Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

How to decrypt the files/documents that are encrypted by locky virus/spyware?

user-image
Question added by Aadil Dedmari , IT Administrator & Programmer , Saudi Rubber Products Co.
Date Posted: 2016/03/20
Muhammad adnan Qumar
by Muhammad adnan Qumar , IT engineer , Synopsis Solutions Ltd

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the Ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.
  • Navigate to your %appdata%/roaming folder and delete the executable.
  • Then open your Windows Registry Editor and navigate to

HKEY_LOCAL_MACHINE\\Software\\Locky\\id HKEY_CURRENT_USER\\Software\\Locky\\pubkey HKEY_CURRENT_USER\\Software\\Locky\\paytext HKEY_CURRENT_USER\\Software\\Locky\\completed

The virus temporary creates an “svchost.exe” process with the Description “svchost.exe”. When the encryption of your files finishes it deletes itself from the system.

Remove CryptoLocker virus with Malwarebytes Anti-Malware Free

Emad Mohammed said abdalla
by Emad Mohammed said abdalla , ERP & IT Software, operation general manager . , AL DOHA Company

i fully agree with the answers been added by experts..........thanks.

zakarya manchar
by zakarya manchar , maintenance technician , المجمع الصناعي لاسمنت الجزائر

Take the drive to a data recovery specialist who should be able to use a hardware solution such as (Salvation Data) to remove the password or in the least be able to perform an extensive/intensive forward/reverse scan of your drive to recover the data.

Nikhil Agrawal
by Nikhil Agrawal , Information Security Engineer , NT Global Solutions

Malwarebytes and HitmanPro can detect and remove this infection, but these programs cannot recover your encrypted files due to the nature of asymmetric encryption, which requires a private key to decrypt files encrypted with the public key.

Ahmed Mohamed Ayesh Sarkhi
by Ahmed Mohamed Ayesh Sarkhi , Shared Services Supervisor , Saudi Musheera Co. Ltd.

agree with answer given by mr. Muhammad adnan Qumar 

 

More Questions Like This