Monday, 25 May 2015

Remove Locker virus

Locker virus

Locker virus is a dangerous ransomware that restricts the access to your PC and you will encrypt some important files using RSA-2048 key (AES CBC 256-bit encryption algorithm). It will show a webpage with a warning, or leave us a text file demanding to computer owner to pay a ransom or buy a software decryption using Bitcoins or other system credit OnLine.

How can Locker got on my computer?
You can infect you with Locker by browsing malicious websites or websites that have been infected with virus. A common method used for infection with this ransomware is the drive-by-download, websites modified with malicious scripts that look for vulnerabilities to infect your computer. Another method may be with spam emails with attachments files or links to malicious websites. Also when you use programs P2P (peer to peer) or when you download files to unknown websites. Other virus, or other infections can also download the Trojan.

Locker virus

The Locker ransomware 'hijacks' a variety of files, including images, audios and office documents. Among the affected file formats are included the following extensions: .sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt

The victims of the ransomware who pay the fine and follow the instructions on the message could recover your personal files and remove it, but isn't advisable. The authors of the virus can use your personal information for other malicious things. It's advisable to remove the malware following different procedures of this article.

What should you do once infected by Locker?
In this article I'm not going to help you decrypt the files, this article will clear the infection itself and helps you to recover some valid copy of the encrypted files.
  • Shut down the computer immediately after detecting the infection and isolate it from the network.
  • Follow the steps of this article for to clean the infection and proceed to recover the Volume Shadow Copies.
  • Proceed to the restoration of backups.
  • Try to recover files with forensic tools.
  • Tools from Kaspersky
  • Other tools:

How to remove Locker?
Note: All software used to remove Locker it's totaly free. These steps are tested and should remove this threat in your computer. For successfully remove  the Locker ransomware you must follow all the steps in the order shown.
Very important: If during the process of removing the threat you have any problems, please you must stop.

STAGE 1: Remove Locker ransomware from your computer
STAGE 2: Restore files encrypted by ransomware Locker

STAGE 1: Remove ransomware Locker  from your computer

STEP 1: Remove Locker with MalwareBytes Anti-Malware

One of the best free tools for malware detection that allows us to be protected from possible infection from viruses, worms, trojans, rootkits, dialers, spyware and malware.
  1. You can download Malwarebytes Anti-Malware Free from the Anti-Malware page
  2. Double click on the installer downloaded and then click RunSelect language and click OkMalwarebytes click Next. The installation start and you will see the Malwarebytes Anti-Malware Setup Wizard screen and click Next.
    Install Malwarebytes
  3. Install the program and follow each of the steps without changing any default settings. When installation is complete click Enable free trial of Malwarebytes Anti-Malware Premium and click Launch Malwarebytes Antimalware and then click Finish to exit Setup.
    Finish installation Malwarebytes
  4. When the program starts will perform a check of the database and update it if it's outdated.
    PreScan Malwarebytes
  5. When update is finished click to the button Scan Now for begin to scan your system to detect threats.
    Scan Malwarebytes
  6. Other method to scan threats is click to option Scan and then select the option Threat Scan, finally click the button Start Scan.
    Scan with Malwarebytes
  7. Malwarebytes begin to scan the computer and and you must wait for it to finish. 
    Malwarebytes scanning
  8. When the scan is complete will see the results. For delete the threats click the button Remove Selected.
    Malwarebytes Results scan
  9. This action has put the threats in quarantined.
    Malwarebytes threats in quarantine
  10. If you click to History option you can delete the threats you want.
    Malwarebytes delete threats in quarantine
  11. In my Youtube channel you can watch a video explaining how to use  Malwarebytes Anti-Malware. (Video Malwarebytes ver. 2)
  12. Go back Remove Locker.
STEP 2: Scan your system with HitmanPro looking for other threats

HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.).
  1. You can download HitmanPro from the Anti-Malware page, and save it to your desktop. You must download the version 32 bits or 64 bits depending on the operating system you have.
  2. Double-click the file for to see the home screen and then click Next.
    HitmanPro Home screen
  3. Select the option Yes or No and click Next for install HitmanPro.
    Options to install HitmanPro
  4. HitmanPro begins to scan for to find threats.
    Analisis HitmanPro
  5. When HitmanPro has finished, it will show a list of all infections detected. We will click on the Next button to remove the threats detected.
    HitmanPro Results scan
  6. Finally you can see the summary of results.
    HitmanPro summary results
  7. In my Youtube channel you can watch a video explaining how to use HitmanPro (Video HitmanPro)
  8. Go back Remove Locker.

In some cases you will be able to retrieve previous versions of your encrypted files. This will be done with functions like System Restore or through specific programs like ShadowExplorer.
    1. You must download ShadowExplorer from their official website and then you must install it.
    2. Once installed double click on the desktop icon.
      Acceso directo ShadowExplorer
    3. Once in the program you will see in dropdown combo the different points where your operating system has made copies. You must choose one where the files are correctly.
      Puntos de copias de ShadowExplorer
    4. Look for the files or folders you wish to recover, select them and click with the right button of your mouse and select Export.
      Seleccionar archivo o carpeta a recuperar en ShadowExplorer
    5. You must choose the folder where you want to recover files or folders.
      Carpeta de destino ShadowExplorer
    6. You must repeat the operation as many times as you want to recover all the files or folders that interests you.
    7. Go back Remove Locker.

    All articles and utilities recommended are completely free. If you would like to support with a donation, every amount is appreciated.

    No comments:

    Post a Comment