Anonymous Ransomware Removal Guide

Anonymous Ransomware is one of the newest ransomware infections. It locks files in order to get money from users. Specialists are not surprised at all that this infection acts like that because it has become immediately clear for them that it is a new variant of Jigsaw Ransomware. As Anonymous Ransomware does not differ much from this infection, it also locks files it finds on the computer the first thing when it enters the system. Then, of course, it asks users to pay the ransom. Even though Anonymous Ransomware uses the AES encryption algorithm to lock users’ files, and it will not be easy to unlock them, specialists still suggest getting rid of Anonymous Ransomware immediately without paying money. There is no point in supporting cyber criminals when the free tool to decrypt files exists. Besides, you cannot be sure that you will receive the decryptor even if you transfer money cyber criminals require.

Anonymous Ransomware does not differ much from other ransomware infections because it is also targeted at users’ personal files mainly because they are known to be the most valuable. Specialists working at 411-spyware.com have carried out research and found that this ransomware infection will lock files having the following extensions:

3dm, .3g2, .3gp, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .raw, .rb, .rtf, .sdf,.ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob,.wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java

Users who do not know which files Anonymous Ransomware locks also recognize those encrypted files quickly because they a) cannot open them and b) they have the new filename extension added next to the original extension, e.g. picture.jpg.xyz and myfavoritesong.mp3.xyz. It is said that the only way to unlock those files is to pay $250 in Bitcoins. In order to convince users to do that as soon as possible, this ransomware infection deletes several files every hour. A bunch of files will be deleted also if you restart your PC and this threat manages to launch again. Therefore, you need to remove it from your computer as soon as possible. As we have told you in the first paragraph, it is not a wise decision to pay money because cyber criminals might take your money and not give anything in return. Of course, these deleted files will not be recovered too. Do not worry; there is a tool that will unlock files locked by Anonymous Ransomware for you within seconds. Before you use it, we suggest that you kill the Microsoft Defender.exe process in the Task Manager and remove Anonymous Ransomware completely.

From the technical perspective, this ransomware infection carries out several modifications too. It has been found that it adds its executable file to the Run registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run) to be able to launch again and continue acting the way it is programmed to after the system restart. Also, it creates .exe files in %LOCALAPPDATA%, %UserProfile%\Local Settings\Application Data, and %APPDATA% directories to be able to work the way it has to. Unfortunately, this means that it will be more difficult to erase it from the computer.

Before we explain to you how to delete Anonymous Ransomware from the system, we want that you know how it is distributed so that you would not encounter it ever again. According to specialists at 411-spyware.com, users allow this computer infection to enter their systems when they download an attachment from the spam email. This attachment usually looks like a harmless document (e.g. .pdf or .doc file), so people download it without fear. You should stay away from spam emails in the future because cyber criminals use this method to spread other ransomware infections as well. Our security specialists also suggest that you acquire the security tool and activate it as well if you want to be sure that your PC is safe 24/7/365.

Even though Anonymous Ransomware does not block system utilities like other similar ransomware infections, it is still not an easy task to remove it from the computer because of the changes it makes once it enters the computer. Therefore, we have prepared the manual removal guide exceptionally for our readers. Keep in mind that our instructions will help you to delete Anonymous Ransomware only, which means that you will have to erase other threats from your PC separately. You can use the SpyHunter scanner to find out whether you really have undesirable software hiding on your system. The free diagnostic version of this scanner can be easily downloaded from our website.

How to remove Anonymous Ransomware

1. Launch RUN (Win+R).
2. Enter regedit.exe and click OK.
3. Move to HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
4. Locate the Value Defender.exe and delete it.
5. Tap Ctrl+Shift+Esc simultaneously to open the Task Manager.
6. Open the Processes tab.
7. Locate the Microsoft Defender.exe process (it will have the path C:\Users\user\AppData\Roaming\MS\Defender.exe).
8. Right-click on it and click End Now.
9. Tap Win+E simultaneously after you close the Task Manager.
10. Enter %UserProfile%\Local Settings\Application Data in the URL bar if you use Windows XP and %LOCALAPPDATA% if you have the newer version of Windows OS.
11. Locate the MS app_roaming.exe file and delete it.
12. Enter %APPDATA% in the address bar and tap Enter.
13. Remove these files one after the other and then empty the recycle bin:

• MS Defender.exe
• System32Work
• Address.txt
• dr
• EncryptedFileList.txt