if a virus was developed and secured in a right way – you can only trust that malware fighters will beat it. If fraudsters failed somehow, and a malware has some drawbacks, that allow you to restore files – you'll find a cure in our guide.



Ransomware is driven by a completely legal encryption algorithm which encrypts the folders on customer’s computer and makes them unreadable if you have no key. That key is also encrypted with another method. In most cases, web-criminals prefer RSA and AES manners, that are known for their complexity and fail-safety. These algorithms and the software based on them are freely available in the Net, so web-criminals only need to add security mechanisms, to block an admittance to a program, and create the perfect control and update scheme. Some encrypting programs might act independently, and swindlers get a report about a new victim only when he approaches them and forwards the ransom. The complex viruses are more active, and deliver reports to thousands URL's, to puzzle the security specialists and throw them off virus’ track.


Regardless of ransomware’s type, the AES and RSA algorithms are very complex to bruteforce them. It it requires hundreds of years to make all needed calculations on a common computer and, maybe, few decades in case of usage of an industrial gear. There are two solid methods to defeat a ransomware: to find vulnerabilities in its code, or hack its database, to get encryption keys. Rare ransomware examples also have a switch, able to cease virus' operation totally or to scare it off the infected PC. If some parson discovers that switch for this ransomware, or publish a decryptor, we will give you full info in this item.


There are several methods to inspect, before yielding and waiting for a decryption program. As it is said above, swindlers also fail, and some peculiarities of the operating system might support you to restore information.


  • If you don't use the Windows via an administrator's entry – you're really fortunate. The point is that your operating system replicates any information before they’re eliminated or altered. Those copies are known as the SVC, and Horon knows how to delete them. If you're using the regular account – the operating system requests for a permission at the very moment Horon starts to delete shadow copies. In case you've seen such confirmation and declined it – it means that the SVC are fine, and might be used to get back the data.
  • A protected copy is the sole fully effective way to restore your information, but you should get rid of Horon prior to it. Ensure that Horon is removed in full, as if it isn't – all data will be spoiled again, including the files that were kept on an outer hard drive.


In case you checked all these opportunities and there is no possibility to recover encrypted data – you better delete Horon from your system and wait until a decryption software will be developed.

How to remove Horon

As about the deletion – there’s no possibility to fully elude an automatic mode. This ransomware is very cunning and you could pass some remains and then suffer from it (for example, when you connect an outer drive with the saved files to a not-completely-clean computer). It knows how to lurk pretty good, so you literally can't delete it fully on your own. Knowing this, we’ve created an effective elimination specification that will assist you to beat this problem. It consists of a few by-hand phases and one extra AV software phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

We suggest you to test Spyhunter anti-viral program that is not just efficient, but also light weight and continuously evolving antivirus that is able to clear the PC of all perilous programs. Click the link below to download our tool and get rid of the virus.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

As you removed the ransomware, it's time for the data restoration. As you know now, if you use an admin account and you permitted Horon a pass into the device – there is no manner to recover the data aside from the previously saved copies. If you don't remember this – you have poor fortunes for data restoration, but it will require peculiar recovery software. We advise you to try Recuva or ShadowExplorer programs. You can download these programs easily on the official websites of their developers, with thorough guides.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience