Ransomware viruses are today more popular than ever before. Over the past few years they have enjoyed a rapid growth in numbers and sophistication, which is also what makes them the dangerous threat that they are today. One of the latest variants of this malware category is better known as .Onyon Virus and is also one of the most devastating ransomware viruses, due to the complex encryption it uses to block your files from you.
Then, as you have probably already experienced for yourself, the virus displays a shocking ransom notification on your screen, stating that your files have been locked and you will not be able to regain access to them, unless you a pay a fat sum of money, typically also within a given time frame. Our first advice to you is not to panic and remain calm for the next few minutes as you read through the following article. It contains all the necessary information regarding how .Onyon Virus operates and how you are likely to have gotten infected. Furthermore, below you will also find a removal guide that will show you how you can effectively remove the virus from your system and potentially also restore the data it has encrypted.
How .Onyon Virus works and why it’s so successful
One of the key reasons why this particular malware category is as numerous as it is today is because it’s actually a very lucrative criminal business scheme. This is also a good reason not to opt for the ransom payment – at least not right away. But more on that later. For now, let’s just explain in simple terms how these viruses work. Once in your system, .Onyon Virus will scan your computer for certain file types, which can typically be images, documents, audio and video files, etc. After this it begins to create encrypted copies of those files, whilst simultaneously deleting the original files. As a result, you are left with data that you cannot open, no matter which program you use. And since encryption is not an inherently malicious process, most antivirus programs won’t even bother to try and contain or intercept it. This is also one of the reasons why these viruses are able to most of the time get away with their wrongdoings.
Another reason why ransomware viruses like .Onyon Virus often go undetected is because they are incredibly stealthy. On rare occasions seemingly random CPU and RAM spikes that you can monitor in your Task Manager could give them away, but you would need to be very observant and know exactly what you’re looking for. Now as for the ransom payment, it’s usually always requested in bitcoins and there’s a good reason for that. Bitcoins are nearly impossible to trace and ensure the hackers’ anonymity. Would you really want to contribute to them further evading persecution? In addition, it’s by no means uncommon that ransomware victims never even receive the decryption key they so desperately need to decrypt their files. Alternatively, it’s also possible that even upon receiving the promised key – it may not work flawlessly. With this in mind, you’re better off trying other options first and only then perhaps rely on the hackers as a last resort.
Such options include, first of all, removing .Onyon Virus from your system. This is essential, because no matter what you do from the on afterwards, if the virus still remains on your PC, it can just once again encrypt any of the files you manage to unlock. After that you can attempt to restore your data from any external backups, if you have any. Or you can refer to the instructions in the guide below to try and restore the files from system backups. This is very tricky business, so there’s no guarantee as to the success of this process in each and every separate case. As for avoiding these viruses from now on, we would recommend paying special attention to any incoming emails or other messages. They are what most often is responsible for the distribution of ransomware, so be sure to delete messages you don’t trust and don’t open their attachments. Another way to ensure yourself against ransomware attacks is to keep backups of your most important data on external drives, so that even in case of an infection, its effects will be neutralized.
.Onyon Virus Ransomware Removal
Prior to starting to execute the steps from the guide, we advise you to either bookmark this page or open it on a separate device since throughout the process of completing the guide, you might need to exit your browser.
1: Using Safe Mode
Before beginning to troubleshoot the issue, you are advised to enter Safe Mode on your PC. If you do not know how to do that, use this guide on how to enter Safe Mode.
2: Spotting the process
Open your Task Manager using the Ctrl + Shift + Esc key combination. Next, go to the processes tab and carefully look through the list for any shady entries. Usually, malicious processes will be consuming large amounts of CPU and RAM and will either have no description or will have a suspicious-looking one.
Once you identify the virus’ process, right-click on it and select Open File Location. Delete everything in the folder that opens if you are sure that the process was malicious. If you are not sure, contact us in the comments.
Go back to the Task Manager and end the potentially harmful process.
3: Hosts file IP’s
Go to your start menu and in the search field, paste the following address: notepad %windir%/system32/Drivers/etc/hosts. Select the first result and look at the bottom of the newly opened notepad file. See if there are any IP’s below “Localhost” and tell us in the comments if there were any IP addresses.
4: System Configuration Startup Programs
Type System Configuration in the Windows search bar and open the first result. Go to the Startup tab and take a look at the list of startup programs (on Windows 10, the Startup programs can be seen in the Startup Section of the Task Manager). If any of them look shady or have unknown manufacturer or a manufacturer with a sketchy name, uncheck those entries and click on OK.
Open the Run window (WinKey + R), type regedit and press Enter. Once the Registry Editor opens, press Ctrl + F and type the name of the virus. Select Find Next and delete whatever gets found that has the virus’ name. Do that with all search results.
6: Deleting potential virus files
Open the Start Menu and separately type each of the following locations: %AppData% %LocalAppData% %ProgramData% %WinDir% %Temp% . Open each of those folders and sort their contents by date. Delete the most recent files and folders. When you open the Temp folder, delete everything in it.