How to remove (uninstall) .Aesir ransomware

Aesir is the ransomware from Locky family. Actually this group developers keeps giving their “products” the names of Scandinavian gods. We’ve already seen Locky, Odin, and now it’s Aesir, which means not the one god, but the whole Scandinavian pantheon. The release of new Locky version happened, as usually, before malware fighters manage to break the code of the previous version. The changes in Locky’s structure aren’t very significant, but they’re enough to nullify all efforts of anti-hackers and malware researchers. Now they will need to begin from scratch, and we hope that now they will find the way to decrypt files before the new version will appear.

Aesir behaves almost like its predecessors: it uses AES and RSA encryption algorithms, renames the encrypted files into the sequence of 32 random characters, separated by hyphens, and the extension of such files is .aesir. The ransom note is being displayed as the wallpaper and appears in form of .html and .bmp files on the desktop. The text of ransom note is till the same, but the price had changed, and now your files will cost you 3 BTC (approximately $1950). The main targets of this ransomware are the files with .doc, .docx, .xlsx and .PDF extensions, so it searches for them first, encrypts them, and after that encrypts all other files. If you somehow managed to notice the .Aesir infection before the encryption process ended – you should unplug your PC, turn it on in safe mode, and perform the removal process that is described below.

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Antivirus scanner

Why we recommend SpyHunter antimalware as removal tool

Removes virus fully: all files and even registry keys of malware will be deleted

Protects your system in the future

24/7 free support team

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode


Video how to remove Aesir ransomware


Now, when you removed the virus from your PC, you have only one trouble – the restoration of files. We don’t want to disappoint you, but this might take a lot of time. The files, encrypted by AES or RSA encryption algorithms can’t be decrypted without master keys. There are only two ways to decrypt the files: to break the virus code or to hack the C&C website of the virus. Also the files can be restored with help of backups, but if you’re reading this part of an article, we suppose that you don’t have backups. We have the especial article that might help you, so here it is: How to decrypt files, encrypted by ransomware.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.