Avaddon Ransomware Removal Guide

Threat Level:
Rate this Article:
Comments (0)
Article Views: 994
Category: Trojans

If you care about your personal files, you do not want Avaddon Ransomware to touch them. This threat is a file-encryptor, and if it finds its way into your operating system, it can make your files unreadable. It does that by changing the data within your files, in such a way that only a special decryptor would be able to provide access. Unfortunately, if a decryptor exists, it is in the hands of the attackers behind this malware. They call it “Avaddon General Decryptor.” Although the attackers claim that you can obtain the decryptor if you follow their instructions, you need to understand that trusting cybercriminals is a terrible idea. You are unlikely to get your files restored, and if you take risks, you can lose a lot of money in the process. Of course, deleting Avaddon Ransomware is not an all-fixing solution either. Yes, you need to remove this malware, but do not expect that your files will be magically restored after doing it.

If you have not faced Avaddon Ransomware yet, we want to warn you about spam emails specifically. While ransomware – which include WCH Ransomware, SIGARETA Ransomware, and many other threats alike – can employ various security backdoors to slithers into operating systems, our researchers warn that Avaddon is likely to focus on spam emails specifically. For example, you might receive an email from an unknown sender that asks if the attached image is of you. In fact, if cybercriminals are able to hijack real email accounts during a different campaign, they could send suspicious emails from the accounts of your friends and colleagues too. The attached file is likely to be a JavaScript file, and so you need to watch out for anything with the “.js” extension. Note that a different extension could be added to distract and confuse you. If you are tricked into executing Avaddon Ransomware, this malware can encrypt your personal files without you even realizing it. However, once all of that is done, you should find that your files cannot be read and that the “.avdn” extension is appended to them.

Next to the corrupted files, Avaddon Ransomware should drop the “{unique ID}-readme.htm” file. If you open it, you are instructed to download the anonymous Tor Browser and go to avaddonbotrxmuyl.onion. If you do it, you are instructed to pay $700 to 3M9MkWQTLep4zhYef1YKTV8QPRNZnUfypi in return for the Avaddon General Decryptor. Clearly, the cybercriminals have thought it all out, and you too might be tricked into believing that once you pay the ransom, a working decryptor will fall into your hands. On rare occasions, free decryptors are built by malware researchers and cybersecurity experts. Unfortunately, that has not happened yet for this malware, which means that there is no way to restore the corrupted files. This is what makes victims of Avaddon Ransomware take chances and risks. We hope that you do not need to waste your savings and that you can replace all corrupted files using backups. What are backups? A backup is a copy of file that is stored in a vault. That vault can be a physical hard drive that you remove when not in use, or it could be a virtual cloud that you can access using internet. As long as backups exist somewhere where the ransomware cannot reach them, you have replacements. If you do, make sure that you delete the infection before you replace files.

Can you remove Avaddon Ransomware yourself? Perhaps the more important question is whether you should do it yourself at all. The guide below was created to assist with manual removal, but this is not the time to be shortsighted. Yes, you might get rid of the ransomware, but can you secure your operating system and personal files against new file-encryptors or other kinds of threats? This is extremely important, and that is why we strongly recommend implementing legitimate anti-malware software without hesitation. Install it, and it will simultaneously delete Avaddon Ransomware and secure your system. Of course, when it comes to personal files, it is never a bad idea to double down on security, and so creating backups that are detached from your own computer is a good idea. If you have any questions about the ransomware, its removal, Windows protection, or backups, add them to the comments section.

How to delete Avaddon Ransomware

  1. Launch Registry Editor (tap Win+R to access Run and then enter regedit into the dialog box).
  2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  3. Find the update value, check the name of the linked .exe file in value data, and then Delete the value.
  4. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run .
  5. Find the update value, check the name of the linked .exe file in value data, and then Delete the value.
  6. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\.
  7. Find and Delete the key called update.
  8. Launch File Explorer (tap Win+E keys).
  9. Type %APPDATA%\Microsoft\ into the quick access bar and tap Enter.
  10. Delete the .exe file, whose name was revealed in steps 3 and 5.
  11. Type %WINDIR%\System32\Tasks\ into the quick access bar and tap Enter.
  12. Delete the task called update.
  13. Empty Recycle Bin and then immediately install a trusted malware scanner.
  14. Run a complete system scan to check for leftovers.
Download Remover for Avaddon Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Avaddon Ransomware Screenshots:

Avaddon Ransomware
Avaddon Ransomware
Avaddon Ransomware


Your email address will not be published.


Enter the numbers in the box to the right *