ABANTES Ransomware

What is ABANTES Ransomware?

ABANTES Ransomware is based on an open-source threat known as Hidden-Tear Ransomware. Unlike most of the other file-encrypting applications created with Hidden-Tear Ransomware’s code, the malware does not demand a ransom. It looks as if the hackers created the threat for no other reason except to damage the infected computer’s system and the victim’s private files. Afterward, the malware may show an annoying message that tells victims not to kill any processes, delete the malware, or use antimalware tools. The note claims that if the user does not stick with the rules, his computer “will die.” However, it might not matter if you keep with the malware’s rules or not. If the threat rewrites the computer’s MBR (Master Boot Record), you might be forced to reinstall Windows. Otherwise, you might be able to get rid of it with a reputable antimalware tool or the deletion instructions placed below.testtest

Where does ABANTES Ransomware come from?

Usually, threats like ABANTES Ransomware enter the system with files downloaded from unreliable sources, e.g., Spam emails or unreliable file-sharing websites. Thus, the best way to guard the system against such malicious applications is to be careful when opening files received or downloaded from untrustworthy sources. Even if data does not look malicious, it would be smart to check it with a legitimate antimalware tool. Sometimes malware installers look like text documents, pictures, updates, or other files no one would suspect, which is why being cautious is so crucial if you want to keep your system protected.

How does ABANTES Ransomware work?

As we explained earlier, ABANTES Ransomware can encrypt various private files. For example, our researchers at Anti-spyware-101.com say it could affect data with the following extensions: .jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .c, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .rar, .zip, .7zip, .7z, and so on. Recognizing affected data should not be difficult since each locked file ought to receive a specific extension, e.g., picture.jpg.Abantes.

Furthermore, ABANTES Ransomware is highly annoying too, as once it encrypts files it targets, it might start showing various messages. Such notifications are supposed to tell what according to the threat’s creators the victim cannot do. Mainly, the listed rules ask not to do anything that could damage the malicious application. At the same time, the malware might place a disturbing image as your Desktop picture, disable your Task Manager, and change your username to “Abantes was here.” Lastly, the threat could delete Registry data and rewrite the computer’s MBR. Consequently, the system ought to crash and you might be unable to restart it. Whether the malicious application does this or not, we recommend erasing it at once.

How to remove ABANTES Ransomware?

Probably the easiest way to deal with the threat is to use a legitimate antimalware tool. Also, the steps placed below can tell you how to delete ABANTES Ransomware manually. Unfortunately, both of these options might be unavailable if the malware rewrites your computer’s MBR. If this happens your only hope to eliminate the malicious application is to reinstall the operating system. Keep in mind that removing the malware will not decrypt your files, so you will most likely have to use your backup data.

Erase ABANTES Ransomware

  1. Click Windows key+E.
  2. Locate these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  3. Locate the malicious application’s launcher.
  4. Right-click it and select Delete.
  5. Navigate to: C:\Windows\Defender
  6. Find the listed files:
    Action.bat
    logonOverwrite.bat
    cursor.cur
    icon.ico
    LogonUIStart.exe
    IFEO.exe
    Payloads.dll
    Rules.exe
    LogonUi.exe
    explorer.exe.mui
    authui.dll.mui
    data.bin
  7. Right-click them and select Delete.
  8. Exit File Explorer.
  9. Press Windows key+R.
  10. Insert Regedit and click Enter.
  11. Locate the given directory: HKLM\Software
  12. Find a key titled Abantes.
  13. Right-click it and press Delete.
  14. Exit Registry Editor.
  15. Empty your Recycle Bin.
  16. Restart the computer. 100% FREE spyware scan and
    tested removal of ABANTES Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *