What is Locky virus

Locky is a malicious virus categorized as ransomware which encrypts your files using a complex RSA-2048 and AES-1024 algorithms. Once they gets into your pc and encrypt your files, they will demand 0.5 BTC (bitcoins) which is equivalent to $267 approximately. This type of malicious virus are very dangerous and they actually blackmail you to pay the ransom amount in order to decrypt all your important files. Here in this guide we will clearly provide manual step-by-step tutorial to remove the locky virus and decrypt the .locky files.

locky-virus-wallpaper

How Locky virus infected your PC

Mostly Lock virus infects the system by spam email attachments like .doc,.xls,.zip,.rar files. They actually pretend to have some important information in their text and ensure that you click and open the attachment. Once you download and open the file, they will start encrypting your important files using their latest techniques. The affected files are changes to an unique 16 dig and letter combination with a file extension .locky. After this,locky virus simply opens the _Locky_recover_instructions.txt file with some instructions and website urls which points to the Locky decrpter page. Once you visit that page, they will ask you to pay the ransom amount.

locky-decrypter-page

How to remove Locky virus manually

We currently don’t recommend to remove the Locky virus manually, for more better solution use automatic Removal Tools.

Select the Safe Mode

To proceed with the manual removal method, you need to terminate the normal mode, and reboot the infected system in the safe mode. This can be done by restarting your computer, and when the system is in restarting process, you have to open the boot options menu with the help of F8 key, and select the safe mode option from the list of different options to boot your computer in the safe mode.

 

Remove the Associated Processes

The next step is, killing of the malicious processes associated with the Locky virus. You can do this by accessing the windows task manager which can be opened by holding the Ctrl+Alt+Delete keys together. Once you are able to see the task manager window, you have to click on the processes tab , and delete following process from the list of running processes:-

  • %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe

 

Locky virus files:

_HELP_instructions.html

%UserpProfile%\Desktop\_Locky_recover_instructions.bmp
%UserpProfile%\Desktop\_Locky_recover_instructions.txt
%Temp%\[random].exe

Remove the Corrupt Registry Entries

You have to delete the malicious registry entries created by this dangerous malware to complete the manual removal process. In order to clean the windows registry from these corrupt entries, you need to access the registry editor with the help of Regedit command which can be executed through the Run option available in the Start menu. Following are the entries that are required to be deleted:-

 

Locky virus registry keys:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Locky virus\DisplayIcon %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe,0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Locky virus
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Locky virus\UninstallString “%AppData%[RANDOM CHARACTERS][RANDOM CHARACTERS].exe” -u
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\[RANDOM CHARACTERS] %AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Locky virus\ShortcutPath “%AppData%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe” -u
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Locky virus\DisplayName Locky virus

 

Additional Locky virus registry keys:

  • HKCU\Software\Locky
  • HKCU\Software\Locky\id
  • HKCU\Software\Locky\pubkey
  • HKCU\Software\Locky\paytext
  • HKCU\Software\Locky\completed 1
  • HKCU\Control Panel\Desktop\Wallpaper “%UserProfile%\Desktop\_Locky_recover_instructions.bmp”

 

How to decrypt and restore .locky files

By Using Windows XP,Vista,7,8 Versions option:

  1. Just Right-click on infected file and choose Properties.
  2. Then Select Previous Versions tab.
  3. Select infected version of the file and click Copy(Ctrl+C).
  4. Then to restore the selected file and just replace the existing file, click on the Restore button.
  5. In case there is no items in the list choose alternative method.

If you are using Dropbox:

  1. Simply Login to the DropBox website and then select the folder that contains encrypted files.
  2. Then Right-click on the encrypted file and choose Previous Versions.
  3. Finally choose the version of the file you want to restore and then click on the Restore button.

 
Disclaimer: Altering your windows registry items and other computer files should only be attempted by knowledgeable computer users. Errors in registry items may lead to some technical problems affecting other aspects of your machine. We advise you to attempt all these manual steps at your own risk, or else it is better use the Automatic removal tool below.

 

Download Locky virus Removal Tool

download-tool

 

 

 

How to remove Locky virus and decrypt .locky files

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>