Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Installs itself without permissions

Adonis Ransomware

We have recently come across a ransomware-type computer infection called Adonis Ransomware that was supposedly set to encrypt your files but does not really do that. Therefore, you can remove it without hesitation because you will not have to deal with any consequences. The word Adonis is a Greek borrowing from the Canaanite language meaning “lord.” The choice of name is probably accidental but is unique, nevertheless. Its creators want you to pay a ransom to recover your files, never mind that it does not encrypt them. It looks more like a scam than a ransomware because it seems that it was designed not to encrypt files from the beginning. Hence, the developers count on you to take this infection at face value and pay the ransom without seeing whether your files have been encrypted.

The origins of this ransomware are unknown, and so are its distribution methods. Nevertheless, as far as its distribution methods are concerned, we think that its developers may use malicious emails to distribute it. They may have set up a server to spam random email addresses with fake emails that can be disguised as tax return forms, receipts, invoices, and so on from well-known companies. This ransomware’s main executable file may be attached to the email and even disguised as a document using a double extension (e.g. file.pdf.exe) not to arise suspicion. However, this is just a theory, but a likely one since most ransomware is disseminated using email spam. Now let us see what Adonis Ransomware can and cannot do.

This alleged ransomware has been written in AutoIT, a freeware automation language for Microsoft Windows. It features a scripting language with BASIC-like structure for Windows Desktop Environment. It can call functions in Win32 DLLs, add-on libraries and modules for specific applications, and so on. Therefore, using AutoIT was a no brainer for the developers of Adonis Ransomware as it offers many features. Still, that is not to say that this ransomware is the crème de la crème of ransomware-type infections.

It is claimed that this program can encrypt your documents, pictures, images, videos, and so on, but the reality is that it is incapable of doing none of that, which is great news because you would be in trouble, otherwise. If your computer were to become infected with Adonis Ransomware, then it would just drop two files on your PC named EN.html and DE.html. DE.html is in German, and EN.html is in English. Apparently, this ransomware’s developers want you to pay 0.1 BTC for a decryption key/program to get your files back. However, you should not fall into this trap because you would only be losing your hard-earned cash.

In closing, Adonis Ransomware is one fake ransomware as it seems that it has been created to trick you into thinking that it can encrypt your files while actually doing nothing to them. All it can do once it has entered your PC is drop two ransom notes and demand that you pay a ransom to, allegedly, decrypt your files. Do not fall for this trap and remove it. Please see the guide below on how to delete it manually, but note that its file name is not known and it can be dropped in a folder where all of your downloads go or in the %TEMP% folder if you open the executable before downloading it. We also suggest getting an antimalware program such as SpyHunter to protect your PC from real ransomware.

How to delete Adonis Ransomware

  1. Simultaneously Windows+E keys.
  2. Type the following file paths in the address box and press Enter.
  3. %TEMP%
  4. %USERPROFILE\Downloads
  5. %USERPROFILE\Desktop
  6. Find the randomly-named executable.
  7. Right-click it and click Delete.
Download Spyware Removal Tool to Remove* Adonis Ransomware
  • Quick & tested solution for Adonis Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.