Annabelle Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 703
Category: Trojans

If a window with the character from the Annabelle film has appeared on your screen out of the blue, it must be true that Annabelle Ransomware has infiltrated your computer illegally and has already made modifications on it. Make sure you do not restart your computer twice if you have encountered it because this will not remove it from the system, and, on top of that, it will modify the Master Boot Record (MBR) on your computer if you do that. Unfortunately, the majority of users restart their computers and get the MBR changed on their systems. Because of this, they see a green window with the text when they turn on their computers. It is not the only modification Annabelle Ransomware makes. Researchers at have noticed immediately that it also blocks system utilities – Task Manager and Windows Explorer. Last but not least, it adds its entry in the system registry. As a consequence, specialists consider this malicious application sophisticated and say that users could not perform its removal easily. We will help you to fix the MBR if it has been changed and then remove the ransomware infection, but we, first, recommend reading this report till the end.

Annabelle Ransomware acts as a typical ransomware-type infection. Yes, it is slightly more sophisticated if compared to some other ransomware infections, but it also encrypts files on users’ computers. Without a doubt, cyber criminals have programmed it to encrypt files right away after infiltrating computers so that they would have a chance to extract money from victims. Once pictures, documents, videos, music, and all other files are locked, it restarts the victim’s computer and then displays a window with the Annabelle character. This ransom note provides answers to frequently asked questions. For example, it explains users what the reason they can no longer access the majority of their personal files is. In addition, users find out how to decrypt files locked by Annabelle Ransomware. This threat demands 0.01 Bitcoins in exchange for the personal key that can unlock files, but we do not think that it is a very good idea to transfer money to crooks. There are no guarantees that you could unlock your files after paying a ransom. They might not give you the personal key that can unlock files even if you send the required amount of money to them. In addition, if it has already modified the MBR on your system, we are 100% sure that it will not fix it to you, so do not send money to crooks for nothing. What we recommend doing instead if you have encountered Annabelle Ransomware is deleting this threat fully right away. Unfortunately, your files will not be unlocked when you erase this threat. Free decryption software that could do this for free does not exist either, which means that victims can restore their important files for free only from a backup.

Researchers working at do not have much information about the distribution of Annabelle Ransomware because it is still not a popular threat, but there is no doubt that it appears on users’ computers without their knowledge. The most likely scenario is that users themselves allow it to enter their computers without realizing that. Specialists say that this infection might also be spread via spam emails. In most cases, ransomware infections are masqueraded as important documents, so users open them fearlessly. This is the main mistake they make. In addition, specialists say that malicious applications might be downloaded from dubious websites as well. It is not very likely that inexperienced users could prevent all kinds of malicious applications from entering their computers themselves, so our security specialists say that there must be reputable antimalware software installed on all users’ computers with the Internet connection.

We cannot promise that the Annabelle Ransomware removal will not be complicated because it is considered sophisticated malware. Luckily, it can still be erased manually. What you need to do to erase it is to fix the modified MBR first. Then, erase its entry from the system registry. If you do not consider yourself an experienced user, you should know that you could download an antimalware scanner from the web after fixing the MBR and then remove Annabelle Ransomware by performing a full system scan with it once. Unfortunately, you will not find your files unlocked after you delete this threat.

Remove Annabelle Ransomware

Fix the Master Boot Record

Windows 8/8.1/10

  1. Boot from the original DVD/USB flash drive.
  2. Select Repair your computer at the Welcome screen.
  3. Click Troubleshoot.
  4. Select Command Prompt.
  5. Type four commands one after the other and press Enter after each entered command: bootrec /FixMbr, bootrec /FixBoot, bootrec /ScanOs, and bootrec /RebuildBcd .
  6. Remove the DVD/USB flash drive.
  7. Type exit and then press Enter.
  8. Reboot your  computer.

Windows 7

  1. Insert the Windows 7 DVD.
  2. Press any key when you see Press any key to boot from CD or DVD.
  3. Select a language and a keyboard layout.
  4. Click Next.
  5. Select the operating system.
  6. Click Next.
  7. Click Command Prompt at System Recovery Options.
  8. When Command Prompt loads, type bootrec /rebuildbcd and press Enter.
  9. Type bootrec /fixmbr and press Enter.
  10. Type bootrec /fixboot and tap Enter.
  11. Remove the DVD.
  12. Restart your  computer.

Windows Vista

  1. Boot from the Windows Vista CD/DVD.
  2. Choose a language and a keyboard layout.
  3. Click Repair your computer and then choose the operating system.
  4. Click Next.
  5. At System Recovery Options, click Command Prompt.
  6. Type bootrec /FixMbr, bootrec /FixBoot, and bootrec /RebuildBcd (press Enter after each of the command entered).
  7. Wait for the MBR to be fixed and then remove the CD/DVD inserted.
  8. Type exit and press Enter.

Windows XP

  1. Insert the Windows XP CD.
  2. At Press any key to boot from CD…, press any key.
  3. When you are asked Which Windows installation would you like to log onto, type 1 and hit Enter.
  4. Enter the password at Type the Administrator password.
  5. Type fixmbr.
  6. Press Y if you see the question Are you sure you want to write a new MBR?
  7. Press Enter.
  8. Wait till the MBR is fixed and remove the CD.
  9. Type exit and press Enter.

Delete Annabelle Ransomware components

  1. Press Win+R to launch Run.
  2. Type regedit in the command line and press Enter.
  3. Move to HKLM\Software\Microsoft\Windows\Currentversion\Run.
  4. Locate the Value associated with Annabelle Ransomware (it has a random name).
  5. Right-click it and select Delete.
  6. Close Registry Editor.
  7. Find the malicious recently launched file.
  8. Delete it.
  9. Empty Recycle bin.
  10. To make sure the ransomware infection is deleted fully, perform a system scan with an antimalware scanner.
Download Remover for Annabelle Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Annabelle Ransomware Screenshots:

Annabelle Ransomware
Annabelle Ransomware
Annabelle Ransomware

Comments are closed.