Brief description about .odin extension virus:
The .odin extension virus is a very dangerous program which is specially designed to onrush online user's valuable system files. It is a new version of Locky ransomware threats. It will come in touch to your PC through spam mail attachment from unauthorized sites. When you open these spam mail, automatically this virus get ins most talled in your system. Once getting inside your PC, it will encrypt all of your important system files and lock them using .odin extension and demand ransom money to decrypt your files. It will encrypt your system files like .doc files, PHP files, presentation, html files, Java file using the RSA-2048 and AES-128 cipher key algorithm. This algorithm uses the two keys “ First is public key(encryption) and second is private key(decryption)” without of private key, you can't decrypt encrypted files. The files are renamed using the "[Victim ID]-[4 symbols]-[12 symbols].odin" pattern (e.g., "sample.jpg" might be renamed to "D56F3331-E80D-9E17-8D2A-1A11D40A6BD3.odin").
This .odin extension virus will create three files ("_5_HOWDO_text.html", "_HOWDO_text.bmp" [set as the desktop wallpaper], and "_HOWDO_text.html") and places them on the desktop.
All three files will show identical ransom-demand message. Victims are informed that the files are encrypted using asymmetric cryptography. It will generate two key (public [encryption] and private [decryption])during the encryption process. This alert message will tell you that the private key is stored on remote servers controlled by Odin's developers. To get this decryption key, you have to visit one of the Tor Project links provided. Then it will provide the detailed information regarding the payment. Cyber crooks will convince you to buy a decryption tool (with an embedded private key) for 3 Bitcoins (currently equivalent to ~$1811). But never trust upon them because research shows that cyber crooks will not provide you the right decryption key, despite payments made. You will also face the identity theft problem like "It will take over your sensitive information like login details, password, credit/debit card number, bank account details, extra". This ransomware will pretends like masquerade means it will collect your credit/debit card details and take over your money from your account. It will send spam mail attachment to your contact list using your login details and password. What will be the most worse thing rather than this.
How to protect your PC from the harmful consequence of .odin extension virus?
To protect your system, you should take some precautionary steps. As you know precaution is better than cure. First of all, don't open spam mail attachment from unauthorized sites because these spam mail messages will have payload of harmful threats. These mail messages will contain auto start-up software and once you click to view this, it will silently get installed in your PC. Before opening of these messages, you have to check the authority of the sender. You should install effective anti-virus software to remove it from from your PC.
Manual Removal method to uninstall .odin extension virus:
Step 1. End .ODIN extension virus related process in Windows Task Manager.
Click on “Ctrl + Shift+ Esc” keys together to open processes tab in Windows Task Manager
Click on suspicious or unknown process relevant to .ODIN extension virus and click End Process.
Step 2. Remove .ODIN extension virus and unknown programs from Control Panel.
Press “Win + R ” keys together to open Run box
Type control panel in Run box and click on OK button
In Control Panel, click Uninstall a program under Programs:
Right click on .ODIN extension virus and relevant suspicious program, then click on Uninstall
Step 3. Uninstall malicious registry files relevant to .ODIN extension virus.
Press “Win + R ” keys together to open Run box
Type regedit to open Registry and remove the following registry files generated by .ODIN extension virus:
However, performing the above manual steps, require significant computing skills, if you lack such skills, it is better to switch to automatic removal process.
No comments:
Post a Comment