What is AdamLocker Ransomware?
If your computer is unprotected from malicious software, then it might become infected with AdamLocker Ransomware, a program designed to encrypt your files, but it does not ask for money. Moreover, it gives you the decryption key for free. Still, you should remove it because allowing it to remain on your PC is a security risk. In this short article, we will discuss this program’s functionality, distribution, and removal, so if you have on your PC, we kindly invite you to continue reading.
What does AdamLocker Ransomware do?
As a ransomware-type program, AdamLocker Ransomware was designed to encrypt your files. However, it differs from most other ransomware hat encrypts files because it features a mechanism that can give you the decryption key for free. Therefore, our malware analysts suggest that it is a test version. Still, it is a rather dangerous application that you have to deal with carefully, make sure that you do not delete it before you get the decryption key from it.
It uses an advanced encryption algorithm to encrypt all of your files located in %USERPROFILE% and its subfolders. Hence, it is set to target your personal files specifically because they would compel you to pay a ransom if this ransomware was to ask for it. The encryption process takes several minutes, and once it is complete, this ransomware will present you with its Graphical User Interface (GUI), a dialog window with a skull on a black background. If you click the Open button, it will open your browser and load an adf.ly link. After the 5-second timer runs out, you can click Continue and see the decryption key. Copy the key and Paste it in the line at the bottom of the GUI window. Your files should be decrypted.
It is worth mentioning that this ransomware will disable Task Manager by creating a registry string named DisableTaskMgr at HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System. The value data of DisableTaskMgr is “0x00000001 (1), ” and you have to their change it to “0x00000001 (0)” or delete the registry subkey “System.” Furthermore, AdamLocker Ransomware injects several other registry keys for its “.adam” file extension. These keys include HKLM\SOFTWARE\Classes\adam, HKLM\SOFTWARE\Classes\.adam, HKCR\adam, and HKCR\.adam.
Where does AdamLocker Ransomware come from?
Our malware analysts have found that AdamLocker Ransomware might be distributed through malicious emails that should be sent from a dedicated server. The emails should most likely feature some sort of malicious file and might not look like an executable. Nevertheless, once launched, the malicious attachment would initiate the download of this ransomware. Research has shown that the executable is named “run.exe” and dropped in %ALLUSERSPROFILE%. And, that is the place where you should look for this ransomware first. In full disclosure, we do not know if it has any other distribution channels and distribution via email campaign can be replaced with something else.
How do I remove AdamLocker Ransomware?
To summarize, AdamLocker Ransomware is a highly malicious application that can encrypt your files. Thankfully, however, it also provides you with a free decryption key. So you only have to enter it into its GUI, and all of your files will be decrypted. After you do that, you have to delete this infection before it does anything else. You can use SpyHunter, an antimalware program or our guide featured below to remove this malware.
Removal Guide
- Hold down Win+R keys.
- Type regedit in the box and click OK.
- Go to and delete the following keys.
- HKCR\.adam
- HKCR\adam
- HKLM\SOFTWARE\Classes\.adam
- HKLM\SOFTWARE\Classes\adam
- Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
- Find DisableTaskMgr, right-click it.
- Click Modify and replace the value data to 0x00000000 (0)
- Close the Registry Editor.
- Hold down Win+E keys.
- In the File Explorer’s address box, type %ALLUSERPROFILE% and hit Enter.
- Find run.exe, right-click it and click Delete.
- Empty the Recycle Bin.
tested removal of AdamLocker Ransomware*
0 Comments.