AdamLocker Ransomware Removal Guide

If your Windows operating system is not protected reliably, the malicious AdamLocker Ransomware might attack it without you even realizing. Although some threats are very obvious, most of them are clandestine, and they are distributed using tactics that allow unnoticed entrance. In the case of the ransomware, we have found that its executable is concealed as some kind of a file attached to a misleading spam email. For example, this executable could be introduced to you as a PDF sent by a known airline company. This deception helps the malicious ransomware to slither in unnoticed, and that allows it to perform in a malicious manner without any disturbance. Obviously, if you realize that the file you downloaded was bogus, you might remove it right away, but the ransomware creates a copy, which might help it evade elimination. Of course, there is a way to delete AdamLocker Ransomware, and we discuss that in this report.

As you already know, AdamLocker Ransomware manages to copy itself to a different location, and, according to our analysis, the file should be found in the %ALLUSERSPROFILE% folder. In our case, the copy was named “run.exe” – which is a very inconspicuous name – but you might face the same file with a different name. This is not the only component that you will need to erase to remove AdamLocker Ransomware from your operating system. It was found that this ransomware also creates registry keys named “.adam” and “adam”, and they are located in the HKEY_CLASSES_ROOT and HKEY_LOCAL_MACHINE paths in the Windows Registry. You will need to delete these keys as well; otherwise, the malicious .exe file will be executed every time you try to open the personal files that this ransomware has encrypted. If you do not know which files were encrypted, look for the “.adam” extension attached to them. Note that if you erase the extension, the file will remain corrupted, so do not waste your time. Another thing we should mention regarding the encrypted files is that the threat encrypts files found under %USERPROFILE%.

After AdamLocker Ransomware is done with your files, it displays a window with instructions that you allegedly need to follow to get your files decrypted. The main elements of the interface are the “Open” button and the “Decrypt” dialog box. You are urged to click the button to retrieve the decryption key, and, surprisingly, this works. Of course, at first, you are routed to a page representing adf.ly advertisements. After about 5 seconds, you can proceed to another site, where the decryption key is found. It is possible that the creators of the ransomware are paid for promoting the ads, but this would be a very elaborate attack just to show you a few ads, which, of course, you should not interact with under any circumstances. Overall, it is more likely that this is just the first version of the ransomware that its creators are testing. In the worst case scenario, the malicious AdamLocker Ransomware will be upgraded to encrypt your files and demand for a ransom in return of a decryptor. Right now, your files should be freed as soon as you type in the decryption key provided by the ransomware itself. That’s a first.

What is your experience with the removal of malware? Do you know how to identify malicious files or how to edit the Windows Registry? If these tasks are very foreign to you, we do not recommend following the guide below. If you believe you can handle it, go ahead and get the nasty AdamLocker Ransomware removed as soon as possible. The solution we recommend to the inexperienced users, as well as those who want to save time and enable full-time protection, is to employ anti-malware software. Legitimate and up-to-date software can ensure that all threats are eliminated and that your PC is safe to use once again. If you have any concerns or questions regarding the removal process, you can start a conversation in the comments section below. We would also love to know more about your experiences.

How to delete AdamLocker Ransomware

1. Launch RUN (tap Win+R keys), enter regedit.exe, and click OK.
2. In the Registry Editor menu on the left move to HKCR.
3. Right-click and Delete the key called .adam.
4. Right-click and Delete the key called adam.
5. Navigate to HKLM\SOFTWARE\Classes\.
6. Repeat steps 3-4 to erase the unwanted keys.
7. Navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
8. Right-click and Delete the value called DisableTaskMgr to restore Task Manager.
9. Exit the editor and now find the malicious .exe file (use a scanner if you cannot find it yourself).
10. Right-click and Delete the malicious file.
11. Open Explorer and enter %ALLUSERPROFILE% into the box at the top.
12. Right-click and Delete the copy of the malicious .exe file (e.g., run.exe).