InfinityLock Ransomware Removal Guide

InfinityLock Ransomware is one malicious application that you would not want to encounter. It can infect your computer by stealth, and encrypt many of your files. Its creators want you to pay a hefty ransom to get your files decrypted, but you should not take that risk as you might just send the criminals money and will not get anything in return. Therefore, it should be removed. This ransomware uses a junk ransomware code that is known to have been used by several other ransomware families. Nevertheless, it is quite dangerous, and you should protect your PC from malware such as this.

We have found conclusive information that InfinityLock Ransomware masquerades as an Adobe Premier crack. Therefore, it should be featured on some website that hosts pirated software downloads. The countries in which this ransomware is prevalent have not been identified yet, so the particular website(s) used to distribute this ransomware are unknown. The fact that it masquerades as a crack is all the more reason to avoid installing pirated software altogether because there is no telling when a malicious application such as this one might slither into your PC. Now let us take a look at how this ransomware is distributed.

If InfinityLock Ransomware infects your PC, it will start encrypting your files immediately. Our research has shown that it uses the source code of a poorly made ransomware that was previously used by several other ransomware-type infections. Testing has shown that it uses a combination of RSA and AES encryption algorithms to encrypt your files and the encryption key. The decryption key, however, is sent to a remote server and the only way to obtain it is to pay the ransom. The list of places where it encrypts files includes the following:

• %PROGRAMFILES% (nothing was encrypted while testing)
• %PROGRAMFILES(X86)% (nothing was encrypted while testing)
• %COMMONPROGRAMFILES% (nothing was encrypted while testing)
• %COMMONPROGRAMFILES(X86)% (nothing was encrypted while testing)
• %USERPROFILE%\Documents
• %USERPROFILE%\Pictures
• %USERPROFILE%\Videos
• %USERPROFILE%\OneDrive
• %USERPROFILE%\Music
• %USERPROFILE%\Downloads
• %USERPROFILE%\Desktop
• %PUBLIC%

While encrypting your files, InfinityLock Ransomware is set to add a custom file extension “.HWID” to the end of each encrypted file’s name. Once the encryption is complete, it drops a ransom note named InfinityLock_Recover_Instructions.txt and a text file called InfinityLock_UniqeID.txt that features a unique ID that should be different for each user. The cybercriminals want you to pay 0.17 Bitcoins which is an approximate 650 USD.  Clearly, that is a substantial sum of money that might not be worth your files. Allegedly, your files will be decrypted once the payment is received. However, you should not trust cybercriminals to keep their word and get rid of this ransomware instead.

Therefore, it is recommended that you remove InfinityLock Ransomware from your PC entirely. You can use an anti-malware program such as SpyHunter to accomplish this. However, if you know where the executable file of this ransomware is located, you can delete it manually. We have included a removal guide with possible locations where this ransomware might have ended up on your PC. See the guide below for more information.

Manual Removal Guide

1. Hold down Windows+E keys.
2. Enterthe following file paths in the address bar of File Explorer.
   • %USERPROFILE\Desktop
   • %USERPROFILE%\Downloads
   • %WINDIR%\Syswow64
   • %WINDIR%\System32
   • %TEMP%
   • %APPDATA%
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
   • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
   • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
3. Press Enter.
4. Find the executable file, right-click it and click Delete.
5. Empty the Recycle Bin.