What is Odin Ransomware

Odin Ransomware is an advanced version of Locky virus. We have already learned about .locky, .zepto and .cerber extension files that are created by their respective viruses. In this latest ransomware, it will create .odin file extension. It is very similar to locky and other similar virus where it encrypts the files using RSA-2048 algorithm. Using the same decryptor for this odin files will be of no use because they use some advance techniques to encrypt the files. This virus opens the system process like rundll32.exe and then execute some fake malicious operations to encrypt your important files in the system. Mostly it will just change your desktop background wallpaper to an image which has clear instruction to decrypt the files and steps to pay the ransom cost. Their ransom amounts can be as high as 2 to 3 Bitcoins which roughly equates to $1400 to $1800. Odin virus creates 3 different files (_HOWDO_text.html, , _HOWDO_text.html and _HOWDO_text.bmp) then it stores them along with your encrpted files and folders.Here we have given clear instructions and guides to remove the Odin virus and decrypt all the affected files with the .Odin extensions.

odin-ransomware

How Odin Ransomware infected your PC

This malware infects your system very much the locky and zepto virus. They typically enters your system using your email attachments like .zip, .xml, .xls, .doc, .docx, .rar. One of the file will open the JavaScript files and other will have the macros which will execute the main files to encrypt your files. Mainly all these attachments will look so real that you will just download them and open. Once you open the files, they will assign special value to your system and this will be used by them to name all your files and send your necessary decrypt keys.

files-encrypted-by-odin

How to remove Odin Ransomware manually

We currently don’t recommend to remove the  Odin Ransomware manually, for more better solution use automatic Removal Tools.

Select the Safe Mode

To proceed with the manual removal method, you need to terminate the normal mode, and reboot the infected system in the safe mode. This can be done by restarting your computer, and when the system is in restarting process, you have to open the boot options menu with the help of F8 key, and select the safe mode option from the list of different options to boot your computer in the safe mode.

Remove the Associated Processes

The next step is, killing of the malicious processes associated with the Odin Ransomware. You can do this by accessing the windows task manager which can be opened by holding the Ctrl+Alt+Delete keys together. Once you are able to see the task manager window, you have to click on the processes tab , and delete following process from the list of running processes:-

  • %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

Odin Ransomware files:

_HOWDO_text.html

_HOWDO_text.html

_HOWDO_text.bmp

Remove the Corrupt Registry Entries

You have to delete the malicious registry entries created by this dangerous malware to complete the manual removal process. In order to clean the windows registry from these corrupt entries, you need to access the registry editor with the help of Regedit command which can be executed through the Run option available in the Start menu. Following are the entries that are required to be deleted:-

Odin Ransomware registry keys:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware\ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware\DisplayName Odin Ransomware

Restart the computer in the normal mode, and see the effect of changes you have made during the manual removal process.
 
Disclaimer: Altering your windows registry items and other computer files should only be attempted by knowledgeable computer users. Errors in registry items may lead to some technical problems affecting other aspects of your machine. We advise you to attempt all these manual steps at your own risk, or else it is better use the Automatic removal tool below.

 

Download Odin Ransomware Removal Tool

download-tool

 

 

 

How to remove Odin ransomware and decrypt .Odin files
Tagged on:                         

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>