Remove ODIN Ransomware

The ODIN Ransomware is a published version of the infamous Locky Ransomware, the files by using the heat and encrypted RSA encryption algorithm. It is extremely important to remove this infection, because once you encoded your files, you will not be able, to access them, and they are possibly irretrievably ruined, because there is only a low probability that you will be able to decrypt them. The developers of these Ransomware offer however, to buy a decryption key to decrypt your files, which it however gives no guarantee that it will work.

Before we go further on how of this Ransomware, it is important to know how she will be distributed to prevent that she infected your PC or the computer of someone you know. The dissemination campaign is fairly straightforward, and although we have found that the ODIN Ransomware is currently disseminated via malicious emails. Your developer has set up a server that sends the E-Mail spam to random email addresses. Previously spread the Locky Ransomware in emails, which contained an attached Microsoft Word document with malicious macros. If you have not enabled macros, then it the document pointed out that you must enable you to see the text. If you did this, the macros downloaded the executable file of this Ransomware and led them out.

However, the ODIN Ransomware is distributed in a completely different way. Although the developer sent still malicious emails, they no longer contain a malicious Word document. Instead, the developer has decided to include a malicious JavaScript file in the mail. If you open the archive and run the attached JavaScript file, you download an encrypted DLL Installer and decrypts it. Then it executes automatically by using the Rundll32.exe (a legitimate file). We have found that the command that is used to start the DLL “{rundll32.exe %Temp%\{Name of the DLL}, qwerty” is.

Once it is running, this file will scan your computer for belangvollen files, such as for example xml, .txt, .csv, .uot, .rtf, .pdf, .mkv, .mov, .avi and. asf. Our investigation has revealed that these Ransomware uses the AES-128 and RSA-248-encryption system to encrypt the files, i.e. their decryption is difficult or even impossible. But that doesn’t mean that it will encrypt all files in every single directory on your computer. Tests have shown that it is designed, the folder tmp, WINS, application data, AppData, programs (x 86), programs, temp, thumbs.db, $Recycle.Bin, system volume information, to allow boats and Windows. She’s programmed encryption extension. ODIN the files to append. We have also found that it is also programmed to the shadow copies of files by using the command “vssadmin.exe delete shadows / all / quiet” to delete. Once the encryption is complete, the ODIN Ransomware loads a text file named {random number} _HOWDO_text.html on the desktop, which provides information about how to pay the ransom, as well as your personal identifier. It loads an image file named _HOWDO_text.bmp, which is exactly same information available. Also, this Ransomware is set up so that it created multiple registry strings that are listed in the following removal instructions.

The developers of this Ransomware want you to pay a hefty ransom to get your files back. The ransom demand requires you to download the Tor browser and then using that browser to the specified URL. This site contains instructions on how to pay the ransom by using the Kryptowährung bit coin. At the time of our examination, the ODIN Ransomware demanded that you pay 268,62 EUR, which is a significant, if not monstrous also, amount of money. However, you should renounce to pay him, because you very probably not be receive the promised key.

Finally, it is mentioning that the ODIN Ransomware is a very harmful infection that encrypt your most important files and requires that you purchase a key to decrypt it. Unfortunately, there is currently no decryption key, but you can wait until maybe one day one will be created. However, you must remove these Ransomware from your PC to continue using it. You can manually delete them or do this SpyHunter for you. You can also use this program to discover the files, and this can be useful, because this Ransomware file can have a random name. Keep in mind that you must first delete the executable file, and only then can go ahead with the removal of the registry key, because, if you do this in reverse order, this Ransomware is to encrypt a second time the files.

Removal instructions

  1. Press and hold the buttons Windows + E at the same time.
  2. In the file Explorer’s address bar, type % temp %.
  3. Find the executable file named svchost.exe (could be differently named).
  4. Right click On it and then click delete.
  5. Then enter %Temp%\MicroImageDir.
  6. Find _HOWDO_text.bmp and delete it.
  7. You then go to the desktop and delete {random number} _HOWDO_text.html.
  8. Empty the Recycle Bin.

Delete the registry keys

  1. Press and hold the buttons Windows + R at the same time.
  2. Go to the registry editor to HKCU\Software.
  3. Find and delete you the will registry keys:
  4. Then go to HKCU\Control Panel\Desktop.
  5. Find wallpaper, right click on it and then click change.
  6. Delete You C:\Benutzer\{Benutzername}\Desktop and then click OK.

Warning, multiple anti-virus scanners have detected possible malware in ODIN Ransomware.

Anti-Virus SoftwareVersionDetection
NANO AntiVirus0.26.0.55366Trojan.Win32.Searcher.bpjlwd
Kingsoft AntiVirus2013.4.9.267Win32.Troj.Generic.a.(kcloud)
VIPRE Antivirus22702Wajam (fs)
VIPRE Antivirus22224MalSign.Generic

ODIN Ransomware Behavior

  • Redirect your browser to infected pages.
  • Installs itself without permissions
  • Changes user's homepage
  • Common ODIN Ransomware behavior and some other text emplaining som info related to behavior
  • Integrates into the web browser via the ODIN Ransomware browser extension
  • Distributes itself through pay-per-install or is bundled with third-party software.
  • Steals or uses your Confidential Data
  • Slows internet connection
Download Removal Toolto remove ODIN Ransomware

ODIN Ransomware effected Windows OS versions

  • Windows 1030% 
  • Windows 839% 
  • Windows 727% 
  • Windows Vista4% 
  • Windows XP0% 

ODIN Ransomware Geography

Eliminate ODIN Ransomware from Windows

Delete ODIN Ransomware from Windows XP:

  1. Click on Start to open the menu.
  2. Select Control Panel and go to Add or Remove Programs. win-xp-control-panel ODIN Ransomware
  3. Choose and remove the unwanted program.

Remove ODIN Ransomware from your Windows 7 and Vista:

  1. Open Start menu and select Control Panel. win7-control-panel ODIN Ransomware
  2. Move to Uninstall a program
  3. Right-click on the unwanted app and pick Uninstall.

Erase ODIN Ransomware from Windows 8 and 8.1:

  1. Right-click on the lower-left corner and select Control Panel. win8-control-panel-search ODIN Ransomware
  2. Choose Uninstall a program and right-click on the unwanted app.
  3. Click Uninstall .

Delete ODIN Ransomware from Your Browsers

ODIN Ransomware Removal from Internet Explorer

  • Click on the Gear icon and select Internet Options.
  • Go to Advanced tab and click Reset.reset-ie ODIN Ransomware
  • Check Delete personal settings and click Reset again.
  • Click Close and select OK.
  • Go back to the Gear icon, pick Manage add-onsToolbars and Extensions, and delete unwanted extensions. ie-addons ODIN Ransomware
  • Go to Search Providers and choose a new default search engine

Erase ODIN Ransomware from Mozilla Firefox

  • Enter „about:addons“ into the URL field. firefox-extensions ODIN Ransomware
  • Go to Extensions and delete suspicious browser extensions
  • Click on the menu, click the question mark and open Firefox Help. Click on the Refresh Firefox button and select Refresh Firefox to confirm. firefox_reset ODIN Ransomware

Terminate ODIN Ransomware from Chrome

  • Type in „chrome://extensions“ into the URL field and tap Enter. extensions-chrome ODIN Ransomware
  • Terminate unreliable browser extensions
  • Restart Google Chrome. chrome-advanced ODIN Ransomware
  • Open Chrome menu, click SettingsShow advanced settings, select Reset browser settings, and click Reset (optional).
Download Removal Toolto remove ODIN Ransomware