.Thor File Virus Ransomware Removal


This page aims to help you remove .Thor Virus for free. Our instructions also cover how any .Thor file can be recovered.

In the article below the focus is on one very threatening and harmful virus – .Thor. It falls into the category of Ransomware-based malware and is responsible for the encrypting of your recently and/or commonly used files, as well as for blackmailing you for money later, after the actual encryption has taken place. Such threats are maybe the most dangerous ones you might encounter in the cyber world.

Our page is based on howtoremove.guide’s instructions, specifically those in their .Thor Virus guide.

What makes the Ransomware-based viruses so horribly terrifying?

The malware group known as Ransomware consists of very harmful viruses, which are different, but all of them are very difficult to deal with. Even professionals, who have been in the software industry for years, might find it very complicated to fight such malicious programs. Basically, there could be various types of Ransomware-based viruses with different ways of functioning. The common feature among them is that they are all programmed to ask for ransom in exchange for undoing whatever they have done. The next paragraph gives better insight into the different versions of Ransomware.

Ransomware is divided into the following subgroups:

  1. The particular program described in this article, .Thor, belongs to the file-encrypting subtype of Ransomware. These programs are known to make files inaccessible to the affected user by locking them with a complex encryption key. It is really terrifying to find out that the threats in the notification that appears on your screen after the process of file-encoding are actually true, as the files mentioned as encoded are really inaccessible to you. Hackers then want you to believe that the only sure way of getting your data back is to pay them the requested ransom by further threatening you about the future of your files.
  2. There is also screen-locking Ransomware: these products are designed to lock your monitor by covering it with a huge ransom-demanding notification and making you unable to use any of your system’s features. Again, you are required to pay a certain amount of money in order to unlock your monitor and be able to access your computer’s features and the programs installed on it.
  3. Mobile devices are also not safe. You might catch the mobile version of these viruses on your phone or tablet. This Ransomware type, again, makes the screen of your device completely inaccessible to you by putting a huge ransom alert on it. The scheme is always the same – you are warned you are never going to access your device again if you don’t complete the demanded payment.
  4. Ransomware could also be used for making cyber criminals pay for their deeds. For example, many national security and intelligence agencies use viruses with the same code to persuade some hackers to pay for their illegal activities or to make their systems inaccessible to them and quit their harmful activities.

Possible sources of Ransomware

Such malicious programs might be found on various places on the web. There is nothing safe and no concrete source. However, according to the reports of the recorded infections, most of them have happened due to clicking on fake pop-ups while browsing or opening a spam email and its attachments. The virus automatically infects your device in the first case, as it comes as a drive-by download. In the second most common case, .Thor might be assisted by a Trojan horse and these two awful fellows might be lurking inside a suspicious letter together. Once you begin reading such a letter, the Trojan exploits any weakness of your PC and sneaks the Ransomware inside it. Of course, other possible sources exist, such as torrents, contagious websites and shareware. To be completely precise, anything could carry Ransomware with it as long as it is on the Internet.

The actual infection process takes place in the following way

No matter exactly how you have come across the virus, once .Thor is inside your system, it has full access to your drives. Firstly, the malicious program completes a full scan of them, trying to determine which ones are of greater importance to you. Then all of the detected data that matches that description becomes a victim of the encryption with a strong double-part key. Finally, a threatening notification appears on your monitor and you get informed about the unfortunate fate of your files. As far as fighting this malware goes, to our great disappointment, nothing is completely functional against Ransomware. You may succeed in removing the virus itself, but your files may remain encrypted no matter what you proceed with. Our advice is NOT to pay the demanded money, but to try to fight .Thor yourself. For that purpose we have created the removal guide below. We do not promise it will decrypt your files, but it will certainly help get rid of the virus, which is a crucial step.


Remove .Thor from your system

# 1


Enter Windows Safe mode.

  • Win 7 Users: Restart your PC –> keep on clicking F8 –> In the subsequent Menu select Safe Mode with Networking.
  • Win 8 Users: Start Button –> Control Panel –> System and Security –> Administrative Tools –> System Configuration –> In the subsequent Menu select Safe Boot –>
  • Win 10 users: Start Menu –> Power Options Menu –> Hold down the SHIFT button while clicking on Restart –> Troubleshoot –> Advanced Options –> Startup Settings –> Restart –> In the subsequent Menu select Safe Mode with Networking.

# 2

Open Task Manager and locate any processes associated with .Thor.

  • Press CTRL + SHIFT + ESC keys simultaneously –> Processes Tab –> Select a suspicious process (use Google or ask us in the comments if you are not sure about a process) –> Right Click and Open File Location –> End the suspicious process in Task Manager –> Delete the Folders containing the suspicious files.

# 3

Open the Registry Editor and search for .Thor.

  • Win 7 Users: Click Start and type regedit –> Enter –> Press CTRL + F buttons –> Type Cryp1 Virus in the search field.
  • Win 8/10 users: Start Button –> Choose Run –> type regedit –> Enter Press CTRL + F buttons –> Type .Thor in the search field.

# 4

Try to recover your files. First you will need System Restore.

  • Win 7 Users: Start button –> Type Windows System Restore –> Enter –> Open System Restore –> Select a Restore Point and revert to it.
  • Win 8 Users: Hold down the Windows key + Q –> Type Recovery –> Settings –> Choose the Recovery icon –> Open System Restore –> Select a Restore Point.
  • Win 10 Users: Start Menu –> Power Options Menu –> Hold down the SHIFT button while clicking on Restart –> Troubleshoot –> Advanced Options –> System Restore –> Select a Restore Point and apply it.

Secondly use program that can access your Shadow Copies.


  • Use Google to find the official website of such a program and download it.
  • Use the program to select the file types and the hard drive locations you want the program to scan for.
  • Start the scan and keep in mind that it might take a while.
  • Once the scan has been completed just select the files you want to be recovered.

If you have questions or suggestions feel free to use our comments section!

Leave a Reply

Your email address will not be published. Required fields are marked *