AvastVirusinfo Virus Remove and Restore .A9v9Ahu4 Files - How to, Technology and PC Security Forum | SensorsTechForum.com

AvastVirusinfo Virus Remove and Restore .A9v9Ahu4 Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Article created to help remove AvastVirusinfo ransomware and assist in attempts to restore files encrypted with an added .A9v9Ahu4 file expansion.

A virus that encrypts files using Xorist Builder genealogy and XOR encryption algorithm has been reported to cause damage to computers by rendering their files encrypted. The files can no longer be opened after the virus known as AvastVirusinfo attacks your computer and they have a file extension added to them – .A9v9Ahu4. After encryption the virus also adds a .txt file which aims notify victims with what has happened exactly to their files and extort them to pay the sum of 15 $ to get the files back. In case you have been attacked by this ransomware infection, we advise you to read this article with care.

Threat Summary

TypeRansomware Virus
Short DescriptionThis ranosmware virus encrypts the files using XOR encryption mode and asks the victims to pay ransom to get the files back.
SymptomsFiles are enciphered and become inaccessible by any type of software. A ransom note with instructions for paying the ransom shows as a .txt file in english and russian.,
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks, Malicious Executable in Torrent Trackers.
Detection Tool See If Your System Has Been Affected by AvastVirusinfo


Malware Removal Tool

User ExperienceJoin our forum to Discuss Cerber Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

AvastVirusinfo Ransomware – How Does It Infect

Ever since it was discovered back in 2015, this ransomware infection may still resort to the very same methods of infection for which it was firstly responsible. The ransomware may infect via e-mail spam messages which carry e-mail attachments that are malicious, like the example below displays:

Another method which can spread the AvastVirusinfo ransomware infection has been reported to be via infected installers of programs which slither and execute it’s malicious files on the compromised computers. It is also a scenario that malicious game cracks or program patches and activators that are published on suspicious sites or uploaded as torrents to be carrying the AvastVirusinfo infection malware in them.

AvastVirusinfo Ransomware – Further Information

After this ransomware gets you to open a malicious files, the infection is immediate and no longer avoidable. Once infection is commenced this ransomware virus creates multiple different files on the computers infected by it. The files are as follows

  • An executable, named Setup.exe.
  • Another two executables, named up_date.exe and update.exe.
  • A randomly named executable.
  • A randomly named .tmp.exe file.
  • A plugin.dll file.
  • A randomly named .dll type of file.

In addition to those files the virus also drops two .txt files, named HOW TO DECRYPT FILES.txt and it’s Russian analogue, named КАК РАСШИФРОВАТЪ ФАЙЛЪI.txt.

The files are usually located in the administrative Windows user directories:

  • %AppData%
  • %Local%
  • %Temp%

Then, this ransomware may delete any shadow volume copies on the compromised computers. This is usually achievable by using the vssadmin command in a /quiet mode.

→vssadmin.exe delete shadows /all /Quiet

The Encryption Process of AvastVirusinfo Ransomware

Regarding encryption, this ransomware uses a relatively simple encryption algorithm in comparison to the other ones – XOR. What is very particular about this infection is that regarding the encryption, it attacks a very wide variety of file types. The file extensions it is pre-configured to encrypted are over 1000:

Types of files encrypted by AvastVirusinfo

After encryption, the files become no longer openable and have an added file extension to them, named – .A9v9Ahu4. They may appear without file icon, similar to the following:

After this has happened, the ransomware infection may drop it’s ransom note to notify the victims of this virus that they must make a ransom payoff in order to restore access to the encrypted files. The ransom note is called HOW TO DECRYPT FILES.txt and has the following content:

→ “What happened to your files?
All of your files were protected by a strong encryption.
There is no way to decrypt your files without the key.
If your files not important for you just reinstall your system.
If your files is important just email us to discuss the price and how to decrypt your files.
You can email us to avastvirusinfo@yandex.com”

There is also a Russian version of the ransom note with the same message.

Remove AvastVirusinfo Ransomware and Decrypt XOR Encrypted Files

Before beginning any removal process, it is recommended that you not pay any ransom and you backup the encrypted files by creating multiple copies of them on removable drives.

For the removal of this ransomware, just like with any other, some steps must be followed. To simplify the situation for you we have created the removal manual below and we recommend that you follow it. In case you are having difficulties or lack the experience in removing this ransomware virus, experts often advise using an advanced anti-malware program. Such will surely take care of the automatic removal of this ransomware infection and future protection of your computer as well.

In case you want to restore your files, there are several alternative tools that may help you out. We have mentioned these methods with links in step “2. Restore files encrypted by AvastVirusinfo” below. Be advised that these methods are not 100% effective but fortunately they may restore at least some of your files.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.