Aawt Virus

7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Aawt is a variant of Stop/DJVU. Source of claim SH can remove it.


Aawt is a virus of the Ransomware file-encrypting variety and it is capable of blocking all important data on your computer. The purpose of Aawt is to force you to make a payment to its creators in exchange for your data’s recovery.

Stop 1024x575

This blackmailing scheme is one of the most common forms of online money extortion nowadays. Ransomware viruses are very widespread and very effective in locking up the files of their victims. Although there are certain workarounds that may help some users deal with a Ransomware attack on their files, there are simply no guarantees if a given file-recovery method would work against a specific Ransomware version. Newer Ransomware threats, especially, are very difficult to deal with because of the advanced encryption algorithms that they use.

The Aawt virus

The Aawt virus is one of the latest representatives of the malware family known as Ransomware. The Aawt virus aims to block all valuable data on their victims’ computers and later blackmail the users for a ransom payment.

If you have had your files encrypted by Aawt, you must be well aware of the different options you can go for and what their pros and cons are. For example, if you are thinking about paying the ransom, you should know that sending the hackers your money may or may not get your files back. To unlock an encrypted file, you’d need to use a special decryption key that is unique for each encryption algorithm and computer. This means that you can only use the key that Aawt has generated for your computer specifically. This key is in possession of the hackers who have created the virus and the ransom they ask from you is for this key. However, whether or not the key would really get sent to you remains uncertain. In other words, if you pay the money, you’d be at the hackers’ mercy with regard to whether you get the key for unlocking your file.

The Aawt file encryption

The Aawt file encryption is the method that Aawt has used to lock up your data and force you to pay a ransom for its recovery. The Aawt file encryption is very sophisticated and no conventional program can read through it.

Aawt File

However, this doesn’t mean you should pay the ransom as soon as you see a ransom-demanding note on your screen after your data has been locked up. As we already pointed out, this is a risky action and it may actually make the situation worse for you. Therefore, we have tried to come up with a potential alternative that our readers can try first, instead of going for the ransom payment option. In the next guide, you will find instructions on how to remove Aawt and then, in the file-recovery section, you will learn about the possible file-restoration alternatives that you can try in your attempt to bring back your data. Sadly, we can’t promise any miracles but it’s still worth trying all other options before considering the payment option as a possible course of action.


Detection Tool

*Aawt is a variant of Stop/DJVU. Source of claim SH can remove it.

Remove Aawt Ransomware


If you have been attacked by Aawt, it is important to carefully follow all manual steps from the guide to successfully remove the infection. Our first advice is to remove any external hard disks, and other storage devices that may be connected to the infected machine. Then, disconnect your computer from the Internet to prevent the Ransomware from receiving instructions from its servers.

Once that is done, you’ll need to restart your computer in Safe Mode. In order to proceed, please let the computer restart and then come back to this page. To make the removal process of Aawt easier, you may either save this page as a bookmark in your browser and return to it later, or open it on a different device to view the instructions.



*Aawt is a variant of Stop/DJVU. Source of claim SH can remove it.

The second step is to launch the infected computer’s Task Manager by pressing Ctrl+Shift+ESC simultaneously. Navigate to the Processes tab at the top of the window and filter the list of processes based on how much memory and CPU they’re using, then look for those with odd names.


If you see any processes that look suspicious, right-click on them and choose Open File Location to see where they are stored on your computer. Next, use the scanner provided below to see whether any of them are infected with malware.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If there are any dangers in the folder after the scan, you should stop the currently running process by right-clicking on it in the Processes tab and choosing End Process. After that, you should get rid of any files in File Location that the antivirus software flagged as dangerous.



