What is Odin Ransomware
Odin Ransomware is an advanced version of Locky virus. We have already learned about .locky, .zepto and .cerber extension files that are created by their respective viruses. In this latest ransomware, it will create .odin file extension. It is very similar to locky and other similar virus where it encrypts the files using RSA-2048 algorithm. Using the same decryptor for this odin files will be of no use because they use some advance techniques to encrypt the files. This virus opens the system process like rundll32.exe and then execute some fake malicious operations to encrypt your important files in the system. Mostly it will just change your desktop background wallpaper to an image which has clear instruction to decrypt the files and steps to pay the ransom cost. Their ransom amounts can be as high as 2 to 3 Bitcoins which roughly equates to $1400 to $1800. Odin virus creates 3 different files (_HOWDO_text.html, , _HOWDO_text.html and _HOWDO_text.bmp) then it stores them along with your encrpted files and folders.Here we have given clear instructions and guides to remove the Odin virus and decrypt all the affected files with the .Odin extensions.
How Odin Ransomware infected your PC
How to remove Odin Ransomware manually
We currently don’t recommend to remove the Odin Ransomware manually, for more better solution use automatic Removal Tools.
Select the Safe Mode
To proceed with the manual removal method, you need to terminate the normal mode, and reboot the infected system in the safe mode. This can be done by restarting your computer, and when the system is in restarting process, you have to open the boot options menu with the help of F8 key, and select the safe mode option from the list of different options to boot your computer in the safe mode.
Remove the Associated Processes
The next step is, killing of the malicious processes associated with the Odin Ransomware. You can do this by accessing the windows task manager which can be opened by holding the Ctrl+Alt+Delete keys together. Once you are able to see the task manager window, you have to click on the processes tab , and delete following process from the list of running processes:-
- %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
Odin Ransomware files:
Remove the Corrupt Registry Entries
You have to delete the malicious registry entries created by this dangerous malware to complete the manual removal process. In order to clean the windows registry from these corrupt entries, you need to access the registry editor with the help of Regedit command which can be executed through the Run option available in the Start menu. Following are the entries that are required to be deleted:-
Odin Ransomware registry keys:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware\ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Odin Ransomware\DisplayName Odin Ransomware
Restart the computer in the normal mode, and see the effect of changes you have made during the manual removal process.
Disclaimer: Altering your windows registry items and other computer files should only be attempted by knowledgeable computer users. Errors in registry items may lead to some technical problems affecting other aspects of your machine. We advise you to attempt all these manual steps at your own risk, or else it is better use the Automatic removal tool below.
Download Odin Ransomware Removal Tool