Remove Erenahen Virus (+ .Erenahen File Recovery)

erenahen virus


erenahen virus
The Erenahen Virus will encrypt your files

Ransomware is a term that is used in the cyber circles to describe a very malicious type of programs that encrypt computer files and force their users to pay a sum of money, often in the form of some virtual currency, to regain their access. These malicious programs are used on computers as well as on tablets and smartphones and can lead to a lot of problems for the victims, whose data has been blocked. Usually, a file-encryption code (which is very hard to remove) is used to render the files inaccessible and the only way to reverse that encryption is to apply the corresponding decryption key for it. The hackers, who stand behind the malware hold that key and ask the victims to pay for obtaining it.

If you are reading this page, you have most probably been greeted by a ransom-demanding message with a similar ransom-demanding message, that has informed you that your files have been secured and you have to immediately pay a certain amount of money to access them again. If the source of that message is a program called Erenahen, then stay with us because, in the next lines, you will find a special Erenahen removal guide and some alternative file-recovery instructions, which do not involve paying money to the hackers.

How do the Ransomware infections work?

Hackers generally take control of computers by taking advantage of system vulnerabilities and of the users’ carelessness when surfing the web. Most often, the contamination with infections such as Erenahen, Meds, Moka and other Ransomware variants happen when the person visits a website already infected or when he opens an email that invites him to click on a link or to download an attachment. In a few seconds, the malicious program can be integrated into the system without showing any visible symptoms. Then, once nested in the computer, it immediately starts encrypting the files stored on the hard drives and thus prevents the user from accessing them. In most cases, a threatening notification demands a ransom in exchange the decryption key.

Is the use of infections like Erenahen frequent?

Yes, the number of Ransomware infections is only going up with each day. In the last few years, many new variants of Ransomware have been detected. According to security researches, the number of detected cryptoviruses is increasing rapidly and more sophisticated versions are getting released. Often, the crooks behind the infections ask for relatively small amounts of money but over time, the overall sum gained by the hackers could get quite high.

Paying the ransom (be it little or big), however, is not a good idea, because this only encourages the criminals to create more infections like Erenahen and to blackmail more and more people. Therefore, professionals in the cyber industry recommend that the victims opt for alternative methods, the focus of which is to remove the Ransomware and save the files which can be saved without paying a ransom. And this is exactly what we are going to offer you in the removal guide below.

How to protect yourself?

Make frequent updates of your security programs, which patch security holes exploited by viruses. In the event of an infection, the infected computers should be disconnected immediately from any networks to which they may have been connected in order to avoid contamination down the line. Contacting a security professional in your area is recommended if you don’t know how to handle the attack on your own and if you aren’t able to complete the steps from our guide or use the removal tool in it.


Name Erenahen
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms Very few and unnoticeable ones before the ransom notification comes up.
Distribution Method From fake ads and fake system requests to spam emails and contagious web pages.







Remove Erenahen Virus

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to Erenahen

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that. 

hosts_opt (1)

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Erenahen.


4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10,  it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Erenahen , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – Erenahen

Type each of the following locations in the Windows search box and hit enter to open the locations:






Delete everything you see in Temp linked to Erenahen RansomwareAbout the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: Erenahen Decryption

The previous steps were all aimed at removing the Erenahen Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.

Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.

Leave a Reply

Your email address will not be published. Required fields are marked *