Help Your Files Virus (help_your_files) Removal

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove Help Your Files Virus. These Help Your Files Virus removal instructions work for all versions of Windows. The help_your_files virus or help your files.png virus is commonly referred by users with these names because of the pop up image that is displayed on their screen when the ransomware first reveals itself.

If you have just been greeted by an unfriendly looking message with the name “help your files.png” informing you that all of your files have been encrypted then you have a big problem. This is a malicious application of a type known as Ransomware and it specializes in extortion by holding your data hostage.

help your files virus

Help Your Files.png Virus

Help Your Files Virus – methods of operation

Help Your Files Virus is not a pioneer in the Ransomware field. It operates much like the very successful Cryptowall and Cryptolocker Ransomwares, which are reputed to have made over $21 million until a successful method was discovered to shut them down. Once inside the infected computer Help Your Files Virus will make a list of the files to target – documents, videos, pictures or other useful files. Once that list is complete it will begin to encrypt the files on the list – this will turn them into an unreadable string of symbols through the use of an encryption key. Once a file is encrypted the original file will be deleted and only the encrypted copy will remain on the computer. The only way to recover these files afterwards is to obtain the encryption key used and this is exactly what the hackers are trying to sell you.

Name “Help Your Files”/ “Help Your Files.png”
Type Ransomware
Danger Level High
Symptoms Suddenly your files are locked out and you are unable to access them. You receive demands for payments to release them.
Distribution Method Almost always a Trojan.
Detection Tool Malware and Adware are notoriously difficult to track down, since they actively try to deceive you. Use this professional parasite scanner to make sure you find all files related to the infection.Sponsored

1: Enter Safe Mode.
2: Remove Help Your Files Virus from your system.
3: Permanently delete Help Your Files Virus from Task Manager’s processes.
4: Uninstall the virus from Regedit and Msconfig.

Is paying the ransom a good idea?

  • The hackers who created Help Your Files Virus want to make you believe that the only way to recover your encrypted files is to pay the ransom. That is, of course, a lie and it’s likely they are also threatening that any attempt to recover your files on your own will make them unusable.
  • This can happen, but only if you delete those files, rename them or change the newly added file extensions.
  • None of the recovery methods we’ll discuss below manipulate the encrypted files in a way that would damage them. If everything else fails you can always decide to pay the ransom as your last resort option.

Still we highly recommend against it. First remember that you have no guarantee that the people behind Help Your Files Virus will keep up their end of the bargain. After all they are criminals and outside the law already and have no reputation to protect. They could easily rip you off without any option for getting your money back. You will also be dealing with an automated system should you decide to pay, so if any problem occurs nobody will be able to help you deal with it. Lastly remember that any money paid to the hackers will likely get reinvested into a new and ever more dangerous Ransomware, which could in turn infect your PC in the future. The best course of action is to see what you can recover and don’t interact with the criminals in any way.

Dealing with the Help Your Files.png Virus

As previously mentioned help your files.png is basically the same virus. So it is not strange that our advice stays consistent with everything previously discussed. We strongly recommend you don’t pay the ransom. There are no guarantees that you will get what you are paying for, and at the same time it is highly inadvisable to support the Ransomware industry – in essence this is what happens when you decide to send the criminals money for your files. So what would be the alternative, you are probably wondering? Sometimes anti-malware companies are able to recover the encryption key through reverse engineering. Unfortunately that is not always possible and it requires time. Fortunately though there is another route we can peruse. Instead of trying to decrypt the remaining files it is possible to recover the originals – much the way you’d do it if you accidentally deleted them yourself. However first you need to remove Help Your Files Virus.png itself – otherwise it will just re-encrypt these files as soon as you recover them. You will find the instructions on how to do both in our detailed guide below.

Help Your Files Virus Removal

Things readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is just the first preparation.


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

The first mandatory thing is to allow you to see Hidden Files and Folders. Each version of Windows does this slightly differently.

  • I repeat – it’s extremely important you do this. Help Your Files Virus may have hidden some of its files and you need to see them to delete them.

Hold the Start Key and R againbut this time copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A .txt file will open – don’t type or change it. If you are hacked and someone has access to your PC, there will be a bunch of other IPs connected to you at the bottom. This is what a hosts file looks like:

hosts_opt (1)

If there are a bunch of strange IPs connecting to you below “Localhost” you may be hacked, and it’s best to ask us in the comments for directions.


Right click on each of the malware processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a malware, copy the folders somewhere, then delete the directories you were sent to. There’s a good chance Help Your Files Virus is hiding somewhere in here.


This is perhaps the most important and difficult step, so be extremely careful. Doing this can damage your PC significantly if you make a big mistake. If you are not feeling comfortable, we advise you to download a professional Help Your Files Virus remover. Additionally, accounts connected to your credit cards, or important information, may be exposed to the virus.

If you do not remove the virus completely it could leak the information to its creator, so be careful!


Right click on each of the virus processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.


Take a look at the following things:

Type msconfig in the search field and hit enter: you will be transported to a Pop Up window.


Go in the Startup tab and Uncheck entries that have “Unknown” as Manufacturer.

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If you can’t find them this way, look in these directories, and delete/uninstall the registries manually:

    1. Type regedit in the Windows Search Field. Search for the ransomware (try typing its name) in your registries and delete anything with that name. But be extremely careful – if you delete the wrong thing here, you can damage your system.
    2. Type %temp% in the Windows Search Field and delete all the files in the folder you are transported to.

Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with Help Your Files Virus

There is only one known way to remove this virus successfully, barring actually giving in the to the demands of the people who created the virus – reversing your files to a time when they were not infected.

There are two options you have for this:

The first is to do a full system restore. This can take care of the file extension for you completely. To do this just type System Restore in the windows search field and choose a restore point. Click Next until done.

system restore_opt

Your second option is a program called Shadow Volume Copies.

Open the Shadow Explorer part of the package and choose the Drive (C or D usually) you want to restore information from. Right click on any file you want to restore and click Export on it.

Did we help you? Please, consider helping us by spreading the word!


    can you be more clear with the 3rd step?

    • HowToRemove.Guide Team

      Hi Vishal Ravindran,
      Unfortunately, no, we can not, because the virus has different versions, which have different files and processes. If we were to post the processes here, then the Help your Files virus creator will just change the names in the next version/update of the virus and we will end up simply misleading people like you.
      If you have a hard time determining which processes are malicious, I suggest you download the scanner from our advertisements – it will help you determine which files and registries are a threat.