Aabn Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Aabn is a variant of Stop/DJVU. Source of claim SH can remove it.


Aabn is a file-encrypting infection that belongs to the ransomware category. Aabn specializes in keeping user files hostage through encryption and demanding ransom money from its victims in exchange for a decryption key.

The Aabn ransomware will leave a _readme.txt file with instructions

If this stealthy malware has encrypted your files and you don’t want to pay a ransom to the crooks behind it, the info on this page may be able to help you deal with the infection and remove it. Our “How to remove” team has prepared a removal guide below that is intended to help users like you to minimize the harmful consequences of the ransomware’s attack and learn how to protect their device in the future. So, if you want to explore some alternative solutions and clean your computer from Aabn, in the next few lines, we will share with you our removal steps and file-recovery suggestions.

The Aabn virus

The Aabn virus is a ransom-demanding threat that extorts money from its victims by encrypting their most valuable files. The Aabn virus typically infects the computer when the users interact with malicious web content.

Such content is often circulated via spam e-mails, e-mail attachments, links, torrents and low-quality downloads. The ransomware can be distributed with the help of a fake web ad, an infected image, a fake pop-up alert or a common file that tricks you into clicking on it. Trojan horses, however, are a favorite tool that hackers use to deliver ransomware inside the system. The Trojans have the ability to exploit system vulnerabilities and to insert other malicious code inside the infected computer without being detected. Sadly, noticeable symptoms can hardly be observed during the infection time or during the file-encryption process. That’s why the victims of the ransomware typically get notified by the consequences of its attack only after a ransom-demanding notification is shown on their screen.

The .Aabn file encryption

The .Aabn file encryption is a harmful process that converts digital files into inaccessible bits of data. The purpose of the .Aabn file encryption is to restrict the owners of the data to open or use it so that they can pay a ransom for its decryption.

Aabn File
The .Aabn virus will encrypt your files

A specially generated decryption key is the only thing that can reverse the applied file encryption. Sadly, that decryption key is in the possession of the crooks that control Aabn, Aamv, .Eemv and they sell it only for a fat amount of money paid in Bitcoins. Detailed instructions on how to make the payment are provided immediately after the ransomware’s attack and they typically are displayed on the screen in the form of a ransom notification. Very often, the hackers try to scare the victims that they will destroy the decryption key if payment is postponed or not made within a given deadline. However, you should know that such deceptive tactics are used only to get the victims to act impulsively and pay as quickly as possible, without searching for other solutions.

However, it’s not a good idea to send money to ransomware crooks because there is no guarantee that they will send you a decryption key in the first place. Besides, if the file decryption fails for whatever reason, you will still be left with your data encoded and no money in your pocket.


Detection Tool

*Aabn is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Aabn Ransomware

To remove the Aabn virus, the first thing that must be done is to delete any harmful programs, then you must quit rogue malware processes, and finally restore any system settings that the virus has modified.

  1. Open the Programs and Features list, search it for rogue programs, and uninstall anything potentially unwanted you find there.
  2. Look in the Task Manager for Ransomware processes and disable anything you think could be related to the virus.
  3. Check the Hosts file and the System Registry for changes and items made/added by the virus and revoke/delete them.
  4. Visit the next folders and delete from them any rogue files that may be stored there in order to remove the Aabn virus: AppData, LocalAppData, ProgramData, WinDir, and Temp.

More details on how each of the listed steps must be performed can be found in the expanded version of the Aabn removal guide that you will find below.

Expanded Removal Guide


Use the Start Menu search field to search for Programs and Features and then go there and search the list for program installs that have been added not long before Aabn made its presence in your system known and that look suspicious. If you think that a given program is linked to the Ransomware, delete it by clicking on it, selecting the Uninstall option, and following the on-screen steps in the uninstallation wizard. While going through the uninstallation wizard, be sure that you opt out of any settings that leave any data related to the unwanted program on your computer.



*Aabn is a variant of Stop/DJVU. Source of claim SH can remove it.

Press together, in the order they are given, the following keys: Ctrl + Shift + Esc. This will open the Task manager in which you must select the Processes section.

From the list of processes, try to find the one that is related to Aabn. Usually, that process would be using up lots of RAM and CPU, so focus on the items shown at the top of the list (the ones that are most resource-intensive).

If you see that among them there is an item that looks questionable, do not hurry to disable it – instead, first look it up on the Internet and see what information about it comes up. If other users and security researchers have said that the process may be harmful, then right-click on it, select the first option from the menu, and scan all of the files in the location folder that opens using the following free online scanner.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.
    Task Manager1

    If our scanner detects malware code in one or more of the files, select the suspected process with the right-click of your mouse and click on End Process. After that, delete the file-location folder of the malware process.

    Task Manager2


    Note 1: If you are currently unable to delete the process’ location folder, try to delete as many files as you can that are stored in the folder and then continue with the guide. Later, once the other steps have been completed, you should be able to delete the folder so be sure to remember to do that.

