1 of 2
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

ABANTES Ransomware

ABANTES Ransomware is one annoying threat, and our research team can testify that. Once it slithers in, it not only encrypts files but also messes with the entire operating system. This threat was created using the Hidden Tear code, which has been used by quite a few well-known file encryptors. A few examples are BlackWorm Ransomware and BSS Ransomware. Although these threats might have been created by different malicious parties, they are all malicious, and we suggest deleting them for the same reasons. Of course, in this report, we focus on the removal of ABANTES Ransomware. The name of this infection derives from the “.Abantes” extension that is attached to the files that the infection corrupts. Unfortunately, once files are encrypted, decrypting them might be impossible. In fact, after the attack, it is unlikely that you will be able to run your operating system normally at all. If you want to learn more about the infection, please continue reading. If you want to continue the discussion afterward, use the comments section to share your observations or ask questions.

There is no doubt that ABANTES Ransomware is one of the most destructive and annoying threats our research team has faced in some time. It does not even look like that attackers want anything from the victim. Normally, files are encrypted so that attackers would have leverage when demanding a ransom to be paid in return for a decryptor. In this situation, ABANTES Ransomware instructs the victim not to do anything. The “Rules” window that pops up informs that killing malicious processes, deleting malicious files, editing entries in MSCONFIG, opening CMD or Task Manager, or scanning the operating system using legitimate security software would result in the death of the entire computer. The truth is that if you do nothing, the infection will eventually overwrite MBR. There’s no coming back after that. To ensure that you cannot stop the infection or delete it before its time, it disables the Task Manager and deletes registries in Windows Registry. It also can delete shadow volume copies to ensure that a system restore point cannot be used to revive the system and the corrupted files.

It is because of infections like ABANTES Ransomware that we always remind people to backup their personal files. If files are backed up, you will not lose them unless something goes wrong with your external drives or your cloud storage is hacked. Of course, in a situation like the one we are having with ABANTES Ransomware, if the files stored on your computer are encrypted, you still have backups outside the computer. Hopefully, that is exactly the case in your situation too, and once you remove the malicious file-encryptor/system-destroyer, you can reinstall Windows and then transfer personal files back onto the computer for easy access. Now, if your files are not backed up, you are in an invidious situation. Take this as a lesson that your personal files are vulnerable and can be gone in just a few seconds. If you need help figuring out the protection of your personal data after you are done with the removal of the infection, do not forget to post your comment in the dedicated section below.

Most likely, you need to reinstall Windows if ABANTES Ransomware got in. You can do that using your Windows CD/DVD. In case the MBR was not overwritten, you can find a removal guide that should help you delete ABANTES Ransomware components below. Of course, because it takes time and some knowledge of the Windows operating system to successfully follow the instructions, we recommend using a reliable anti-malware program instead. It will take no time to find and automatically remove malicious components. It will also help you protect your operating system against malware invasions in the future. You have to do your part too. Stay away from unreliable downloaders and file-sharing sites. Do not open random links and files that might be sent to you via email or instant messaging. It is also crucial that you always install incoming updates because they might include important security patches that, if unpatched, would allow cyber attackers to drop and execute malware. Overall, as long as you stay cautious, you should escape dangerous Windows infections.

ABANTES Ransomware Removal

N.B. These instructions will only help if MBR is not yet overwritten.

  1. Delete recently downloaded files to eliminate the launcher.
  2. Tap Win+R keys to access Run and enter regedit into the Open box.
  3. In Registry Editor, move to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  4. Right-click the value named DisableTaskMgr and select Delete.
  5. Move to HKLM\Software\.
  6. Right-click the key named Abantes and select Delete.
  7. Exit Registry Editor and then launch Explorer by tapping Win+E keys.
  8. Enter C:\Windows into the box at the top to access the directory.
  9. Right-click and Delete the folder named Defender. It should contain these malicious files: Action.bat, authui.dll.mui, cursor.cur, data.bin, explorer.exe.mui, icon.ico, IFEO.exe, logonOverwrite.bat, LogonUi.exe, LogonUIStart.exe, Payloads.dll, and Rules.exe.
  10. Empty Recycle Bin and then quickly implement a reliable malware scanner to run a full system scan.
Download Spyware Removal Tool to Remove* ABANTES Ransomware
  • Quick & tested solution for ABANTES Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.