Severity scale:  

Tron ransomware. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware

Tron is a dangerous ransomware that renders personal files inaccessible

Tron ransomware virus illustration

Tron is a dangerous cyber infection that initiates unauthorized system's changes and locks personal files of PC's owner. Detected in the middle of April 2018, the virus has been assigned to ransomware[1] group of viruses targeting English-speaking users. It can be recognized by a .tron file extension appended to the locked files and email address. Currently, victims are urged to pay 0.05 BTC within ten days to get Tron decryptor.

Name Tron
Classification Ransomware
Symptoms Personal files feature .tron file extension and cannot be opened. Anti-virus program cannot be launched
Danger level High. Locks files, urges victim to pay the ransom, tries to evade Tron removal
Contact info
Size of redemption 0.05 BTC
Download Reimage and run a scan with it to eliminate ransomware virus

According to cybersecurity experts from,[2] Tron ransomware is yet another masterpiece of Russian hackers. Hybrid analysis revealed that it self-destructs as soon as it recognizes Russian locale. If the locale falls for the target list, crypto-ransomware enables AES-256 cipher and starts data encryption. It locks all file types that are located in the following folders:

  • Recent
  • MyPicture
  • MyMusic
  • MyVideos
  • Personal
  • Favorites
  • CommonDocuments
  • CommonPictures
  • CommonMusic
  • CommonVideos
  • CommonDesktopDirektory
  • Desktop

It will also corrupt AppData and LocalAppData folders. Each encrypted file will be marked with .tron file extension. It does not drop the ransom note in a typical way. The victim is redirected to the window of instructions when he or she attempts to click on file encrypted by Tron virus. The note contains the following information:

All your files are encrypted

What happened to my computer?

Your important files are encrypted. Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.

Can i Recover my Files?

Sure, We guarantee that you can recover II your files safely and easily.
But you have not so enough time. You have only have 10 days to submit the payment. Also, if you don't pay in 10 days, you won't be able to recover your files forever.

How Do I pay?

Payment is accepted in bitcoin only. For more information, click “How to buy Bitcoin”. Please check the current price of bitcoin and buy some bitcoins. And send the correct amount to the address specified in the window. After your payment you need to write to us on mail. We will decrypt your files.

We strongly recommend you to not remove this software, and disable your anti-virus for a while, until! you pay and the payment gets processed, if your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!

Amount 0.05 [ Copy ]
Bitcoin address DzNaZiWzBwUr8ymWHcSzbYGidutRNDuEs [Copy]
EMAIL supportjron @gmail .com [Copy]

Tron ransomware virus demands its victims to pay a 0.05 BTC (approximately 400 USD) within ten days. The victim is asked to write an email to and indicate a personal ID number.

However, we would not recommend communicating with hackers or even more paying the ransom. There's no guarantee that they will provide you with a working Tron decryptor. It might be that they do not store one at all.

In case of attack, we would strongly recommend you to download Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus, Malwarebytes Anti Malware or another professional anti-virus program, and run a full system scan with it. Beware that outdated anti-virus might lack for definitions and fail to remove Tron ransomware. Therefore, we would strongly recommend you to initiate the removal with an updated security tool only.

Do not open attachments of suspicious emails – high-risk of ransomware infection

Hackers know many strategies to disseminate cyber infections on a massive scale. They exploit multiple social engineering techniques,[3] including but not limited to malspam, fake software updates, phishing sites, and so on.

Nevertheless, malicious spam email attachments are the primary method used to spread ransomware for more than a decade. Crooks impersonate authorities or well-known companies and address relevant topics, such as lawns, payments, taxes, and so on. Spam emails can contain either an infected link or an attachment.

Apart from spam emails, be extremely careful with rogue software updates and other questionable offers that show up on suspicious websites in the form of a pop-up. Clicking on misleading ads and other content can trick you into downloading the potentially unwanted program (PUP) if not ransomware.

A guide on how to remove Tron ransomware

Tron removal is the main thing that should concern you in case most of your files exhibit .tron file extension. Do not fall for converting your money to Bitcoin and sending them to crooks. That may appear to be a total waste of both money and time because criminals may not respond you at all.

To prevent this from happening, we would recommend you to remove Tron virus from the system using Reimage or another professional malware removal tool and then try to retrieve your data using alternative methods.

If you have backups, you don't have to worry. Get rid of Tron and then recover data using backups. If you don't have backups, try to exploit Volume Shadow Copies, Previous Windows versions or use Data Recover Pro.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Tron ransomware you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Tron ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

To remove Tron virus, follow these steps:

Remove Tron using Safe Mode with Networking

It's a common practice when ransomware infection blocks anti-virus programs. In case this is happening to you, boot the system into Safe Mode with Networking and try to launch it again.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Tron

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Tron removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Tron using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Tron. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Tron removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Tron from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Tron, you can use several methods to restore them:

Data Recovery Pro can retrieve most of the files

Although originally designed not for decrypting files corrupted by ransomware, it's a powerful tool that can retrieve most of the data encrypted by Tron. 

Exploit previous Windows versions

Even if you do not create System Restore Points regularly, Windows OS does that for you unless you have disabled System Restore function long time ago. If the function is available on your PC, follow these steps to enable a Restore Point (make sure to select the one that has been created before ransomware attack):

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try ShadowExplorer

ShadowExplorer is an third-party tool capable of exporting Volume Shadow Copies. Although ransomware tends to remove these copies, you can find out that by following these instructions:

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryptor available.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Tron and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions