Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Problem with Odin ransomware

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts

Hello! Can anybody help me with Odin ransomware because I think that I tried everything. I had tried 3 different antivirus apps ( Avira, Cureit, Bitdefender), antimalware apps, Bitdefender Crypto Vacinne, ShadowExplorer with guide from this site but nothing helps. I found different manual guides like link above in Google, but they all are similar and don't help either. So I want to ask if there any way to recover my files or the only cure is to pay hackers for decryprion?

  • 0




    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi ksoksaz,

Welcome to GeeksToGo! :)

You are infected by the newest version of the Locky Ransomeware which is using the .ODIN extension instead of the .ZEPTO extension. Unfortunately, at this time, there is no known way to decrypt files encrypted by Locky. We do not encourage victims to pay the ransome because you are only financing cyber terrorism and the possibility of receiving the decryption code after paying the ransome are slim to none. This is why creating backups of your files is so important. We are recommending that you image your drive before doing anything else. Then in the future, if there is a way to decrypt the files, you have everything you may need to do so.

You could try recovering your files with the following methods though I see you have already tried ShadowExplorer, so I am assuming that the Shadow Volume Copies have been deleted.

You can read more about the newest version of Locky here

y3MMIrs.pngPrevious Versions
  • Right-click the file/folder and click Properties.
  • Click Previous Versions.
  • This tab will list all copies of the file and the date they were backed up.
  • To restore a particular version of the file, click Copy and select the directory you wish to restore the file to.
  • If you wish to restore the selected file and replace the existing one, click Restore.
  • If you wish to view the contents of the file before restoring, click Open.

Please download ShadowExplorer and save the file to your Desktop.
  • Right-Click ShadowExplorer-0.9-portable.zip and click Extract All. Select your Desktop and click Extract.
  • Right-Click ShadowExplorer.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • You will see a drop-down menu with the shadow copies of all partitions and disks present.
  • Click C:\ from the drop-down menu.
  • To the right, pick a date prior to the infection from the drop-down menu.
  • To restore a whole folder, right-click on your desired folder and click Export. You will then be prompted as to where you would like to restore the contents of the folder to.
J8xQM97.png File Recovery Software
File Recovery Software may be able to recover the original file deleted by the infection. Please bear in mind, the more you use the machine after the files are encrypted, the harder it will be for the recovery software to recover your files.

What I always suggest is as follows:

Using a second computer to download and install Recuva Portable to a flash drive, then running it from the flash drive on the computer that has the lost files seems to be the safest way to get the best success.

You could also try to slave the drive by removing it from the computer, placing it in an external enclosure and accessing that hard drive from a second computer to search for any deleted files. Worth a try!

Hope this helps in some way.

Donna :)
  • 1

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP