Aviso Ransomware Removal Guide

If you do not think that you can get in trouble just by opening a harmless looking spam email attachment, we want to introduce you to Aviso Ransomware. This ransomware infection belongs to the Crypt888 family along with Mircop Ransomware and the new version of Petya Ransomware. According to our research team, this ransomware is a threat only for Windows users who live in Brazil. If you have faced this infection living in a different region, you should write a comment down below. As you can probably guess, this ransomware is spread via spam emails, and we have to warn you that the malicious launcher can be concealed. Cyber criminals would not stand a chance at spreading the infection successfully unless they represented it in an alluring, misleading manner, which is why the malicious .exe file is likely to be concealed as a PDF or JPEG file corresponding to the fake message in the spam email. If you have not faced this ransomware yet, immediately back up your files and implement security software. If you already need to delete Aviso Ransomware from your PC, keep reading.

When the malicious Aviso Ransomware enters your operating system, it immediately targets the files found in the %UserProfile% directory. This is where your downloaded files, documents, music, pictures, videos, and other personal files might be located. When the ransomware locates the files it is programmed to encrypt, it employs an AES encryption key to modify file data. Additionally, this threat adds the word “Lock.” in the beginning of every file (e.g., Lock.yourphoto.jpeg), and that makes it very easy to figure out what kind of damage this ransomware has caused. Of course, it is unlikely you will realize that the encryption has been performed until your Desktop wallpaper is replaced with wl.jpg. This file is located in the %Temp% directory, and it is possible that its name will be different. The image includes text, and, according to the message, you need to pay a ransom fee to the provided Bitcoin address to retrieve a decryptor that could decrypt your previous personal files. If you follow the demands in this Desktop message, you will contact informacaoh@gmail.com or pay a ransom of 2000 Real. At this moment, this sum converts to exactly 1 Bitcoin. Here is an excerpt.

Ola Sr(a),
TODOS os seus arquivos foram BLOQUEADOS e esse bloqueio somente serao DESBLOQUEADOS caso pague um valor em R$ 2000,00 (dois Mil reais) em Bitcoins.
Apos o pagamento desse valor, basta enviar um print para o email_ informacaoh@gmail.com

It is very easy to replace the Desktop wallpaper and remove Aviso Ransomware files. These files are stored in the %TEMP%\Sisem folder, and they are called “Sims.exe,” “Sims.exe.bat,” and “Sims.exe.lnk.” The .bat file is responsible for loading the main .exe file, and the .lnk file – which is a shortcut – does not have a real purpose. All in all, though it is very easy to get rid of this ransomware, most users will not dare to do it because of the fear of losing personal files. This fear might drive them to paying the ransom as well. Well, you should not jump to anything without thinking first. If you give up all your savings, but your files remain unlocked, you will be devastated, and, unfortunately, that is a real risk. Cyber criminals are unpredictable, but it is obvious that they do not care for your wellbeing. So, why are you so sure that they will unlock your files when you pay the ransom? Are you choosing to trust their word? Maybe that is not such a good idea? On top of that, you do not need to pay the ransom if you find a legitimate file decryptor that unlocks your files. It appears that such a tool exists, and you only need to find it.

As soon as you get your files back, you need to remove Aviso Ransomware from your operating system. As mentioned previously, this threat does not hide, and it is easy to eliminate it manually. The guide below shows how to successfully erase the ransomware one step at a time. Obviously, nothing beats an automated malware remover. You should not hesitate to install this tool if you think that other threats might be active or if you want to prevent them from attacking your operating system in the future. As mentioned at the beginning of the article, users who care about their systems and their personal data should implement security software and use file backup systems. If you have any questions about that, you can start a conversation in the comments section below.

How to delete Aviso Ransomware

1. Simultaneously tap keys Win+E to access Windows Explorer.
2. Type %TEMP% into the address bar at the top and tap Enter.
3. Right-click and Delete the folder named Sisem. This is the folder that holds malicious files.
4. Right-click and Delete the file named wl.jpg (note that the name could be different).