What is a Adame file? A file with the .Adame extension is a file that has been locked by Adame ransomware that belongs to Phobos ransomware family. It uses strong encryption in order to block all files on the victim’s computer. It’s not possible to open the files by simply changing the file extension.
‘.Adame file extension’ ransomware
Adame file virus is a new ransomware. What is ransomware? Ransomware is a type of malicious software which blocks access to files, by encrypting them, until the victim pays a ransom to the cyber criminals. In many cases, the ransom demand comes with a deadline. If the user does not make a payment within this time frame, the amount will be higher or the locked documents, photos and music are gone forever. Adame can encrypt almost all types of files, including common as:
.x3d, .raf, .xxx, .wcf, .srw, .wn, .das, .zi, .js, .wpd, .pfx, .xbplate, .3ds, .sql, .der, .blob, .wsc, .icxs, .wpa, .pptm, .wpg, .iwd, .wbc, .cr2, .fpk, .itdb, wallet, .ppt, .mpqge, .p12, .dmp, .cdr, .wpw, .d3dbsp, .xlk, .zw, .ysp, .ptx, .arch00, .syncdb, .erf, .mov, .xyp, .vcf, .desc, .rwl, .wdp, .png, .css, .mdb, .cer, .odm, .psd, .csv, .wma, .xx, .wbmp, .xmind, .flv, .lrf, .py, .wdb, .pkpass, .kdc, .t12, .mrwref, .xll, .yal, .big, .mdf, .sidn, .dwg, .db0, .docx, .bar, .odb, .rim, .wbz, .slm, .vtf, .lbf, .jpg, .xar, .zip, .wm, .vpk, .docm, .apk, .wp7, .1st, .gho, .xwp, .sid, .pem, .doc, .wps, .2bp, .bay, .xpm, .wps, .mlx, .xlsx, .qic, .epk, .mp4, .xmmap, .zip, .menu, .arw, .srf, .z3d, .pdd, .bkf, .wsh, .xlsx, .esm, .accdb, .zdb, .kdb, .wb2, .layout, .rw2, .xdl, .gdb, .jpe, .hplg, .mdbackup, .xml, .mef, .hkx, .bsa, .rofl, .zdc, .xbdoc, .w3x, .crw, .odt, .wot, .y, .bc6, .wmd, .ws, .m4a, .pdf, .sie, .xdb, .z, .wmv, .dxg, .m2, .wp4, .cas, .ods, .tax, .nrw, .eps, .wbd, .dba, .wpl, .cfr, .wav, .rgss3a, .wsd, .hkdb, .vpp_pc, .iwi, .svg, .ntl, .bkp, .wpt, .tor, .forge, .ncf, .xls, .qdf, .wbk, .rtf, .sav, .orf, .x3f, .asset, .wpb, .ztmp, .ai, .map, .xlgc, .wbm, .pef, .xls, .dazip, .wgz, .3dm, .wmv, .0, .ibank, .xyw, .wpe, .wp5, .dcr, .fos, .x, .yml, .wmf, .sum, .re4, .rb, .wma, .sidd, .webdoc, .zabw, .x3f, .snx, .litemod, .bik, .xld, .raw, .xy3, .3fr, .wmo, .mcmeta, .upk, .pptx, .vfs0, .avi, .1, .itm, .wp6, .lvl, .webp
Upon encryption, all affected personal files will then be appended with the .Adame extension. Researchers have found several versions of this virus, each of which uses a partially different extension:
- .[supportcrypt2019@cock.li].Adame
- .[checkcheck07@qq.com].Adame
- .[raynorzlol@tutanota.com].Adame
- .[recovermyfiles2019@thesecure.biz].Adame
So if the file had the name ‘document.doc’ before encryption, then after it was encrypted, it will be renamed to ‘document.doc.id[9ABD009CD0-5104].[recovermyfiles2019@thesecure.biz].Adame’.
Adame ransomware leaves a ransom demanding message called ‘info.txt’ with instructions for extortion and ransom payment. The ransom message directs victims to make payment online in crypto currency.
