ABC ransomware virus - How to remove

ABC ransomware virus is extremely dangerous computer infection that can attack your system and cause severe damage to it. First of all, you should know that files encrypted by ABC Ransomware will be unusable because this virus employs asymmetric cryptography to do the job.

Ransomware, as defined by Techtarget, is a “subset of malware in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack”. Usually ransomware infections are very similar and ABC virus shares qualities that are almost identical to other ransomware infections like Ordinypt virus and yet there is no straight answer how to avoid such malware and protect your computer.

ABC Ransomware remove

It is clear that the common way to get infected with ransomware is by opening an attachment to the email letter sent by cyber criminals. Usually those emails end up in the Spam category of your inbox, so not opening letters from that category would reduce your chances of getting infected with ransomware. Obviously, there are other ways to “catch” it, for instance your computer can get infected even when you are browsing social networks which are full of links to unreliable websites. Users often lacks knowledge in this particular field and make mistakes, therefore the best option is to outsource you computer’s security question to professionals – protect it with anti-malware software. Nowadays virus databases are being updated extremely fast therefore in most cases it would be able to block malicious files attempting to enter your computer in real time. You can always take a look at our review section of anti-malware tools and find out more about possible security solutions.

ABC virus operations

When infiltrated into your system, ABC ransomware will attempt to encrypt your files, so they could ask for a ransom in order to decrypt them. An extension of 8 random letters and digits will be added to every file and unique key for files decryption will be created automatically and stored on a remote server owned by cyber criminals.

New file named “READ_IT.html” will be placed in every single folder which contains encrypted files. It is a document with the instructions how to pay the ransom and receive decrypt, it goes like this:

All your files have been encrypted!
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Decryption as guarantee
Your documents, photos, databases and other important files have been encrypted cryptographically strong, without the original key recovery is impossible! To decrypt your files you need to buy the special software – “DECRYPTER” Using another tools could corrupt your files, in case of using third party software we dont give guarantees that full recovery is possible so use it on your own risk. If you want to restore files, go to on our site: 1) Download TOR-Browser (hxxps://www.torproject.org/download/download) 2) Run it 3) Go to hxxp://cr7icbfqm64hixta.onion
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Wait from us for reply to your mail within 48 hours.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Your personal ID: –

You, as a victim, are ordered to visit .onion website which belongs to developers of ABC ransomware and pay the ransom in Bitcoins. Let’s take a look at their website. It says:

ABC Decryptor™

We present a special software – ABC Decryptor™ –
which allows to decrypt and return control to all your encrypted files.

How to buy ABC Decryptor™?
You can make a payment with BitCoins, there are many methods to get them.
You should register BitCoin wallet:
Simplest online wallet or Some other methods of creating wallet
Purchasing Bitcoins, although it’s not yet easy to buy bitcoins, it’s getting simpler every day.
Here are our recommendations:

localbitcoins.com (WU) Buy Bitcoins with Western Union.
coincafe.com Recommended for fast, simple service.
Payment Methods: Western Union, Bank of America, Cash by FedEx, Moneygram, Money Order. In NYC: Bitcoin ATM, in person.
localbitcoins.com Service allows you to search for people in your community willing to sell bitcoins to you directly.
cex.io Buy Bitcoins with VISA/MASTERCARD or wire transfer.
btcdirect.eu The best for Europe.
bitquick.co Buy Bitcoins instantly for cash.
howtobuybitcoins.info An international directory of bitcoin exchanges.
cashintocoins.com Bitcoin for cash.
coinjar.com CoinJar allows direct bitcoin purchases on their site.
anxpro.com
bittylicious.com

Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases, backups, large excel sheets, etc.)

Wait, we’ll send you a Decryptor by email.

You are allowed to send 1 encrypted file for decryption, so it would serve as a proof that they have the technology to perform decrypting. However, it not recommended to contact cyber criminals or pay the ransom, because you can simply get scammed.

Restore files encrypted by ABC ransomware

Unfortunately, there is no decryptor for files encrypted by ABC ransomware available at the moment. However, there is a way to retrieve your files – by restoring system to a previous date. You can do it by following our system restore guide.

Besides the fact that your files might be still locked, you should remove files of ransomware infection itself. Download Spyhunter anti-malware tool and scan your computer with it. It will automatically detect and eliminate all files that are posing a threat to your computer in no time.

How to recover ABC ransomware virus encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:


for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode
 

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again.CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before ABC ransomware virus has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3
 

Step 2. Complete removal of ABC ransomware virus

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Spyhunter and remove all malicious files related to ABC ransomware virus. You can check other tools here.  

Step 3. Restore ABC ransomware virus affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually ABC ransomware virus tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so. Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer. a) Native Windows Previous Versions Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
Previous version
b) Shadow Explorer It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover ABC ransomware virus encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download a data recovery program.
  • Install and scan for recently deleted files. Data Recovery Pro
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.

Manual removal

Leave a Reply

Your email address will not be published. Required fields are marked *