_Locky_recover_instructions Virus Removal

Welcome to our _Locky_recover_instructions Virus removal instructions. This article intends to help you remove _Locky_recover_instructions Virus from your system and is designed to work for all Windows versions.

_Locky_recover_instructions Virus is a Ransomware computer virus. If you are not familiar with this type of malware then be advised this is a high priority danger to your security. Ransomware applications like _Locky_recover_instructions Virus are very distinctive and can hardly be mistaken for anything else.

_Locky_recover_instructions Virus

If you are reading this article then you have probably found your most often used personal files ending with a seemingly unfamiliar extension. Also as if to shed any doubts there would be a note posted to your desktop explaining what has happened and how to get your files back. You should not do as the note says! This is very important. In this article we will try and explain in some detail what you will be facing. Also how exactly you have found yourself in this situation. You can also expect some valuable alternatives to paying the ransom. And last but not least extensive removal instructions and possibly a way to get your files back without paying a dime! So let’s get started.

What exactly _Locky_recover_instructions Virus is

We already stated that you are facing a full-blown Ransomware computer virus. This type of malicious software often uses a different variant of malware to infiltrate your computer. This other malware is often referred to as a Trojan horse and usually acts as a backdoor way for harmful applications. Once inside a victim’s computer _Locky_recover_instructions Virus usually starts a thorough scan of your hard drives in the attempt to single out your most often access personal files. Note that this virus is not interested in any system files. The reason behind this is so the virus can select the files you are most likely to miss the most and also most likely be willing to pay to get back. Once the list of files has been established it is pretty much game over. _Locky_recover_instructions Virus would start encrypting your files and there is not much you can do at this point. You might encounter some signs like increased CPU and hard drive loads but that’s about it. After your next boot/reboot you would find yourself in the situation you are now trying to remedy.

How did you end up with this?

We mentioned the backdoor Trojan that you probably have on your computer. This is a good moment to remind you that after getting rid of _Locky_recover_instructions Virus you definitely need to root out the Trojan horse as well. If you are wondering how you ended up with a Trojan malware – there are some very common denominators in play here.

  • Infected .exe files attached to e-mails. It may sound corny but this is still a very common way for the spreading of malicious software. You should always be careful and scan all attached files before and after downloading them. One can never be too careful.
  • Compromised files downloaded from p2p file sharing networks. In that category we include any torrent downloads and file-sharing websites downloads. We are not going to advocate whether you should use torrent websites per se but please consider the dangers if you so choose. There are places with very little control over the content that gets uploaded and shared. So once again – always scan any files before opening them, especially if they are executable files.
  • It is a very common theme that for a variety of reasons you might end up with a missing or damaged .dll file. The smart thing to do is to look for additional information about the missing/damaged file online. What you should definitely never do is download the file in question from some shady website. This is a sure way to get infected with malware. As a rule of thumb you should never download any software from unconfirmed sources.

Threat _Locky_recover_instructions Virus
Classification Ransomware
Security Alert
High. Extremely high.
Negative Effects  Your files are inaccessible and have the .locky extension.

_Locky_recover_instructions Virus Removal

Step 1

Reveal Hidden Files. If you don’t know how to do this, ask us in the comments.

Step 2

Start Button => Search=> Copy/Paste “notepad %windir%/system32/Drivers/etc/hosts” => Enter.

Hosts File

If you notice other IPs different from the localhost IPs – you might be in danger!

Localhost IPs

Ask for additional help in the comments.

Step 3

Right click on the Taskbar => Start Task Manager.

Start Windows Task Manager

Navigate to Processes.

Processes in Task Manager

Locate any suspicious processes associated with _Locky_recover_instructions Virus. Right click on the process = > Open File Location => End Process = > Delete the directories with the suspicious files.

Step 4

Start Button => Search => Type:

  • %AppData%
  • %LocalAppData%
  • %ProgramData%
  • %WinDir%
  • %Temp%

Type in Search

Hit Enter after each new search. Check each Folder and delete recent entries.

Step 5

Get Your Files Back!

The only way you can do that is by backpedaling to a moment when you were not infected. You can achieve this in one of two ways:

  • System Restore. Start Button => Search field => Type System Restore=>Enter.
    Choose a Restore Point.
    Restore Point
    Click Next until the process has been completed.
  • Google and Download a Program called ShadowExplorer. Install and open it => Choose the Drive letter (C:, D:, F:, etc.) and date you want to restore information from => Right click on the files you want restored => Export.

If you run into any trouble – ask us for help in the comments section!

  • Hkconfused

    I can’t make it through step 2. I get ‘no results found for your search.’

    Any suggestions?

    • Hello, yes a couple of things. First did you check that you have copy/pasted the exact text as shown in the picture above? Also, can you tell me what OS are you using?
      Let us know, we will try to assist you.

  • Jose H.

    Today in my job the virus arrived :'(

    • Indeed, this is definitely the virus. Unfortunately a lot of people are affected by this. Let us know if we can help you in any way.

  • Szente János


    2 days ago i was infected by this ….. idiot virus.
    I opened an email with a good text from “MicrosoftOffice” and its an insurance-J-numbers, bal bla bla… The same what the others got the infections!

    My biggest problem that i did not recognize that the virus is working co i go on a meeting, and after some hour i saw what happening! :O
    But that time my OneDrive account was synchronized! T.T

    Have anyone any solution how can i get back my files, cos those are so much work for me and theese are many official docs…


    • Hi Szente! This has happened to a lot of people unfortunately, so you are not alone in this. If you have already rooted out the Ransomware virus, then try to follow through with Step 5 of our guide. Hopefully it will work out fine for you. Let us know if we can be of any assistance to you.

      • Szente János

        The biggest problem is that i haven’t any system restore files…
        There was, but now we cant find. Should be this by the virus?

        • Unfortunately if you don’t have system restore points or shadow copies then there’s not much you can do. We strongly recommend against paying any ransom! The whole process is extremely shady so you should definitely avoid it. On top of that there are no guarantees that you will get what you are paying for.

  • Hero Son

    Step 3
    Please help me Locate any suspicious processes associate>> NOt sure what to delete

    • Hello! There’s just no way to tell without taking a look at the exact processes running on your computer. Please post a screenshot and we will try to help you out.

  • Vijay

    My lappy is infected with locky virus.
    I have copy pasted the following link:
    “notepad %windir%/system32/Drivers/etc/hosts”
    But i am not getting any result for this (No Items match your search). What I need to do now?!

  • Vijay

    In the screen shot of processes, “csrss.exe” process is not allowing to e closed nor allowing me to take the location of the programme. Could you please help me, why it is happening like this?

    • Hello Vijay,
      This file could be problematic or not. On your screenshot at the bottom left there is a button/tab called “Show processes from all users”. Please click it and try to open the file location for “csrss.exe”. Let us know about the results.

      • Vijay

        It is showing the message ” access denied.”

        Warm Regards

        —– Reply message —–

        • When you click on “Show processes from all users” or when you try to open the file’s location?