Threat Summary
| Name | Adame |
| Type | Ransomware, File locker, Crypto virus, Crypto malware, Filecoder |
| Encrypted files extension | .Adame |
| Ransom note | info.txt, info.hta |
| Ransomare process name | The App that Reminds You to Move More |
| Contact | supportcrypt2019@cock.li, checkcheck07@qq.com, raynorzlol@tutanota.com, recovermyfiles2019@thesecure.biz, supportcrypt2019@protonmail.com |
| Ransom amount | $300-$1000 in Bitcoins |
| Symptoms | Your files fail to open. Files encrypted with .Adame file extension. Your documents, photos and music have new extension appended at the end of the file name. Files called like ‘info.txt’, ‘info.hta’, or ‘info’ in each folder with at least one encrypted file. |
| Distribution methods | Phishing Emails that is carefully designed to trick a victim into opening an attachment or clicking on a link that contains a malicious file. Drive-by downloads (crypto virus has the ability to infect the PC system simply by visiting a website that is running harmful code). Social media posts (they can be used to entice users to download malware with a built-in ransomware downloader or click a malicious link). USB key and other removable media. |
| Removal | To remove Adame ransomware use the removal guide |
| Decryption | To decrypt Adame ransomware use the steps |
If you came across this blog post, you were probably looking for a way on how to remove Adame, which does not involve paying the money. The goal of this article is to provide you with the necessary instructions that can allow you understand how delete crypto malware and decrypt (restore) files that have been locked.
Quick links
- How to remove Adame ransomware virus
- How to decrypt .Adame files
- How to restore .Adame files
- How to protect your PC system from Adame crypto malware?
How to remove Adame ransomware virus
Malware removal tools are pretty useful when your personal computer is affected by ransomware virus. Below we list the best utilities that be able to identify and remove Adame crypto virus from your computer.
remove Adame virus with Zemana Anti-Malware (ZAM)
Zemana Anti-Malware is a program which is used for worms, adware software, ransomware, malicious software, spyware, trojans and other security threats removal. The program is one of the most efficient antimalware utilities. One of the biggest advantages of using Zemana Anti-Malware (ZAM) is that is easy to use and is free. Also, it constantly keeps updating its virus/malware signatures DB. Let’s see how to install and check your PC with Zemana in order to remove Adame ransomware virus from your computer.
Now you can set up and run Zemana Anti Malware (ZAM) to delete Adame ransomware from your browser by following the steps below:
Visit the page linked below to download Zemana Anti-Malware setup file named Zemana.AntiMalware.Setup on your PC system. Save it to your Desktop so that you can access the file easily.
164030 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Start the setup file after it has been downloaded successfully and then follow the prompts to install this utility on your computer.
During install you can change certain settings, but we recommend you don’t make any changes to default settings.
When install is finished, this malicious software removal utility will automatically launch and update itself. You will see its main window as on the image below.
Now click the “Scan” button to search for Adame ransomware and other security threats. This procedure may take some time, so please be patient. While the tool is scanning, you can see number of objects and files has already scanned.
Once the scan get completed, Zemana will display a scan report. When you’re ready, click “Next” button.
The Zemana AntiMalware (ZAM) will remove Adame ransomware and other security threats and move threats to the program’s quarantine. Once the task is done, you can be prompted to restart your computer to make the change take effect.
Remove Adame with MalwareBytes
Manual Adame virus removal requires some computer skills. Some files and registry entries that created by the crypto virus can be not completely removed. We recommend that use the MalwareBytes that are completely clean your PC system of ransomware infection. Moreover, this free application will help you to uninstall malware, PUPs, adware and trojans that your machine can be infected too.
- Download MalwareBytes Free from the link below.
Malwarebytes Anti-malware
326383 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
- Once the download is finished, close all apps and windows on your machine. Open a file location. Double-click on the icon that’s named mb3-setup.
- Further, click Next button and follow the prompts.
- Once installation is done, press the “Scan Now” button to search for Adame ransomware, other malicious software, worms and trojans. This process can take quite a while, so please be patient. While the MalwareBytes AntiMalware utility is scanning, you can see how many objects it has identified as being infected by malware.
- After MalwareBytes AntiMalware completes the scan, MalwareBytes will display you the results. Review the scan results and then press “Quarantine Selected”. When finished, you may be prompted to reboot your PC.
The following video offers a steps on how to remove hijacker infections, adware and other malware with MalwareBytes.
