H0lyGh0st Ransomware

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Source of claim SH can remove it.


H0lyGh0st is a recent cryptovirus that belongs to the subcategory of subcategory of ransomware that encrypts personal user files rendering them inaccessible. Since H0lyGh0st is a relatively new infection, the number of victims that have been affected by it is currently steadily going up.

The H0lyGh0st ransomware is dangerous and harmful software program

If you have never encountered a ransomware PC virus, you can consider yourself lucky in that regard. This category of dangerous and harmful software programs are currently a cyber-nightmare due to two main reasons. One is that they are extremely difficult to detect and and another is that they are just as tricky (if not more) to deal with after they have infected a computer system.

One peculiar thing about this particular form of malware is that it doesn’t really harm anything on the PC (at least initially). Most ransomware viruses take a different approach in comparison to other illegal and harmful programs. Instead of causing system, data or software corruption and instead of seeking to mess with the user’s virtual identity, ransomware infections simply lock the user’s personal files with a complex encryption or they block the actual screen of the infected machine.

The H0lyGh0st virus

Note that removing the H0lyGh0st virus and retrieving your files are two different things. While the chances of you managing to get rid of the H0lyGh0st virus are rather high, restoring the access to your files is a whole different story.

Although our guide also includes suggestions regarding how you might be able to restore your data, we cannot promise anything. This is actually what the hackers behind H0lyGh0st and Ggwq are counting on. Once your data gets locked, they offer to send you a decryption key if you agree to send them a certain amount of money. This is basically the whole purpose of this virus – to facilitate the cyber-criminals’ blackmailing scheme.

Now, you can choose to ignore our suggestions and instead of trying our guide and the data recovery methods that we have added to it and directly make the payment. However, we ought to tell you that paying the money also doesn’t guarantee successful data recovery – nothing can make the hackers send you the key to your sealed files regardless of whether you carry out the transaction or not. Sometimes, users get lucky after paying and are indeed given the means to regain access to the files but this is not always the case.

In the end, it is up to each individual to decide for themselves yet our advice for all potential victims of H0lyGh0st is to first try out our free removal guide and its data recovery instructions (that might or might not work) and only then, if you still believe that it’s worth it, consider risking your money by sending them to criminals that you certainly cannot trust.

The .h0lyenc file

The h0lyenc file is both really difficult to detect and very tricky to deal with after an infection has already occurred. Because of its use of encryption – a process that normally isn’t regarded as harmful, spotting the h0lyenc file is made highly unlikely even if there’s a reliable antivirus program installed on the targeted computer.

Needless to say, there are also pretty much no symptoms other than occasional decrease in the productivity capabilities of the computer (in other words, a slowdown) due to higher use of RAM and CPU which is oftentimes difficult to notice.

Due to all of this, your best bet for potential future encounters with ransomware is to simple make sure that the virus never enters your system. To make sure your machine stays safe and secure, we highly recommend you never visit any unreliable or sketchy web locations and that you never download software from sources that may not be trustworthy. Needless to say, you shouldn’t open shady e-mails that might be spam and interact with any links or file attachments they might hold. The same applies to any other form and type of questionable online content: suspicious ads, misleading web offers, fishy-looking banners and pop-ups.

A great tip when it comes to keeping your most important data secured is to have all of it backed up on a separate location – it could be a cloud or an external drive, just make sure that you always have backup co pies of any files that are valuable to you. Now, if H0lyGh0st is currently on your machine and your data has already been sealed by it, you can take a look at our removal guide manual and see if it does the job for you.


Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
SymptomsVery few and unnoticeable ones before the ransom notification comes up.
Distribution MethodFrom fake ads and fake system requests to spam emails and contagious web pages.
Data Recovery ToolNot Available
Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Source of claim SH can remove it.

Remove H0lyGh0st Ransomware


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).



*Source of claim SH can remove it.

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 


Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.



    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    hosts_opt (1)


    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:



    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!



    How to Decrypt H0lyGh0st files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1