0

All my files have been encrypted with locky virus: I tried CCleaner, M.S. Forefront, and some other antimalware programs;

Can anyone give me some advice about this virus removal?

Emanuel
  • 57
  • 6
  • 1
    [Is there any way for unencrypt .locky files?](http://superuser.com/q/1062742) – DavidPostill May 03 '16 at 14:56
  • 3
    Possible duplicate of [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](http://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – DavidPostill May 03 '16 at 14:56
  • 2
    You do understand, If you remove the malware from your system, then you won't be able to decrypt your files. – Ramhound May 03 '16 at 15:05
  • There is no unlocker for files encrypted by Locky, either pay the ransom or lose your files. – Moab May 03 '16 at 16:44

2 Answers2

1

If they've really been encrypted, you personally can't do anything to recover the encrypted data.

For the future, make frequent backups, and consider using Linux (or a VM) if you must visit shady websites and/or run unknown software often.

You'reAGitForNotUsingGit
  • 692
  • 4
  • 18
  • And if you don't have any backups, keep the disk but DON'T delete it. Usually after 1-2 years somebody is able to provide a way to decrypt the data. – TJJ May 03 '16 at 15:01
  • The private key, required to decrypt the author's files, isn't stored on the author's system memory. Its stored on the criminal organization's server, only released, if and when payment is recieved or until a gray hacker steals it and publishes it. – Ramhound May 03 '16 at 15:07
  • @Ramhound - Edited accordingly. – You'reAGitForNotUsingGit May 03 '16 at 15:09
-2

It depends on the virus. There are many viruses that just claim something that is not fully true. There are 3 major possibilities:

  • the disk (some files of it) is really encrypted and the key is send to its creators (as it is claimed). In this case the creators will restore your data, when you do what they want. No other options for you.
  • the disk (some files of it) is encrypted, but the key is located on your disk. In this case, there is a possibility to restore your data without the creators, but by specialized software.
  • the disk (some files of it) is encoded, not encrypted. In this case, the data could be restored easier than the other ways. This could be done by specialized software, with lower complexity.

The first option is the most scary but it is the most difficult to implement. Restoring of the data from creators is difficult for them. So this is not the most common option.

A nice plan for you is:

  1. to identify the virus and its strain. If it do not tell you its name, search in google with some exact string message it displays - with quotation marks.
  2. to search google for virus-dependent and strain-dependent solution.
JRr
  • 412
  • 1
  • 6
  • 14
  • How the locky virus works is well known. I don't really see how this answer is applicaible to the author's situation. – Ramhound May 03 '16 at 16:09