StalinLocker Wiper Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 374
Category: Trojans

StalinLocker Wiper, also known as StalinScreamer, is a wiper that appears to have been created for the purpose of destroying all data that is located on the infected operating system. Needless to say, this is one of the worst kinds of malware. Unfortunately, since you are reading this, there is a great chance that you have encountered this malicious infection already. At the time of our research, the infection gave the victim 10 minutes to unlock the screen, which is not a lot of time at all. This might not even be enough to research the infection and figure out that that needs to be done. If your system was corrupted, and you still have time, you should enter “[year.month.day]-1922.12.30” with the current date into the dialog box that is shown on the wiper’s window that must have locked up your screen. While this subtraction did not work for our malware research team, this is the only way to unlock the PC. It is unlikely that will be able to delete StalinLocker Wiper from your vulnerable operating system if you do not unlock first.

Needless to say, the creator of StalinLocker Wiper had to devise a plan on how to infiltrate this malware onto your computer without your notice. It is possible that you were tricked into downloading the .exe file of this data wiper via a misleading spam email, or that it came bundled with potentially unwanted programs or other pieces of malware. Our research ream also warns that unsafe Remote Desktop Connection could be used for that too. Ultimately, if your operating system is protected and you yourself are cautious, StalinLocker Wiper should not stand a chance of slithering in. Once in, it does not take long to introduce itself to the victim. A screen-locking window pops up, and the anthem of USSR is played. The window is launched from the original .exe file, and the anthem is played using a file named “USSR_Anthem.mp3.” The window displays Staling along with this short message.

Победа социализма в нашей стране обеспечена
Фундамент социалистической экономики завершен
"Реальность нашего производственного плана - это миллионы трудящихся творящие новую жизнь."
И. Сталин.

As you can see, there is no real purpose behind StalinLocker Wiper, which truly is quite shocking. Of course, we have to consider the possibility that we have discovered the infection in its early stages and that it will become something more in the future. The message is represented in Russian, which also suggests that the main target behind it is Russian-speaking users; however, we cannot confirm this yet. What we can confirm is that StalinLocker Wiper creates a file named “stalin.exe” in %LOCALAPPDATA% (%USERPROFILE%\Local Settings\Application Data in older Windows systems), which is a copy of the original launcher files. A point of execution in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run – called “Stalin” – is created too. The infection also creates fl.dat to keep track of the time passed, so that data would be wiped as soon as the given time elapsed. In our case, the infection was set to delete files in every drive whose name started with any letter from A to Z after just 10 minutes.

So, can you remove StalinLocker Wiper fast enough? This is the real question. Since the infection disables Task Manager and Windows Explorer, eliminating the threat manually can be challenging. Of course, you can reboot your Windows into Safe Mode to get around that, but, again, you need to be time-conscious. You should really consider using an anti-malware tool to quickly find and delete all malicious infections that are active within your operating system. And how about removing StalinLocker Wiper manually? The steps that you need to follow are available below, and you need to follow them carefully. Remember that if you are not able to unlock the screen and erase the infection timely and successfully, data will be wiped.

N.B. Regarding data wiping: Data wiping is a kind of data removal where files are overwritten. This method is usually employed by persons who want to dispose of unused or old computer, drives, and devices. Software that is capable of wiping data exists, and the same goes for malware. A few other infections that act in a similar way as StalinLocker Wiper include RedBoot Ransomware and Oni Ransomware. As you can guess, these infections require removal too.

How to delete StalinLocker Wiper

  1. Enter [year.month.day]-1922.12.30 (without brackets and with the current date) into the allocated field on the wiper’s window.
  2. If the screen is unlocked, quickly tap Win+E to launch Windows Explorer.
  3. Enter %LOCALAPPDATA% (%USERPROFILE%\Local Settings\Application Data on older systems) into the bar at the top to access the directory.
  4. Right-click and Delete two malware files: stalin.exe and fl.data.
  5. Find and Delete the {original launcher file with unknown name}.exe. If you do not know where the file is, erase all recently downloaded files or use a legitimate malware scanner.
  6. Tap Win+R to launch RUN and then enter regedit.exe to launch RegistryEd itor.
  7. Move to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  8. Right-click and Delete a value named Stalin.
  9. Empty Recycle Bin to complete the process.
  10. Quickly run a full system scan to see if any removal-requiring leftovers exist.
Download Remover for StalinLocker Wiper *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

StalinLocker Wiper Screenshots:

StalinLocker Wiper

Comments are closed.