VirLock virus is ransomware that has been around for a few years. The VirLock virus encrypts specific files that match certain extensions on your computer, changes the file name, adds a new file extension, and demands a ransom to decode the files. Once VirLock ransomware has encrypted the files on your computer it will leave ransom notes in every folder it encrypted files in. The VirLock virus ransom note explains what happened to the files and details how to pay the ransom to decrypt and recover your encrypted files.

virlock virus

The VirLock virus runs and generates a unique public RSA-2048 key and a private RSA key which it claims is used to decrypt personal files and will encrypt personal computer files that match the .xls, .doc, .pdf, .rtf, .psd, .dwg, .cdr, .cd, .mdb, .1cd, .dbf, .sqlite, .jpg, and .zip file extensions.

The VirLock virus takes control of an infected computer system and encrypts personal files. It restricts access to a computer system and will leave a message on the infected computer’s desktop, open a webpage with a message, or leave a text file demanding the computer owner pay a ransom or purchase VirLock decryption software using Bitcoins or other online credit system.

The alert message displayed by VirLock ransomware might say “Your files have been safely encrypted on this PC: photos, videos, documents, etc. Click “Show encrypted files” Button to view a complete list of encrypted files and you can personally verify this.” The message will be delivered in a new window, webpage, or text file.

The VirLock virus is commonly spread through malicious email attachments. The email attachments utilize social engineering to trick unsuspecting victims into downloading and executing the attached file. Once the file is executed the ransomware will slowly follow through with the mission to encrypt your files and scare you into paying a ransom or fine to recover them.

It is not suggested by the professional cyber security community to pay ransomware authors in order to retrieve your files unless you are completely out of options. Instead you can use programs like Shadow Explorer, PhotoRec, or Recuva to restore files.

Aliases: VirLock virus, VirLock ransomware

VirLock virus removal guide

1. Download and Install Recuva by Pirform.

download recuva

2. Run the program and start the Recuva Wizard.

3. Select All Files and click Next.

4. Select a file location. Click I’m not sure to search everywhere on your computer.

5. Click Start.

6. Select All Files with your mouse and click the Recover button. If you cannot restore your files with Recuva we recommend to try using Shadow Explorer to restore your files.

7. Download and Install Malwarebytes Anti-Malware software to detect and remove malicious files from your computer.

download malwarebytes

buy now button

8. Open Malwarebytes and click the Scan Now button – or go to the Scan tab and click the Start Scan button.

9. Once the Malwarebytes scan is complete click the Remove Selected button.

10. To finish the Malwarebytes scan and remove detected threats click the Finish button and restart your computer if promoted to do so.

11. Download and Install HitmanPro by Surfright to perform a second-opinion scan.

download hitmanpro

12. Open HitmanPro and click Next to start scanning your computer. *If you are using the free version you may chose to create a copy or perform a one-time scan.

13. Once the HitmanPro scan is complete click the Next button.

14. To activate the free version of HitmanPro: enter your email address twice and click the Activate button.

15. Click the Reboot button.

16. Download and Install CCleaner by Piriform to cleanup junk files, repair your registry, and manage settings that may have been changed.

download ccleaner

buy now button

17. Open CCleaner and go to the main Cleaner screen. Click the Analyze button. When the process is complete, click the Run Cleaner button on the bottom right of the program interface.

18. Go to Tools > Startup and search for suspicious entries in each tab starting from Windows all the way to Content Menu. If you find anything suspicious click it and click the Delete button to remove it.

19. Go to the Registry window and click the Scan for Issues button. When the scan is complete click the Fix selected issues… button and click Fix All Selected Issues.

VirLock files
!Where_are_my_files!.html
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs
%AppData%\bg.jpeg
%AppData%\files.txt
%AppData%\keys.dat
%UserProfile%\VirLock\[ransomware_exec].exe
VirLock registry entries
HKCU\Software\VirLock\
HKCU\Software\VirLock\AESFORUPRIVATE
HKCU\Software\VirLock\UPRIV
How to stay protected against future infections

The key to staying protected against future infections is to follow common online guidelines and take advantage of reputable Antivirus and Anti-Malware security software with real-time protection.

Real-time security software

Security software like Malwarebytes and Norton Security have real-time features that can block malicious files before they spread across your computer. These programs bundled together can establish a wall between your computer and cyber criminals.

download norton security
Common Online Guidelines

  • Backup your computer and personal files to an external drive or online backup service
  • Create a restore point on your computer in case you need to restore your computer to a date before infection
  • Avoid downloading and installing apps, browser extensions, and programs you are not familiar with
  • Avoid downloading and installing apps, browser extensions, and programs from websites you are not familiar with – some websites use their own download manager to bundle additional programs with the initial download
  • If you plan to download and install freeware, open source software, or shareware make sure to be alert when you install the object and read all the instructions presented by the download manager
  • Avoid torrents and P2P clients
  • Do not open email messages from senders you do not know
Helpful Links

Reader Interactions

Comments

Leave a Reply

Your email address will not be published.