How to remove Anabelle virus and restore encrypted files

If you've suffered from an encrypting program and have reasons to assume that it’s the Anabelle virus – in our item you will find useful information. We suggest easy and tested advice on Anabelle deletion and possible manners to restore the encrypted files.

What is Anabelle

Encryption virus can be considered a bogey of a recent society, and we all know that if you can not access your files and there's a ransom note – it’s time to be scared. It’s a true, unfortunately. An encrypting virus is the most dangerous thing that can happen to you in the Web because a regular user has no power to get rid of it. The single case when you're able to overcome ransomware is when you aren't dealing with a true one, but a screenlocker, that blocks your display and tries to lure your money. In any other event, if ransomware was created and tuned in a right way – you can just trust that malware researchers can deal with it. If fraudsters failed somehow, and there are some flaws, which allow you to restore information – we will tell to you what to do in the following guide.



So, what is Anabelle? It consists of a totally legitimate encryption algorithm that encrypts the data on user’s PC and makes them unreadable if you have no key. The key is encrypted too, but with another algorithm. As usual, web-criminals favour RSA and AES manners, which have proven themselves the very complex and sustainable. The mentioned algorithms and the programs built upon them can be easily found in the Net, so web-criminals only need to develop defensive mechanisms, to block an inlet to a program, and make the flawless update and control pattern. Some viruses just work independently, and scammers get a report about another victim not before he approaches them and forwards the funds. Other viruses are work in different way, and send files to thousands addresses, to puzzle the researchers and maximize the work required to defeat a virus.

Virus kind is not important, as the AES and RSA algorithms are very complex to decipher them directly. It might take centuries to execute all needed operations on a usual machine or, possibly, 2-3 decades if you can use a super-efficient computer. We know only two efficient ways to beat a ransomware: to hack it, or hack its database, to receive encryption keys. Some viruses also have a breaker, able to cease ransomware's activity totally or to make it pass the infected computer. If someone finds that switch for this ransomware, or publish a decryption program, we'll give you complete information in this guide.


Here we've gathered a few alternatives to examine, before giving in and waiting for a decryption tool. As we said before, swindlers also fail, and certain characteristics of your OS can assist you to recover information.


  • If you use an profile without admin rights – you're very fortunate. The matter is that your Windows creates backups of all files prior to they’re destroyed or modified. Those copies are known as the Shadow Volume Copies, and Anabelle has the ways to remove them. If you are using the user's profile – the OS asks for a confirmation at the exact moment Anabelle attempts to delete SVC. In case you've seen suchlike window and declined it – your SVC are alright, and might be used to get back the files.
  • A protected copy is the single totally efficient manner to get your files back, but you should delete Anabelle before. Ensure that Anabelle is gone in full, as if it isn't – all information will be spoiled instantly, with the files that were saved on a flash drive.


If all of written above advice didn't work and you have no possibility to restore corrupted data – you need to remove Anabelle from the system and expect when a decryptor will be developed.

How to remove Anabelle

As about the elimination – there’s no possibility to entirely escape an automatic mode. Anabelle is too sly and there is a chance miss some elements and then suffer from it (it may happen if you line up a flash drive with the saved data to a not-totally-clean computer). It also lurks damn good, so you just won’t be able to get rid of it fully with your own hands. According to this, we’ve created an efficient deletion directions that will help you to beat this problem. It has several by-hand phases and one extra AV tool step.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter anti-viral tool which is not simply efficient, but also modern and constantly evolving antivirus which will clear your device of all viruses. Press the button below to use Spyhunter and delete the ransomware.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

As you deleted Anabelle, you should try to perform some info recovery. As we said before, if you use an administrator entry and you let the ransomware an access to the computer – you have no trick to get back your data except for the backups. If you use a usual profile – you might have a chance, but you will need especial recovery software. We advise you to try Recuva or ShadowExplorer tools. They're easy to find on the registered pages of their developers, with close instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience