Coharos Virus


This page aims to help you remove Coharos for free. Our instructions also cover how any Coharos file can be recovered.

Ransomware viruses like Coharos are a dangerous form of computer malware that is mainly used as a money-extortion tool. The goal of the people behind this type of viruses is to blackmail their victims, forcing them to make a money payment. The leverage which allows the hackers to demand money from their victims is the lockdown on the victims’ files that the Ransomware virus imposes. Once a Ransomware enters a given computer, it quickly scans the machine for a wide variety of file types. Any files that belong to the predetermined file types that get found on the infected machine get encrypted by the Ransomware. The file-encryption prevents the targeted users from accessing any of the affected files, and this gives the hackers the opportunity to initiate their blackmailing harassment. Typically, the users would be promised a full data recovery if they pay. According to the hackers, a special decryption key would be send to the users once the payment is made. Indeed, accessing an encrypted file requires the use of the corresponding decryption key. However, the problem with paying the hackers is that you can’t really know if they would really give you what you seek – the access key to your files. The people whoa re blackmailing you couldn’t care less if you actually get your files back or not. All they are after is your money, and as soon as they get it, there is nothing that can make them provide you with the needed access key.

The .Coharos virus

The Coharos virus is the newest ransomware of the “STOP” strain – which is the biggest strain in 2019. The Coharos Virus employs traditional tactics to infect and demand ransom from victims like spam documents and the following message:

Coharos Virus

After the .Coharos Virus is done encrypting your files, it will leave a _readme.txt file with instructions.

As we pointed out above, paying the ransom that the hackers demand may not really be a very good idea because you may lose quite a lot of money and still remain unable to access your data. Our advice in case you have gotten attacked by the Coharos Ransomware is to first remove the infection and then attempt to restore your files through alternative methods that do not involve the payment of the ransom. Sadly, there aren’t all that many such alternatives out there, and none of them are universal and guaranteed to work in all cases. Still , if you want to keep your money, and still stand a chance of restoring some of your files, you should definitely make sure to get rid of Coharos, and only then try to bring back your data.

Fighting the .Coharos file encryption

As seen on the picture below, the .coharos file appears as an extension behind what the normal files are named. The .coharos file encryption can currently be only decrypted in its offline version.

Coharos Virus

How an encrypted .Coharos file will look like.

As was already mentioned, when one is faced with a Ransomware cryptovirus such as Coharos, Masok or Mtogas the options of recovering the locked data are rather few. Still, our guide from this page should help you eliminate the insidious piece of malware and then try some restoration suggestions which may help you get back some of your inaccessible files. The first section of the guide is dedicated to removing the infection, and it is where you should start. Once the Ransomware is no longer in your computer, you can move on to the suggested data restoration options that you will find in the second section of the guide. In case you have any questions related to this malware, feel free to ask them by writing us a comment down below


Name Coharos
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms If you get Ransomware, you may not know it until you realize that your files can’t be opened.
Distribution Method Misleading web messages, sketchy ads, pirated content, etc.
Data Recovery Tool [banner_table_recovery]
Detection Tool

Coharos Ransomware Removal

Coharos Virus

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Coharos Virus


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

Coharos Virus

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Coharos Virus
Drag and Drop File Here To Scan
Coharos Virus
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

    Coharos Virus

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    Coharos Virus

    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:

    Coharos Virus

    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.

    Coharos Virus

    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

    Coharos Virus 

    How to Decrypt Coharos files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.


    Leave a Comment