MoWare H.F.D Ransomware

What is MoWare H.F.D Ransomware?

MoWare H.F.D Ransomware was first spotted at the end of May of 2017. This relatively recent ransomware is yet another addition to the Hidden-Tear ransomware family. It was designed to encrypt your files but it does not work for some reason and, in fact, many ransomware infections that belong to this family often do not work for one reason or another. Of course, you should remove MoWare H.F.D Ransomware before its server comes back online and it receives instructions to encrypt your files. For more information, please continue reading.test

What does MoWare H.F.D Ransomware do?

This ransomware was designed to encrypt your files. However, it does not do that because the server it is supposed to connect to receive encryption instructions is down. As a result, this program can infect your computer but cannot do anything other than that, at least for now. Once it has infected your PC, it will put on a full-screen window stating that your personal files have been encrypted and locked.

This new ransomware was supposed to encrypt your files with an encryption algorithm that is impossible to decrypt. It was configured to encrypt many file types that include jp2, .jpeg, .jpg, .docb, .docm, .docx, .dot, .mp3, .mp4, .mpa, .mpe, .mpeg, and others. It appends the encrypted files with an “.H_F_D_locked” file extension that indicates that a file has been encrypted. This program should disable Windows Task Manager, Command Prompt and Registry Editor. Furthermore, it creates a Point of Execution (PoE) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with the value name MoWare H.F.D and value data "%AppData%\MoWare_H\MoWare H.F.D\1.0.0.0\MoWare H.F.D.exe." While it does most of these things, the good news is that it does not encrypt your files. So all you have to do is press Alt+F4 on your keyboard or press the “X” on the window to close this ransomware’s screen. Note that the screen is relaunched after some time.

Where does MoWare H.F.D Ransomware come from?

Our malware analysts say that MoWare H.F.D Ransomware might be disseminated via malicious emails that are sent from a dedicated email server set up by this program’s creators. The emails can pose as receipts, invoices, and so on in order to trick you into opening them. The emails feature this ransomware as an attached file that, once opened, will infect your PC with this ransomware. Another distribution method used is fraudulent downloads. Researchers say that this program can be bundled with malicious software installers or come with pirated software. The bundled installers can install this ransomware by stealth, and if you do not have an anti-malware program, then there is no way to prevent the infection.

How to remove MoWare H.F.D Ransomware

We hope you found this article insightful. While MoWare H.F.D Ransomware has the potential to cause some major damage to your files, it, at least currently, does not work as it supposed to. Therefore, you can remove it from your PC and not have to deal with the consequences of your files being permanently encrypted. You can eradicate this ransomware using an antimalware program such as SpyHunter or use our manual removal guide provided below.

Removal Guide

  1. Press Windows+E keys.
  2. Type C:\Windows\System32 in the address box of File Explorer and hit Enter.
  3. Find cmd.exe and double-click it.
  4. Then, press Windows key.
  5. Enter gpedit.msc in the Search programs and files section.
  6. In the Group Policy window, go to User Configuration>Administrative Templates>System.
  7. Then, open Prevent access to the command prompt
  8. To Enable cmd select Disable.
  9. Press the OK button.
  10. Then, Press Windows+R keys.
  11. Type gpedit.msc in the box and hit Enter.
  12. Go to User Configuration>Administrative Templates >System.
  13. Double-click Prevent Access to registry editing tools.
  14. Encircle Disabled and click OK.
  15. Then, go to User Configuration>Administrative Templates>System>Ctrl+Alt+Del Options
  16. Double-click Remove Task Manager.
  17. Set its value to Disabled or Not Configured.
  18. Press Ctrl+Alt+Delete.
  19. Select Task Manager.
  20. Go to the Processes tab.
  21. Find MoWare F.H.D, right-click it and click End Process.
  22. Go to the location of the file by pressing Window+E keys
  23. Enter %AppData%\MoWare_H\MoWare H.F.D\1.0.0.0\ in the address box and hit Enter.
  24. Find and delete MoWare H.F.D.exe.
  25. Lastly, Press Windows+R keys.
  26. Type regedit in the box and hit Enter.
  27. Go to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  28. Delete MoWare H.F.D.
  29. Close the Registry Editor. 100% FREE spyware scan and
    tested removal of MoWare H.F.D Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *