.Locky Virus Removal

Welcome to our .Locky Virus removal instructions. This article intends to help you remove .Locky Virus from your system and is designed to work for all Windows versions.

.Locky Virus has been identified as a computer virus of the worst kind – Ransomware. We have been bombarded with questions about this “.locky file” and also “.locky files”, clearly indicating this virus if very widespread. But not only that, a large portion of our readers’ messages start with “archivos .locky” or “locky 病毒”. If you are interested in this article then there is a high probability that you have found yourself in quite the predicament. The recognizable traits of a Ransomware application are all present – your files have an unknown file extension. As a result they are completely inaccessible and cannot be tampered with. Also an explanatory note has been posted to your desktop with instructions on how you can make a payment in BitCoins in exchange for a decryption key.

.Locky File Virus
.Locky Virus

Let’s start by saying that unfortunately most of the information contained in that note is true. Your files are really gone, they have been replaced by encrypted copies. Yet you should not yield to the demands for Ransom just yet. There are things to be tried first, so read carefully this article to the very end and learn more about the “archivos .locky” or “locky 病毒”.

How does .Locky Virus operate?

.Locky Virus needs a Trojan horse to infiltrate your system. We will discuss how that might have happened in the next paragraph. After it has bypassed your security the virus will start scanning your hard drive. The purpose of this process being to determine the most often accessed of your personal files. In other words the files you are going to miss the most. After the “doom” list has been compiled the actual encryption of your files would begin. Soon thereafter there will be no going back. After your next reboot you will find your files cannot be accessed and if you have had any doubts the note with ransom instructions would soon disperse them.

It should be noted that these people often rely on the shock and awe that immediately follows the realization that your files are “locked up”. So it is utterly important to stay collected and not go into any rash decisions. You have already made the right first step by coming here, so continue reading about this new ” “archivos .locky” or “locky 病毒” threat, or just to learn more about “.locky file” and also “.locky files”.

How did I get this?

We mentioned already that .Locky Virus uses a backdoor entry past your security via the help of a Trojan horse application. For one that means that you should definitely look for the Trojan once you’ve gotten rid of .Locky Virus. You simply cannot risk leaving it unattended on your computer. In case you don’t know much about this type of malware and specifically how it spreads to users’ computers we will make a short list of the most probable culprits.

  • Infected executable files. They may be attached to e-mails. You should definitely carefully scan and review any files attached to emails in your inbox. This might an old scheme but it is still largely popular method for malware spreading. Most mail providers offer the ability to scan any files before actually downloading them on your computer. You should go one step further – scan them again after downloading them but before opening/executing them.
  • Or the infected .exe files might have been downloaded from insecure locations. For example torrent sites, p2p file-sharing methods or file storage portals. The main issue with downloading software from such places is that you simply have no idea what type of actual content control had been enforced. You might very well be downloading a virus.
  • Very often you might find out that you have a corrupted or missing .dll file. While we encourage you to look for answers online we would like to heavily emphasize on what you should not be doing. And that is downloading the missing .dll file directly from some unspecified website. This is a very likely for a Trojan to be hidden into. Only download software from trusted sources.
Locky Virus Ransom Note
.Locky Virus Ransom Note

Should you pay?

If you are to follow the instructions in the ransom note then you will have to end up paying in order to get a decryption key and essentially get back your files. It is entirely up to you whether you are willing to do that or not. But if you want our opinion then here it is. You should not pay the ransom, or at the very least please exhaust all other options before reluctantly going down that road. There are multiple reasons why you should consider all other alternatives.

  • First of all it is not like you are dealing with some reasonable people. In fact never forget that you are being extorted. So by definition you will be trying to execute a transaction between you and some hardened cyber criminals. There is absolutely no evidence to suggest that they will keep their “word” and indeed send you a decryption key. It is just as likely if not more that you will be lied to and deceived once again. You should seriously consider this before committing to gambling with your money.
  • Second and this is arguably even more important in the grand scheme of things. You are one of the increasingly many victims of Ransomware viruses. This has quickly blossomed into a multi-million Euros industry and this is unlikely to change. At least until you and other victims decide it is time for this to stop. The first step in that direction can come from you only. Refuse to pay the criminals! This is the only way to hamper their interest in creating new and improved methods for online extortion.
  • Let’s get back to the transaction between you and the perpetrators. You don’t want to be associated with people who if caught will be subject to criminal charges. If you follow the instructions in the ransom note you will be going down a very shady road. There’s just no telling how that would turn out and whether you might suffer even more serious consequences.
  • There are alternatives to paying the ransom money. You can wait for the online community to eventually crack the encryption. This is certainly a possibility, although there’s no telling how much time that might take. You can also follow our advice and try something that will not endanger you or your files more in any way. There are no guarantees for success, in fact this is largely dependent on how much time has passed since .Locky Virus has encrypted your files. But at the very least it is a completely free and harmless solution that is certainly worth a try.
Threat .Locky Virus
Classification Ransomware
Security Alert
High. This is the worst kind of Malware.
Negative Effects The encryption of your personal files.

.Locky Virus Removal

Step 1

Reveal Hidden Files. If you don’t know how to do this, ask us in the comments.

Step 2

Start Button => Search=> Copy/Paste “notepad %windir%/system32/Drivers/etc/hosts” => Enter.

Hosts File

If you notice other IPs different from the localhost IPs – you might be in danger!

Localhost IPs

Ask for additional help in the comments.

Step 3

Right click on the Taskbar => Start Task Manager.

Start Windows Task Manager

Navigate to Processes.

Processes in Task Manager

Locate any suspicious processes associated with XXX. Right click on the process = > Open File Location => End Process = > Delete the directories with the suspicious files.

Step 4

Start Button => Search => Type:

  • %AppData%
  • %LocalAppData%
  • %ProgramData%
  • %WinDir%
  • %Temp%

Type in Search

Hit Enter after each new search. Check each Folder and delete recent entries.

Step 5

Get Your Files Back!

The only way you can do that is by backpedaling to a moment when you were not infected. You can achieve this in one of two ways:

  • System Restore. Start Button => Search field => Type System Restore => Enter.
    Choose a Restore Point.
    Restore Point
    Click Next until the process has been completed.
  • Google and Download a Program called ShadowExplorer. Install and open it => Choose the Drive letter (C:, D:, F:, etc.) and date you want to restore information from => Right click on the files you want restored => Export.

If you run into any trouble – ask us for help in the comments section!

 

SHARE
Previous article.MP3 Ransomware Virus Removal
Next articleHow To Remove New Search 123 Virus
Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com , a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people. In his off time he is an avid book reader, occasional PC gamer and affectionate football spectator. Daniel would hardly begrudge anyone who might call him a computer nerd, yet this might be just the thing one needs in case of a security issue.
  • Deb Parkes

    how do we find the hidden files

  • Hey Jim,

    As we’ve replied to your other comment – we can and will try to help you out. But if you don’t understand any of the instructions then it might be a good idea to think about other solutions. Let us know if you have specific questions though, we will do our best to answer them for you.

  • babs

    how do i find hidden files?

  • tanyagupta

    i have other IP.
    Please help.

  • Andreas Sidabutar

    Hello, admin, my notebook infected by virus ransomware, with ektention .locky, I cant description all file, I use Windows 8 OS, and I have restore / recovery system but file can’t back normal, still encripted

    • Hello Andreas,

      You need to revert to a date before the virus had infiltrated your system. That’s the only known way to get your files back.

  • raj parimanik

    Hi, my laptop is infected by locky virus, i have tried all steps except the system restore, as saying restore not successful. please suggest

    • Hello raj,

      Can you elaborate a bit? What do you mean you have tried all the steps except system restore? The steps leading to system restore are designed to help you clean up your device. The system restore instructions are intended to help you potentially get your files back. Please let us know how we can be of help.