Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


AvastVirusinfo Virus Remove and Restore .A9v9Ahu4 Files

Article created to help remove AvastVirusinfo ransomware and assist in attempts to restore files encrypted with an added .A9v9Ahu4 file expansion.

A virus that encrypts files using Xorist Builder genealogy and XOR encryption algorithm has been reported to cause damage to computers by rendering their files encrypted. The files can no longer be opened after the virus known as AvastVirusinfo attacks your computer and they have a file extension added to them – .A9v9Ahu4. After encryption the virus also adds a .txt file which aims notify victims with what has happened exactly to their files and extort them to pay the sum of 15 $ to get the files back. In case you have been attacked by this ransomware infection, we advise you to read this article with care.

Threat Summary

NameAvastVirusinfo
TypeRansomware Virus
Short DescriptionThis ranosmware virus encrypts the files using XOR encryption mode and asks the victims to pay ransom to get the files back.
SymptomsFiles are enciphered and become inaccessible by any type of software. A ransom note with instructions for paying the ransom shows as a .txt file in english and russian.,
Distribution MethodSpam Emails, Email Attachments, File Sharing Networks, Malicious Executable in Torrent Trackers.
Detection Tool See If Your System Has Been Affected by AvastVirusinfo

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Cerber Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

AvastVirusinfo Ransomware – How Does It Infect

Ever since it was discovered back in 2015, this ransomware infection may still resort to the very same methods of infection for which it was firstly responsible. The ransomware may infect via e-mail spam messages which carry e-mail attachments that are malicious, like the example below displays:

Another method which can spread the AvastVirusinfo ransomware infection has been reported to be via infected installers of programs which slither and execute it’s malicious files on the compromised computers. It is also a scenario that malicious game cracks or program patches and activators that are published on suspicious sites or uploaded as torrents to be carrying the AvastVirusinfo infection malware in them.

AvastVirusinfo Ransomware – Further Information

After this ransomware gets you to open a malicious files, the infection is immediate and no longer avoidable. Once infection is commenced this ransomware virus creates multiple different files on the computers infected by it. The files are as follows

  • An executable, named Setup.exe.
  • Another two executables, named up_date.exe and update.exe.
  • A randomly named executable.
  • A randomly named .tmp.exe file.
  • A plugin.dll file.
  • A randomly named .dll type of file.

In addition to those files the virus also drops two .txt files, named HOW TO DECRYPT FILES.txt and it’s Russian analogue, named КАК РАСШИФРОВАТЪ ФАЙЛЪI.txt.

The files are usually located in the administrative Windows user directories:

  • %AppData%
  • %Local%
  • %Temp%

Then, this ransomware may delete any shadow volume copies on the compromised computers. This is usually achievable by using the vssadmin command in a /quiet mode.

→vssadmin.exe delete shadows /all /Quiet

The Encryption Process of AvastVirusinfo Ransomware

Regarding encryption, this ransomware uses a relatively simple encryption algorithm in comparison to the other ones – XOR. What is very particular about this infection is that regarding the encryption, it attacks a very wide variety of file types. The file extensions it is pre-configured to encrypted are over 1000:

Types of files encrypted by AvastVirusinfo

After encryption, the files become no longer openable and have an added file extension to them, named – .A9v9Ahu4. They may appear without file icon, similar to the following:

After this has happened, the ransomware infection may drop it’s ransom note to notify the victims of this virus that they must make a ransom payoff in order to restore access to the encrypted files. The ransom note is called HOW TO DECRYPT FILES.txt and has the following content:

→ “What happened to your files?
All of your files were protected by a strong encryption.
There is no way to decrypt your files without the key.
If your files not important for you just reinstall your system.
If your files is important just email us to discuss the price and how to decrypt your files.
You can email us to [email protected]

There is also a Russian version of the ransom note with the same message.

Remove AvastVirusinfo Ransomware and Decrypt XOR Encrypted Files

Before beginning any removal process, it is recommended that you not pay any ransom and you backup the encrypted files by creating multiple copies of them on removable drives.

For the removal of this ransomware, just like with any other, some steps must be followed. To simplify the situation for you we have created the removal manual below and we recommend that you follow it. In case you are having difficulties or lack the experience in removing this ransomware virus, experts often advise using an advanced anti-malware program. Such will surely take care of the automatic removal of this ransomware infection and future protection of your computer as well.

In case you want to restore your files, there are several alternative tools that may help you out. We have mentioned these methods with links in step “2. Restore files encrypted by AvastVirusinfo” below. Be advised that these methods are not 100% effective but fortunately they may restore at least some of your files.

Manually delete AvastVirusinfo from your computer

Note! Substantial notification about the AvastVirusinfo threat: Manual removal of AvastVirusinfo requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove AvastVirusinfo files and objects
2.Find malicious files created by AvastVirusinfo on your PC

Automatically remove AvastVirusinfo by downloading an advanced anti-malware program

1. Remove AvastVirusinfo with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by AvastVirusinfo
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.