    To ensure your Hosts file hasn’t been modified without know knowledge, use Win + R to open a Run dialog box on the screen, then paste the following command in it and hit Enter.

    notepad %windir%/system32/Drivers/etc/hosts

    Search for the word “Localhost” in the text of the Hosts file and look for any IP addresses that don’t raise suspicion. Leave a comment below with the IP address in question, and we’ll check into them and give you some advice on what to do.

    hosts_opt (1)


    The System Configuration window is the next stop. Simply enter “msconfig” in the Start menu’s search field and hit Enter to open the window. When System Configuration opens on the screen, click the “startup” tab to check the programs set to automatically launch when the computer boots. Uncheck the box next to any startup items you suspect are associated with the ransomware. After making any necessary changes, just click “OK” and close the window.





    *Aawt is a variant of Stop/DJVU. Source of claim SH can remove it.

    Ransomware may often hide some of its files in the system’s registry to keep them safe for as long as they need to be there. If this is the case, you’ll need to use the Registry Editor to thoroughly search for and remove any Aawt-related entries. By doing so, you may eliminate any remaining Aawt traces from your computer and restore normal operation. Enter regedit in the Windows search field, then hit Enter to open the Registry Editor.

    Next, simultaneously press Ctrl and F to open a Find window and search for malicious files by entering the name of the danger in the Find box and clicking Find Next after.

    Attention! Removing ransomware-related files from the registry hides risks of involuntary system corruption. Therefore, if you are concerned that Aawt-related files are present on your registry and you cannot remove them, we strongly advise that you use a professional malware removal application like the one available on our website. Aside from dealing with the current infection, it is also possible to use this software as a protection against any future malware intrusions.

    Ransomware-related files might also be stored in the five locations below. To access them, simply enter each of the following terms in the Windows Search field and hit Enter.

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Manually search each directory’s contents and remove the files that belong to the threat. Again, don’t delete anything if you are not sure, and use professional removal software if you need assistance. When you open the Temp folder, just select all temporary files stored there and hit the Del key.



    How to Decrypt Aawt files

    The sophisticated file encryption used by ransomware makes this threat particularly challenging to deal with. What is even worse is that even if you manage to completely remove the danger from the computer, your encrypted data may not be returned to its original state. Besides, different variants of ransomware may use vastly different decryption techniques. If you’ve made up your mind to do everything in your power to get your data back, our first recommendation is to look at the file extensions of the encrypted files. They will indicate the exact variant of ransomware you are up against and which, in turn, will help you find the best file-recovery options for your case.

    Before you jump to the file-recovery solution offered below, however, it is very important to run a full malware check with a professional anti-virus tool on the infected machine. This will ensure there is no virus on the system that could threaten your files before the file-recovery can begin.

    New Djvu Ransomware

    As a new variant of ransomware, STOP Djvu has been aggressively attacking victims all over the globe and holding their data hostage for a ransom by encrypting it. According to reports from victims, the .Aawt extension is used for files encrypted with this new variant. Despite the fact that this is a brand-new and extremely active danger, those who have been attacked shouldn’t give in to the ransom demands. Instead, we suggest they check out the decryptor from the link below and try to restore their encrypted files with it:


    The STOPDjvu executable file can be downloaded from the link by clicking on the Download button in the upper right corner of the page. The next thing to do is to read the license agreement and the instructions that explain how to use the software before starting the decryption process. Although this software may not be able to decrypt files that were encrypted with an unknown offline key or online encryption, there is a good chance that you may recover data that was encrypted with any of the offline keys in its database.

    For more professional help with Aawt, you may want to use trusted anti-virus software or a free online virus scanner that can remove the threat and protect your computer in the future.


    About the author


    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.


    • Hi; I had infected with .aawt Ransomware. I did all the previous steps you mentioned including scan with SpyHunter . Now how to decrypt my files (Power point; Word; Excell; Pdf; jpg; DICOM; etc)

      Can you help me

      • Hi, Ayman Azoz! If you have a New Variant online ID, there is no key for New Variant online ID. That means for now, the only other alternative to paying the ransom, is to backup/save your encrypted data as is and wait for a possible future solution if encrypted with an ONLINE KEY.

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1