MoWare H.F.D Ransomware Removal Guide

Do you know what MoWare H.F.D Ransomware is?

MoWare H.F.D Ransomware is yet another Hidden-Tear-based ransomware that was designed to encrypt your personal files and then demand that you pay a ransom for a decryptor to recover your files. Fortunately, if your computer has become infected with this ransomware, you can remove it without hesitation because this ransomware in incapable of encrypting your files. Your PC can become infected with this ransomware through malicious emails and fraudulent downloads, so an anti-malware program is a must as the Internet if full of malicious software that can infect your PC when you least expect it.

Let us go over the distribution methods of this ransomware first, and then move on to its functions. Our cyber security experts have concluded that that MoWare H.F.D Ransomware is currently being distributed using malicious emails. Apparently, its creators have set up an email server dedicated to sending fake emails to unwary users that pose as legitimate invoices, receipts or tax return forms. The emails do not contain much text, but they should point you to the attached file that once opened will infect your PC with this ransomware. Another known distribution method is fraudulent downloads. Your computer can become infected with this ransomware as a result of installing malicious software bundles or pirated software. The sites that feature these fraudulent downloads are unknown at this point, but having an anti-malware program to protect your PC from such software is recommended. Researchers say that MoWare H.F.D Ransomware is based on the Hidden-Tear ransomware project, so it is in many ways similar to Executioner Ransomware, Resurrection Ransomware, Decryption Assistant Ransomware, among others. Now that we know how this ransomware is disseminated let us discus its functionality.

Once your computer is infected with MoWare H.F.D Ransomware, it will place a full-screen window over your desktop and claim that your personal files have been encrypted and that you have four days to pay the ransom to get your files back. If you fail to meet the deadline, then the sum to be paid is set to increase by 0.5 BTC. The starting ransom payment is 0.02 which is an approximate 50 USD. However, you should not panic and pay the ransom immediately as this ransomware is incapable of encrypting your files because its command and control server is probably down. If this ransomware, were to encrypt your files, then it would append them with an “.H_F_D_locked” file extension. Note that this particular ransomware has been configured to encrypt hundreds of file types, so most of your personal files could become inaccessible. This ransomware creates a Point of Execution (PoE) at HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. The value name is MoWare H.F.D, and its value data contains the file path %AppData%\MoWare_H\MoWare H.F.D\1.0.0.0\MoWare H.F.D.exe. The PoE is set to launch the ransomware on each system start-up which is not what you want. You can close the full-screen window by pressing Alt+F4 on your keyboard or clicking the X button on the window.

In closing, MoWare H.F.D Ransomware is just another ransomware-type infection that was supposed to encrypt your files but, luckily, it does not do that. Therefore, you can remove it without hesitation. You can delete it using our featured anti-malware program — SpyHunter or make use of the removal guide below. Note that this program also disables Task Manager, Command Prompt, and Registry Editor, so you have to enable them to delete this ransomware.

Enable the disabled Windows features

  1. Then, Press Windows+R keys.
  2. Enter gpedit.msc in the box and hit Enter.
  3. In the Group Policy window, go to User Configuration\Administrative Templates\System.
  4. Then, open Prevent access to the command prompt.
  5. To Enable cmd select Disable.
  6. Press the OK button.
  7. Then, go to User Configuration\Administrative Templates\System.
  8. Double-click Prevent Access to registry editing tools.
  9. Select Disabled and click on OK.
  10. Then, go to User Configuration\Administrative Templates\System>Ctrl+Alt+Del Options
  11. Double-click Remove Task Manager.
  12. Set its value to Disabled.

Remove the ransomware

  1. Press Ctrl+Alt+Delete.
  2. Select Task Manager.
  3. Go to the Processes tab.
  4. Locate MoWare F.H.D, right-click it and click End Process.
  5. Go to the location of the file by pressing Window+E keys.
  6. Type %AppData%\MoWare_H\MoWare H.F.D\1.0.0.0\ in the address box and hit Enter.
  7. Locateand delete MoWare H.F.D.exe.
  8. Then, press Windows+R keys.
  9. Type regedit in the box and hit Enter.
  10. Go to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  11. Delete MoWare H.F.D.
  12. Close the Registry Editor.

In non-techie terms:

MoWare H.F.D Ransomware is a Hidden-Tear-based ransomware that was created to encrypt your files but it does not as it does not function fully. Its developers distribute it using malicious emails and fraudulent downloads, so it can enter your PC secretly. You should remove this program as soon as possible, so do not hesitate and make use of the removal guide above.