    Note 2: If you have high levels of certainty that the suspected process is from Aabn, do not hesitate to quit it and eliminate its file location even if none of the files in it got flagged as threats.


    *Aabn is a variant of Stop/DJVU. Source of claim SH can remove it.

    You must put your PC into Safe Mode as a way of preventing any remaining Ransomware processes from interrupting you while you are completing the remaining steps from the guide. Follow the link we have provided if you don’t know how to put your computer in Safe Mode.


    Copy this file path: notepad %windir%/system32/Drivers/etc/hosts, paste it in the Start Menu, and click on the file that shows up in the results. If you need to first pick a program with which to open the file, select Notepad from the list.

    When the text file shows up on your screen, take a look at what’s at the end of the text – if the last thing written there is “Localhost:”, this means the file hasn’t been modified by the virus, and you don’t need to do anything about it. If, however, there are strange IP addresses or other text written below “Localhost”, you should copy what’s there, place it in the comments section below this post and wait for our reply. We will have a look at your comment, determine if what you’ve sent us is from the virus, and tell you if further action is required.


    Proceed with caution!: The following step will require that you find and delete Ransomware items in your System Registry. When completing the step, you must be certain that the items you are deleting are from Aabn or else you may end up damaging the system. If you are in doubt, it is strongly recommended that you ask us in the comments about the items you aren’t sure must be deleted instead of outright removing them from the Registry.

    Start the Registry Editor of your computer by typing regedit in the Start menu and opening the regedit.exe icon. When/if Windows requires your permission as an Admin, provide it by clicking on Yes.

    After the Registry Editor Starts, go to Edit > Find, type Aabn in the search box and start the search. Only the first found item will be shown to you – you must delete that item, perform another search to see if there are other Aabn items, and delete them too. You must keep dong this until there are no more search results for Aabn.

    1 1

    The next thing you must do is find the following Registry directories from the left panel of the Editor.

    • HKEY_CURRENT_USER > Software
    • HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
    • HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main

    When you get to them, search them for items that seem suspicious. For instance, if you see an item with a name that’s significantly longer than the rest and/or consist of seemingly random letters/numbers, you should probably delete that item. Again, if you aren’t sure, just ask us through the comments section down below.


    The final step you must complete is to visit the folders listed below and search them for rogue files that you should delete. To go to each folder, simply copy its name from the below (including the “%” characters), paste it in the Start Menu search field, and hit Enter.

    • %AppData%
    • %LocalAppData%
    • %ProgramData%
    • %WinDir%
    • %Temp%

    In each of those folders, see what file have been added after the date you think Aabn entered your system and delete those files. In the Temp folder, delete all files stored there.

    Use Professional Removal Software Ransomware is one of the fastest evolving and growing malware categories and some Ransomware viruses are highly advanced and very difficult to remove manually. Therefore, if thus far you’ve been unable to successfully delete Aabn, even after completing all steps from this guide, we suggest trying to use a specialized removal program to take care of the virus. One such program we strongly recommend can be found linked on the current page. It is a powerful and reliable malware-removal program that will scan your system for rogue data and settings and delete/disable them so that any malware that may be present on the computer will get removed.

    How to Decrypt Aabn files

    Removing the Aabn virus and restoring the files that it has locked up are two separate processes. Before you attempt to restore your data, you must first make sure that the Ransomware is gone from the system, or else any files you may manage to recover could get locked up again. The removal of the virus itself doesn’t automatically set the files free, so that’s why you must perform additional actions to release your data. Paying the ransom is a possible option, but we advise against it due to the risk of not getting anything back and simply losing a lot of money. For that reason, we encourage you to explore alternative data-recovery methods.

    Files encrypted by ransomware may have unique extensions that may be used to determine which variant was used for the attack. If the Aabn variant is what has infected your machine, you may try to recover your files by running the application below to see if you can decrypt any of them.

    New Djvu Ransomware

    The latest variant of the Djvu Ransomware, known as STOP Djvu, is actively targeting users from different countries. The .Aabn extension helps this malware stand out from other forms of malware that use the same tactic.

    We all know that dealing with new ransomware variants may be very challenging, however if Aabn has used an offline key was used to encrypt your data, there is still hope. A decryption program is available in the link below, and you may use it to try to restore some of the files. The decryptor can be downloaded by visiting the link and selecting the Download button from the page.


    Once you save the executable file on your computer, run it as administrator and click the Yes button to launch the decryptor. Read the license agreement and the instructions that are applicable carefully. To proceed with decrypting your data, choose the Decrypt option. Note that the software may not be able to decrypt files that have been encrypted with unknown offline keys or online encryption.

    Also, do not forget that you can always use our free malware scanner to scan any suspicious files that are still in your system and that you think may be related to Aabn.


    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1