Home / Spyware Help / Anubi Ransomware Removal Guide

Anubi Ransomware Removal Guide

by 0 Comments

Do you know what Anubi Ransomware is?

Anubi Ransomware is a new threat that can damage your files by encrypting them. Since there is little chance that these attackers will send you the decryption tool after you pay the demanded ransom fee, it is quite likely that you will have to say farewell to your files unless you have a recently saved backup on a portable hard disk or other media. The first rule of thumb when it comes to ransomware infections is that you can never trust your attackers even if you are offered free file decryption as a proof that they actually have the decryption key and can decrypt your files. Experience shows that it is more likely to get infected by such cyber criminals for a second round than to get your files recovered. Sometimes malware hunters can come up with a solution and they may release a free tool to help victims to restore their files but we cannot be certain that there will be such a tool this time. Therefore, we suggest that you remove Anubi Ransomware as soon as possible since it can launch with your operating system every time you log in. Please continue reading our article to find out more details about this dangerous malware program.

If you have been infected with this vicious program, it is quite probable that you have opened a spam e-mail recently and viewed its file attachment. This ransomware may pose as an image file (.jpg or .bmp), which is indeed the malicious executable file that initiates the attack once run. It is also possible that this malicious file is a Word document with macro. In this case, you are asked to enable macro upon opening this file but when you do so, the malicious macro code downloads the executable file behind your back. While you are trying to figure out what your relationship could be to this file and the supposed matter, this ransomware finishes encrypting your files. This also means clearly that it is not possible to delete Anubi Ransomware without serious consequences. Just because your mails are filtered by a spam filter, you cannot take all your mails for granted. You may have noticed that there can be legitimate files in your spam folder every day because of the strict rules of a spam filter. You need to be extra cautious when opening mails. In fact, you should not open any suspicious or questionable mails, let alone their attachments.Anubi Ransomware Removal GuideAnubi Ransomware screenshot
Scroll down for full removal instructions

It is also possible that you infect your computer with this ransomware without even seeing it coming. For example, you may click on a corrupt ad or link and get redirected to a malicious page that pretends to be something else of course. What you may not realize is that by the time you notice that this page is shady, it has already dropped this dangerous infection onto your computer. How is this possible? Well, such a page is armed with so-called Exploit Kits. This means that if your browser or your drivers (Java and Flash) are not up-to-date, malicious codes on the page can drop this infection the moment this page loads. No wonder why you need to keep all your programs updated if you do not want to end up having to remove Anubi Ransomware after losing your files.

Apart from targeting the usual personal files (photos, videos, audios, documents, etc.), this dangerous infection also encrypts your .exe files excluding the Windows directory, which is mostly left untouched by ransomware programs. This ransomware appends ".[anubi@cock.li].anubi" as the new extension to all files that are encrypted. It places "__READ_ME__.txt," the ransom note text file, in all the folders where files have been affected. This ransom note contains basic information about this attack and what you have to do to get your files decrypted. You are offered free decryption for up to three very small files as a proof. In order to get further details about the payment, you have to send an e-mail to "anubi@cock.li." However, contacting such criminals is never a good idea because they may send you more infections instead of the decryption tool. If you want to use your computer again, it is important that you remove Anubi Ransomware right now.

Hopefully, you have a backup of your important files so that you can copy them back onto your PC once you have finished deleting the related files. Please use our guide below as a reference if you need assistance with this vicious program. As you can see, it is quite easy to infect your computer with even such a devastating threat. If you cannot keep your system clean, it is worth installing a trustworthy malware removal application, such as SpyHunter, which can automatically take care of all known threats so you can have real peace of mind in your virtual world.

Remove Anubi Ransomware from Windows

  1. Tap Win+R and enter regedit. Press OK.
  2. Find the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe Acrobat Optimizer x86" registry entry and memorize (or copy) the malicious file location you can find in the value data.
  3. Delete this registry entry.
  4. Exit your registry editor.
  5. Tap Win+E to open File Explorer.
  6. Find the malicious executable file based on the above registry entry and bin it.
  7. If this malicious file is not the same as the one you may have downloaded, you need to find that one as well and bin it.
  8. Delete the ransom note file ("__READ_ME__.txt") from every folder this ransomware affected.
  9. Empty your Recycle Bin and reboot your PC.

In non-techie terms:

Anubi Ransomware is probably the worst thing that can happen to you right now. If this ransomware can sneak onto your system, it encrypts all your personal files, including .exe files. If you care about your files, you most probably have a backup. This is the only thing that can save you from losing all your files in this malicious attack. You are offered a way out by your attackers if you pay the demanded fee. However, you have no guarantee that they will send you the decryption tool as promised even if you can send up to 3 files to be decrypted for free. On the other hand, you would simply support cyber villains if you pay. Of course, it is all up to you since it is your files we are talking about. But we definitely recommend that you remove Anubi Ransomware right away because with every restart of your computer it can automatically encrypt your new files until you finally delete it from your system. If you see now why it is essential to protect your computer more efficiently, you may want to install a powerful anti-malware program as soon as possible.