Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Korean AdamLocker Ransomware

Korean AdamLocker Ransomware is a new version of a threat we have already discussed, AdamLocker Ransomware. According to our research, this infection was built in the exact same way; however, it is obvious that the new variant was created to target Windows users who reside in Korea. It was found that the infection is most likely to invade the system via a corrupted spam email. If that is how you are exposed to the infection, you are the one responsible for letting it in. It is notable that spam emails are utilized for the distribution of most ransomware threats, including the most recent infections, TBlocker Ransomware, Stop Ransomware, and Nazcrypt Ransomware. Needless to say, you want to stay away from suspicious emails. If it is too late, and you need to remove Korean AdamLocker Ransomware, please continue reading to learn how exactly you should delete this malicious infection.

When the malicious Korean AdamLocker Ransomware slithers in, it immediately drops a malicious .exe file in the %ALLUSERSPROFILE% directory. According to our research, it is called “adm_64.exe,” but, of course, we cannot guarantee that the name of the file could not be changed. The infection also disables the Task Manager, which it does by creating a key in the Windows Registry. If you delete the “DisableTaskMgr” key in HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, the tool will be restored. You can learn how to do it by following the manual removal instructions below. Once the threat is set in motion, it encrypts all kinds of unique files, including your personal photos and documents. When the file is encrypted, the “.adam” extension is added to its name, and so it is easy to determine which files were encrypted. Soon after the files are encrypted, Korean AdamLocker Ransomware launches a window with an image of a skull. The window also displays a message in Korean, and this message represents the ransom demands. The threat pushes you to pay a ransom of $50 to a special Bitcoin wallet (1KQETJqKzUHUmCBXQgwzWt2cLcgwty5st1) within 48 hours.

If you pay the ransom and disclose your email address as instructed via the ransom note, you might expect your files to be decrypted; however, that is unlikely to happen. The previous version of the Korean AdamLocker Ransomware was decryptable, and the victim had to go through some online ads to get a decryption key. Unfortunately, that is not true for the version we are discussing in this report, and the victim is asked to pay a ransom. The thing is that no one can force cyber criminals to produce a decryptor, and so we cannot guarantee that you would be given it. Of course, $50 is not a huge ransom, and some users might be willing to take the risk. If you are thinking about doing that as well, remember that your chances of recovering the files are very slim. Hopefully, all of your files are backed up, and you do not need to fulfill any demands made by cyber criminals. If files are backed up, delete Korean AdamLocker Ransomware from your operating system without further delay. If files are not backed up, take a mental note to start backing up files once the infection is removed.

You can follow the instructions below if you wish to delete Korean AdamLocker Ransomware from your Windows operating system manually. Although this might be a great option, and you might learn about your operating system, you should also consider employing an anti-malware program. If other threats exist on your computer without your permission, the program will find and delete them in no time automatically. Of course, Korean AdamLocker Ransomware will be erased as well. It is most important, however, that an anti-malware program can produce protection against malicious infections, and so if you care to keep your system malware-free in the future, installing it is a good idea. If you choose to handle the situation all on your own, at least install a legitimate malware scanner to inspect your operating system. You do not want any malicious leftovers or undetected programs running on your system, and a reliable malware scanner can help you figure things out.

Korean AdamLocker Ransomware Removal

  1. Launch RUN by tapping keys Win+R.
  2. Enter regedit.exe into the dialog box and click OK to access Registry Editor.
  3. Move to HKEY_CLASSES_ROOT\.
  4. Delete the keys named .adam and adam.
  5. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.
  6. Delete the keys named .adam and adam.
  7. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System.
  8. Delete the value named DisableTaskMgr and then exit Registry Editor.
  9. Identify the {unknown launcher name}.exe file and Delete it (note that it could be placed anywhere).
  10. Launch Windows Explorer by tapping keys Win+E.
  11. Enter %ALLUSERSPROFILE% into the bar at the top.
  12. Delete the file named adm_64.exe (note that the name could be different).
  13. Empty Recycle Bin to eliminate these malicious components.
  14. Install a trusted malware scanner to examine your operating system.
Download Spyware Removal Tool to Remove* Korean AdamLocker Ransomware
  • Quick & tested solution for Korean AdamLocker Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.