Login for faster access to the best deals. Click here if you don't have an account.

Fix Delete Locky Ransomware Virus | Solutions for Virus Removal Private

11 months ago Ask Expert New York City   246 views

0.0 star

Location: New York City

How to get rid of Locky Virus?

I guess my system has been affected by a locky virus as all of my files have been renamed and locky_recover_instruction.txt’ can be seen in every folder. I search it on the internet but couldn’t find any good solution. Can you please help me delete or fix the Locky virus so that I can completely rid of it.

Locky is the latest virus or ransomware which is delivered by email having an attached Microsoft Word document that contains malicious code. When you click on the attached file the virus installs itself on your system.



What it will do to the system?

  • All file name will be renamed to a combination of number and alphabet having a .locky file extension.
  • You will see an encrypted msg that will instruct you to download TOR browser
  • You will see the hackers link and the Hacker site demands $500 or 1-2 bitcoins.

If you want to remove Locky virus then follow the below mentioned steps -:

 Manually Remove Locky Virus 

  • Press ctrl + Shift + ESC>>Select & Open Task Manager
  • Click on Processes Tab and find the Ransomware Process.
  • You will find a process SVCHOST.EXE in %temp% folder.
  • Navigate to %appdata%/roaming folder>>delete the executable file.
  • Press windows key + R >> Type regedit and  go to
  • HKEY_LOCAL_MACHINE–Software–Locky–id
  • HKEY_CURRENT_USER–Software–Locky–pubkey
  • HKEY_CURRENT_USER–Software–Locky–paytext
  • HKEY_CURRENT_USER–Software–Locky–completed

Locky virus creates a process and description both named  ‘svchost.exe’. After the encryption of your files, it will delete itself. 

Reveal all hidden File and folders

  • Press windows key + R
  • Type notepad%windir%system32/Drivers/etc/hosts
  • This command opens a file but if you are hacked you will see a list of IP’s connected with you.
  • Go to Seach Bar and type msconfig>>Press enter to open a windows pop-up
  • Goto Startup>>uncheck unknown entries as a manufacturer.

 Through System Registry

  • Press windows key + R>>Type regedit and enter.
  • Press Ctrl + F type virus name
  • Search for Locky in your registries and delete all the entries
  • Go to the windows search field and type
  • %appData%,%localAppData%,%programData%,%winDir%,%Temp% 

Delete everything in Temp. Find out these files

  • %userpProfile%\Desktop\_Locky_recover_instructions.bmp
  • %userpProfile%\Desktop\_Locky_recover_instructions.txt
  • %temp%\[random].exe 

Again type regedit and delete the following registries

  • hKCU\Software\Locky
  • hKCU\Software\Locky\id
  • hKCU\Software\Locky\pubkey
  • hKCU\Software\Locky\paytext
  • hKCU\Software\Locky\completed
  • hKCU\Control Panel\Desktop\Wallpaper

 
Note: You must be logged in to post a review.