Avaddon Ransomware Removal Guide

Do you know what Avaddon Ransomware is?

Avaddon Ransomware is a malicious computer infection that currently cannot be decrypted. Therefore, if you get infected with this ransomware, you might have to start building your file library anew. Nevertheless, that shouldn’t stop you from battling this intruder. It is possible to remove Avaddon Ransomware from your system, and that’s exactly what you are supposed to do. Although removing this program doesn’t bring your files back, you shouldn’t allow this infection to stay. Also, if you don’t want to remove the program on your own, you can always invest in a licensed antispyware tool.

Although it doesn’t look like this program comes from any prominent ransomware infection family, it still employs the most common ransomware distribution methods. Our research team says that Avaddon Ransomware spreads through spam email attachments. The installer file for this program look likes a JPG image file, but in reality, it is a JavaScript file. So, when the targeted user opens the said file, they launch the malware installer.

It proves that you have to be really careful when you open emails from unknown parties. Although we often receive messages from online shops and so on, spam emails that distribute ransomware tend to come with an urgent message, and they usually try to push you into opening the attached file. You’ve probably heard already that ransomware installers often disguise as MS Office or PDF files, so if you get an image file, it might seem safer. However, since Avaddon Ransomware pushes its installer as a JPG file, it only proves that no format can be deemed to be safe. And if you receive an email from someone you don’t know, you should just delete the email at once.Avaddon Ransomware Removal GuideAvaddon Ransomware screenshot
Scroll down for full removal instructions

You might say that sometimes you could get important files and documents even from unknown parties. So, how are you supposed to know whether you received a good file or a malicious file? In that case, you can easily scan the received file with a security tool of your choice. If you do that before you open the file, you will definitely prevent Avaddon Ransomware from entering your system.

Aside from removing all of your spam emails at once, another way to protect your system from the damages of a ransomware infection is by maintaining a file backup. You should regularly back up your files either on a cloud drive or an external hard drive, where the infection would not be able to reach them. Although maintaining a file backup might sound like a bothersome choice, but so far, it is your best option because most of the time, ransomware infections cannot be decrypted for free.

The same applies to Avaddon Ransomware to as well. This program reaches your system and then encrypts all of your files, adding the “avdn” extension to all the affected filenames. You would already see which files were affected because the file icons would change, but if that weren’t enough, the new extension would be a dead giveaway, too.

Aside from the encryption, the program also drops a ransom note in every single directory that contains the encrypted files. Needless to say, the ransom note asks you to purchase the decryption key so that you could restore your files:

Your network has been infected by Avaddon
All your documents, photos, databases and other important files have been encrypted and you are not able to decrypt it by yourself. But don’t worry, we can help you to restore all your files!

You can get more information on our page, which is located in a Tor hidden network.

The people behind Avaddon Ransomware don’t tell you how much you are supposed to pay for the decryption tool, and you need to contact them first. However, you should never do that because there is no guarantee that they would issue the decryption key in the first place.

As you can see, you can use the manual removal instructions at the bottom of this entry to get rid of Avaddon Ransomware, but if you do not feel confident enough about manual removal, feel free to invest in a licensed security tool that will delete Avaddon Ransomware for you automatically, and you will be able to focus on file recovery.

How to Remove Avaddon Ransomware

  1. Press Win+R and type regedit. Click OK.
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree.
  3. Delete the update section under Tree.
  4. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  5. On the right side, right-click and delete the update value.
  6. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
  7. On the right side, right-click and delete the update value.
  8. Exit Registry Editor and press Win+R. Type %WinDir% and click OK.
  9. Go to System32\Tasks and delete the update folder.
  10. Press Win+R again and type %AppData%. Click OK.
  11. Go the Microsoft folder and delete the EXE file with a random 4-character name.
  12. Run a full system scan with SpyHunter.

In non-techie terms:

Avaddon Ransomware is a dangerous computer infection that will block you from opening your files. You need to remove Avaddon Ransomware from your computer as soon as possible and then look for ways to get your files back. Whatever you do, do not contact these criminals because they will only collect your money and run. If you feel at a loss, it’s better to address a local professional rather than contacting the people who infected you with Avaddon Ransomware.