VirLock Ransomware Removal Guide

VirLock Ransomware is a malicious program that was created to extort money from users by convincing them to pay a fine for the US law enforcement agencies. The malware encrypts user’s personal data and displays a notification that is supposed to scare its victims. You can unlock the screen by clicking Alt+Tab, but since the infection blocks some program files, there is not much else you can do. At this point, we would advise users to get rid of the malware with the removal instructions placed below the article. Even if you pay the asked ransom, there are no reassurances that VirLock Ransomware’s creators will provide you with the decryption tools. Thus, users may end up losing not only their data but also some part of their money. To avoid such situations in the future, it would be smart to do regular system backups and use a reliable antimalware tool.

According to our researchers, the malicious program should be spread with infected email attachments. Computers might get infected after launching such a malicious file. Therefore, users should always be extremely careful with the data that is sent by someone they do not know. If you are suspicious of some file sent to you, check it with a trustworthy security tool and only open it if it is not infected.

Often users open malicious data without realizing about possible consequences. Sadly, if you have VirLock Ransomware on the system, the effects might be quite horrible. After the user opens the infection file, the malware settles in the system by creating folders and placing malicious data in them. To make it harder to remove the ransomware, it's created data should be not only hidden but it should also have random names. Besides, you might be unable to open the Start menu, Task Manager, or RUN. That is because the malware creates a couple of value names in the Windows Registry.

Afterward, VirLock Ransomware should encrypt personal user’s data, e.g. photos, documents, videos, and other. The encrypted data should have an additional .exe extension. Renaming the files will not help as the encrypted data simply becomes unusable. What’s more, the malware also locks user’s screen, so instead of the usual Desktop, users should see a notification. It claims that you have “pirated software” and that you have to pay a fine of $250 in three days or else “a warrant will be issued for your arrest.” Also, it says that users should get the tools for the decryption after seven days once they transfer the requested sum in bitcoins.

The personal data on the infected computer might be important to you, but we have to warn users that paying the ransom might not help recover their files. The malware’s creators might not keep up to their promises, so it is better not to risk your savings. Especially, if you have at least some copies of the files that got encrypted. Therefore, we would advise users to erase VirLock Ransomware from the system so that their computer would work normally again. There are two ways you can deal with the ransomware, but firstly you need to restart the computer either in Safe Mode or Safe Mode with Networking. The instructions below will show you how to do it, and you can follow the rest of them if you want to delete the malicious program manually. Another way to get rid of the malware is to download a removal tool after you restart the PC in Safe Mode with Networking.

Restart the system in Safe Mode or Safe Mode with Networking

Windows 8 & Windows 10

1. Restart the computer and press Shift+F8.
2. Wait for the Advanced Boot Options window.
3. Select either Safe Mode or Safe Mode with Networking while using the arrow keys on your keyboard.
4. Press Enter.

Windows XP & Windows Vista/Windows 7

1. Restart the computer, then press and hold the F8 key before Windows loads.
2. Choose Safe Mode or Safe Mode with Networking from the Advanced Boot Options window and press Enter.

Display hidden files and folders

Windows 8 & Windows 10

1. Launch the Explorer (Win+E), select the View tab, and click Options.
2. Click Change folder and search options.
3. Select the View tab, mark Show hidden files, folders and drives and click OK.

Windows 7 & Windows Vista

1. Click on Start, open Control Panel, and choose Appearance and Personalization.
2. Select Folder Options and pick the View tab.
3. Mark Show hidden files, folders and drives and press OK.

Windows XP

1. Open Start, click on Control Panel, then select Appearance and Themes.
2. Pick Folder Options and click the View tab.
3. Select Show hidden files and folders and press OK.

Erase VirLock Ransomware

1. Open the Explorer.
2. Insert the following directory %ALLUSERSPROFILE% and click Enter.
3. Find two folders with a random name (e.g. ypnBcJLm, nrKUryWl) that contain executable files (e.g. pDTsVwww.exe, SEyyyuuv.exe).
4. Right-click these folders and press Delete.
5. Copy and paste given directory %USERPROFILE%
6. Again locate a folder with a random title (e.g. mVIvSpLs) that contains an executable file (e.g. yRvllzzp.exe) and right-click the folder to delete it.
7. Close the Explorer, press Win+R, type regedit and press Enter.
8. Locate this path HKCU\Software\Microsoft\Windows\CurrentVersion\Run
9. Find a value name with a random title; its data should point to “%USERPROFILE%\{random name folder}\{random name file.exe}”
10. Right-click the value name and press Delete.
11. Navigate to this directory HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
12. Again find a value name with a random title that points to “%ALLUSERSPROFILE%\{random name folder}\{random name file.exe}”
13. Right-click the value name and click Delete.
14. Close the Registry Editor and empty your Recycle bin.