How to remove Lockey virus and restore encrypted files

Lockey ransomware virus

Lockey ransomware already penetrated many laptops in different parts of the world via basic method: false messages with viral attachments. Occasionally hackers use zero-day vulnerabilities to infect the computer, but they are quickly fixed. When infection is done, ransomware scans the hard drive, defines the quantity of folders to be encrypted and their rough price. At the moment, each modern virus can encrypt audio, text, video and image info in all popular formats. Virus corrupts all files, but those that look like business correspondence go first. Virus corrupts only information, and does not touch the software, so that the user can use his PC to pay the ransom. The process is made through famous encryption algorithms, and it is so complex that that decipherment of files with no key is impossible. This is the base for such an incredible effectuality of this kind of viruses in last years: usual PC operator, even having a very good knowledge of the computer, will never be able to decrypt the files, and will be forced to pay the price. The only way to recover files is to find the fraudster's webpage and retrieve the master key. Also there's a chance to obtain the keys through defects in the code of the virus itself.

The page is about Lockey ransomware which gets into customers' machines in all countries of the world, and corrupts their data. Here we've gathered important info on Lockey's essence, and how to eliminate Lockey from your system. Besides, we'll explain how to restore the encrypted files and is it possible.

The knowledge of computers is very substantial in modern world, because it helps you to defend the PC from computer viruses. It's sad to say, but most people see the importance of PC literacy only after ransomware infection. To defend yourself, you should keep in mind these three elementary rules:

    • Be careful with the messages which contain files. If you don't know the person who send an e-mail and it notifies about obtaining any prize, a lost parcel or anything similar, this is most likely a fraud letter. The second most efficient kind of such messages is a forgery for biz correspondence. appeals, Bills for services and products, summaries, lawsuits and suchlike specific information cannot come accidentally, and you, as a minimum, should know the person who sent it. In all other cases it is a fraud.
    • Pay attention to the pop-ups. The simplest method of information recovery is the recovery from Shadow Copies, so scammers have added the elimination of SC into the basic functionality of viruses. The deleting of shadow copies requires administrator rights and user's acceptance. Thus, if you don't confirm alterations from a unknown software at the right time, you will keep the chances to decrypt all lost data for free.
    • Do not disregard the symptoms that your workstation shows. File encrypting is a complex process that consumes a lot of hardware resources. If you observe a sudden drop in computer performance or notice a weird string in the Process Manager, you need to unplug the PC, launch it in safe mode, and search for malware. These measures, if the workstation is really infected, will protect a lot of your data.

Lockey deletion is not solution of the whole issue - it's just a one step on the long road until the total data restoration. If you remove virus, you won't get back the information instantly, it will require multiple measures described in the following paragraph. To get rid of any ransomware, you need to load the PC at safe mode and scan it through antivirus program. We don't suggest trying to delete the virus manually, because it has different protection mechanisms that can interfere you. The very effective ransomware defensive manner is the removal of information on the chance of file restoration or ransomware removal attempt. To avoid this, follow the tips under this paragraph.

Removal instruction

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Antivirus scanner

Why we recommend SpyHunter antimalware

Detects viruses fully: all files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects virus on the computer, you will need to purchase SpyHunter's malware removal tool to delete viruses. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

If you made all steps, mentioned in above paragraph - it's time to decrypt the files. In fact, this is not literally decipherment, since the encryption manners used by scammers are too complicated. There are the some exceptions, but most of the time data restoration needs plenty of time and efforts. If you are very interested in the independent data restore - take a look at our item, which shows all the very efficient ways.

To restore information, follow the article about files decryption.

Add comment

Security code

This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.