How to remove ABC virus and restore encrypted files

The entry is dedicated to ransomware called ABC that gets into users' laptops in different countries of the world, and cyphers their data. In this item we've assembled full information about what is ABC, and the deletion of ABC from the system. Except that, we'll teach you how to restore the cyphered information and is it possible.

ABC ransomware virus

ABC ransomware already penetrated thousands of machines in many countries through easiest way: false e-mails with viral attachments. Occasionally scammers use zero-day vulnerabilities to penetrate the PC, but well-known software companies promptly fix them. When infection is done, ABC inspects the computer memory to find the files for encryption and their rough price. At the moment, each modern ransomware is able to cypher video, text, audio and image information in all known formats. ABC encrypts all files, but the ones that might be business documents go first. All programs on computer will be untouched since criminals are interested only in information. The process is executed via famous AES and RSA algorithms, and its complexity is so above the average level that decipherment of data without a key is impossible. This is the root for unbelievable efficiency of this kind of viruses in last years: an ordinary PC operator, even having a pretty good experience in suchlike things, will never decrypt the files, and will have no way out except paying to scammers. The sole method to recover files is to hack the scammer's website and withdraw the master key. Some experienced hackers can retrieve the keys through faults in the code of the virus itself. The corrupted files acquire .ABC extension, and asks for 500-1000$ for data restoration. Virus adds READ_IT.html file to each folder.

The computer knowledge is very important in our century, as it assists user to defend the system from unwanted programs. For encrypting software it's very relevant, as, in contradistinction to common unwanted programs, after eliminating ransomware from the system, the fruits of its doings won't vanish anywhere. To guard your files, you need to keep in mind these three simple regulations:

    • Carefully inspect your emails, specifically those messages that have files attached to them. The #1 template of fraud messages is the story about prize gaining or parcel earning. You also should keep an eye on business-related messages, especially if you don't know the sender and not sure about its content. lawsuits, reports, summaries, Bills for services or goods and similar important files don't come without warning, and you, as a minimum, should know the person who sent it. In most of the cases it is a scam.
    • Keep an eye on the status of your computer. File encrypting is a sophisticated act that consumes a considerable amount of system resources. In few seconds of infection, the CPU speed decreases, and the encrypting process appears in Process Manager. You may anticipate this event and switch off the computer before data will be completely spoiled. Of course, some information will be encrypted, but the rest of them will be safe.
    • Do not admit any changes to the computer, coming from weird programs. One of the most efficient ways of file recovery is the recovery via Shadow Copies, so fraudsters have added the deletion of SC into the default features of viruses. However deletion of copies requires administrator rights and acceptance from the user. If you'll stop for a moment before confirming the dialogue box, it might save your data and your efforts.

Malware elimination isn't solution of the whole issue - it's only a first turn from many before the full data recovery. If you delete ABC, you won't restore the files instantly, it will take more measures written down in the "How to restore encrypted files" section. In case of encrypting virus we don't publish the manual deletion instruction, because its complexity and the likeliness of failing appears to be extremely high for average user. We don't advise trying to remove the virus in manual mode, since it has many protection mechanisms which can counteract you. Qualitative encrypting viruses are able to completely remove encrypted information, or some of it, if user tries to delete the virus. To avoid this, abide to the tips under this paragraph.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Antivirus scanner

Why we recommend SpyHunter antimalware as removal tool

Removes virus fully: all files and even registry keys of malware will be deleted

Protects your system in the future

24/7 free support team

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

After removing the ransomware from the machine, you should recover the polluted information. In fact, this is not about decryption, as the encryption algorithms owned by fraudsters are extremely complicated. More often than not, to recover the information, you should seek help on anti-malware forums or from celebrated malware fighters and antiviral program vendors. If you picked the independent data recovery - read our entry, which shows all the very effective methods.

To restore information, follow the article about files decryption.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.