Severity scale:  

Remove Adame ransomware (Bonus: Decryption Steps) - Free Guide

removal by Alice Woods - - | Type: Ransomware

Adame ransomware is the cryptovirus, related to another ransomware code that marks encrypted files with a lengthy marker including contact email and victims' ID

Adame ransomwareAdame ransomware is the cryptovirus that demands a ransom from victims after file encryption. Virus developers claim that they can recover affected files with the only possible solution – decryption key they develop for each victim separately and allegedly shares it with a victim after the money transfer. Unfortunately, ransom paying is not the best solution since contacting cybercriminals can lead to more issues with the machine or even further damage to the device.[1]

Ransomware is based on blackmailing victims, so virus developers have no mercy for you or your files. Remember this and the fact that Adame ransomware virus is a version of Phobos ransomware. This relation indicates the possibility that malicious ransomware payload includes modules that affect the system and can further infect the machine with trojans, worms, other malware. Also, it is known that the family of Phobos loads processes and executables on the machine to ensure the persistence and interfere with the performance of infected computer further. “The App that Reminds You to Move More” is the process that can be found running in the background.

Name Adame ransomware
Type Cryptovirus
Ransom note encrypted.hta
File marker .id[].[].Adame
Family Phobos cryptovirus
Distribution Infected file attachments from email spam
Contact email,
Elimination Remove Adame ransomware with anti-malware tool and clean virus damage using Reimage

Adame ransomware is the virus that completely overwhelms the victim with all the changes in the system and the ransom demand. However, ransomware has more features than file encryption alone. Since it aims to make a profit from infecting machines, it can also steal valuable information and email addresses or credentials that can be used in secondary scamming campaigns.

It is known that like any other cryptovirus, Adame ransomware targets online banking credentials, personal logins or passwords and other details stored directly on the device or saved on the browser as auto-fill information. In addition to this background process, the virus can:

  • alter Windows configuration files;
  • add new registry entries;
  • delete files;
  • add programs or data;
  • infect the machine with other malware.

Adame ransomware starts the attack with infecting the machine and checking the location of the device. Sometimes particular countries are excluded from such processes. If the system is suitable for the infection, the ransomware runs AES encryption algorithm and encodes all the data found on the machine. Common files like photos, documents, videos, music, audio files get encrypted and then encrypted.hta appears on the screen with the following message:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Write this ID in the title of your message: 
In case of no answer in 24 hours write us to this
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Besides this program window with direct payment transfer instructions, a virus can add info.txt text file on the screen that contains less detailed information. In most cases, Adame ransomware repeats contact information and lists emails in the text file where criminals encourage people to follow instructions in the HTA file as soon as possible.  Adame ransomware virus
Adame ransomware is the malware that shows up with a ransom demanding message and makes people eager to pay. However, all the malicious processes happen in the background.
Although criminals behind this threat claim about decryption possibility, you need to remove Adame ransomware without even considering the ransom payment. There is no need to spend your money when, in most cases, the decryption tool does not exist.

Adame ransomware developers change the initial code, and this virus is distributed in various campaigns that target large scale of victims. Global attacks aim to affect as many people as possible. So this is one of the most popular and dangerous Phobos versions. 

Reports about this threat also show that Adame ransomware removal becomes impossible after some time. The virus can propagate across various mediums and load other files, processes, programs on the machine. All those associated intruders, alterations on the system can ensure that malware is more persistent.

This is the reason why experts[2] always recommend rebooting the machine in Safe Mode with Networking and then running a system scan with tools like Reimage. When you run a check on the machine, anti-malware tools can indicate Adame ransomware payload, malicious files, and virus damage, so you need one tool to eliminate the threat completely. Adame cryptovirus
Adame virus is the threat that changes its malicious tactics and can run different commands on the machine besides the file encryption.

Ransomware is more likely being spread by hackers

When it comes to threats like ransomware, the more common distribution techniques are phishing attacks and infected files. These campaigns that spread cryptovirus involves techniques that allow to deliver malware across multiple platforms and deliver them to a bigger number of potential victims.[3] Cybercriminals and hackers are more likely to spread such a serious threat because they aim to scare people into paying the ransom. Also, this is more advanced and involves experience in coding such sophisticated malware. 

Infected documents – the popular technique of delivering the malicious script. Macro-infected documents are loaded on legitimate-looking emails with subject lines like Invoice, Order information, Shipping details as attachments. Once the PDF or Word document gets downloaded and opened malicious macros trigger the drop of the ransomware payload. This is done in seconds, and your device becomes infected.

Adame ransomware removal is the process that requires more help from professional tools

You need to react to Adame ransomware virus infection as soon as possible because malware can propagate further and infect more devices on the same network or even permanently damage the machine. Hackers can target further than your own PC.

As soon as you notice the suspicious activity on the machine and get your data affected, you need to remove Adame ransomware completely. If you react quickly, you can eliminate all traces of the virus and take your system back to a safe place without malware.

Unfortunately, manual Adame ransomware removal is not giving the best results, you need to get automatic tools like anti-malware tools and run a full system scan. Using Reimage, SpyHunter 5Combo Cleaner, or Malwarebytes can give you the advantage because these programs terminate the malware itself and clean virus damage. 

do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter 5.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove Adame virus, follow these steps:

Remove Adame using Safe Mode with Networking

Adame ransomware can be more persistent, so reboot the machine in Safe Mode with Networking before an anti-malware scan

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Adame

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Adame removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Adame using System Restore

You can enable the System Restore feature and eliminate Adame ransomware this way

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Adame. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Adame removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Adame from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Adame, you can use several methods to restore them:

Data Recovery Pro is the method that can help with files encrypted by Adame ransomware

If you need alternate solution for data backups, Data Recovery Pro is the one to try. The program can restore accidentally deleted and corrupted files too

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Adame ransomware;
  • Restore them.

Windows Previous Versions feature for file recovery after Adame ransomware attack

When System Restore gets enabled, you can use Windows Previous Versions as a data recovery method

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer for help when dealing with Adame ransomware

Your encrypted files can be recovered if you can use Shadows Volume Copies and ShadowExplorer tool

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Decryption is not possible for Adame ransomware

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Adame and other ransomwares, use a reputable anti-spyware, such as Reimage, SpyHunter 5Combo Cleaner or Malwarebytes

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions


Your opinion regarding Adame ransomware