Remove Adame ransomware with Kaspersky virus removal tool
Kaspersky virus removal tool (KVRT) is free and easy to use. It can scan and remove ransomware such as Adame virus, other malware, worms, adware, spyware and trojans. KVRT is powerful enough to find and remove malicious registry entries and files that are hidden on the computer.
Download Kaspersky virus removal tool (KVRT) by clicking on the following link. Save it to your Desktop so that you can access the file easily.
129055 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the downloading process is done, double-click on the KVRT icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen as displayed on the screen below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button to begin checking your machine for Adame ransomwaree, other trojans and malicious apps. A system scan may take anywhere from 5 to 30 minutes, depending on your PC system. While the KVRT tool is scanning, you can see how many objects it has identified as being infected by malicious software.
After the system scan is done, you may check all threats found on your system as displayed in the following example.
Once you have selected what you wish to remove from your machine click on Continue to start a cleaning process.
How to decrypt .Adame files
Unfortunately, at the moment there is no way to decrypt files that were blocked by the ransomware. Researchers and antivirus companies are trying to find a way to decrypt .Adame files, but so far no free decryptor has been created.
Never pay the ransom! Nevertheless, everyone has to remember that paying the authors of Adame ransomware who are threatening you is a terrible idea. You can pay this money, but there is no guarantee that your data will be yours again. That is the reason why you should consider other options (that do not involve paying the cyber criminals) in order to restore access to blocked files.
You can not wait for a free decryptor to be created, there are a couple more ways that can help you recover the content of encrypted files. On this post below you will find useful instructions on how to restore encrypted files for free.
How to restore .Adame files
Fortunately, there is little opportunity to restore files which have been encrypted by Adame ransomware. Data restore tools can help you! Many victims of various ransomware, using the steps described below, were able to restore their files. In our guide, we recommend using only free and tested software called PhotoRec and ShadowExplorer. But before you go on to file recovery, you need to check your computer for malware, find and delete Adame ransomware!
Use shadow copies to recover .Adame files
In some cases, you have a chance to recover your photos, documents and music which were encrypted by the Adame crypto malware. This is possible due to the use of the utility called ShadowExplorer. It is a free application that designed to obtain ‘shadow copies’ of files.
ShadowExplorer can be downloaded from the following link. Save it on your Desktop.
438663 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
Once the download is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as shown on the screen below.
Start the ShadowExplorer tool and then select the disk (1) and the date (2) that you want to restore the shadow copy of file(s) encrypted by the Adame crypto virus as shown in the figure below.
Now navigate to the file or folder that you wish to recover. When ready right-click on it and press ‘Export’ button as displayed on the image below.
Restore .Adame files with PhotoRec
Before a file is encrypted, Adame ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your documents, photos and music using file recover software like PhotoRec.
Download PhotoRec on your Microsoft Windows Desktop by clicking on the following link.
When downloading is complete, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as shown in the following example.
Double click on qphotorec_win to run PhotoRec for Windows. It will open a screen such as the one below.
Select a drive to recover as on the image below.
You will see a list of available partitions. Select a partition that holds encrypted personal files similar to the one below.
Press File Formats button and specify file types to recover. You can to enable or disable the restore of certain file types. When this is done, press OK button.
Next, click Browse button to select where restored photos, documents and music should be written, then click Search.
Count of recovered files is updated in real time. All restored photos, documents and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the recovery is done, click on Quit button. Next, open the directory where recovered files are stored. You will see a contents similar to the one below.
All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your restored files by extension and/or date/time.
How to protect your PC system from Adame crypto malware?
Most antivirus applications already have built-in protection system against the ransomware. Therefore, if your machine does not have an antivirus application, make sure you install it. As an extra protection, use HitmanPro.Alert. It is a small security tool that can check the system integrity and alerts you when critical system functions are affected by malware. HitmanPro.Alert can detect, remove, and reverse ransomware effects.
Visit the page linked below to download the latest version of HitmanPro.Alert for MS Windows. Save it to your Desktop so that you can access the file easily.
When the download is finished, open the directory in which you saved it. You will see an icon like below.
Double click the HitmanPro.Alert desktop icon. After the utility is started, you will be displayed a window where you can choose a level of protection, as on the image below.
Now click the Install button to activate the protection.
