How to get rid of Locky Virus
I guess my system has been affected by a locky virus as all of my files have been renamed and locky_recover_instruction.txt’ can be seen in every folder.I search it on the internet but couldn’t find any good solution. Can you please help me delete or fix the Locky virus so that i can completely rid of it.
Locky is the latest virus or ransomware which is delivered by email having an attached Microsoft Word document that contains malicious code. When you click on the attached file the virus install itself on your system.
What it will do to the system?
↣ All file names will be renamed to a combination of numbers and alphabet having .locky file extension.
↣ You will see an encrypted msg that will instruct you to download TOR browser
↣ You will see the hackers link and the Hacker site demands $500 or 1-2 bitcoins.
If you want to remove Locky virus then follow the below mentioned steps -:
Manually Remove Locky Virus
↣ Press ctrl + Shift + ESC>>Select & Open Task Manager
↣ Click on Processes Tab and find the Ransomware Process.
↣ You will find a process SVCHOST.EXE in %temp% folder.
↣ Navigate to %appdata%/roaming folder>>delete the executable file.
↣ Press windows key + R >> Type regedit and go to
↣ HKEY_LOCAL_MACHINE–Software–Locky–id
↣ HKEY_CURRENT_USER–Software–Locky–pubkey
↣ HKEY_CURRENT_USER–Software–Locky–paytext
↣ HKEY_CURRENT_USER–Software–Locky–completed
Locky virus creates a process and description both named ‘svchost.exe’. After the encryption of your files it will delete itself.
Reveal all hidden File and folders
↣ Press windows key + R
↣ Type notepad%windir%system32/Drivers/etc/hosts
↣ This command opens a file but if you are hacked you will see a list of IP’s connected with you.
↣ Go to Seach Bar and type msconfig>>Press enter to open a windows pop-up
↣ Goto Startup>>uncheck unknown entries as manufacturer.
Through System Registry
↣ Press windows key + R>>Type regedit and enter.
↣ Press ctrl + F type virus name
↣ Search for Locky in your registries and delete all the entries
↣ Go to the windows search field and type
%appData%,%localAppData%,%programData%,%winDir%,%Temp%
Delete everything in Temp.Find out these files
↣ %userpProfile%\Desktop\_Locky_recover_instructions.bmp
↣ %userpProfile%\Desktop\_Locky_recover_instructions.txt
↣ temp%\[random].exe
Again type regedit and delete the following registries
↣ hKCU\Software\Locky
↣ hKCU\Software\Locky\id
↣ hKCU\Software\Locky\pubkey
↣ hKCU\Software\Locky\paytext
↣ hKCU\Software\Locky\completed
↣ hKCU\Control Panel\Desktop\Wallpaper