What is ZeroLocker:
Threat Classification: Ransomware
ZeroLocker is a ransomware trojan, which targets computers running Windows operating system. ZeroLocker was first seen August 2014. The infection might come from various sources – infected files from various P2P networks – torrents or other file sharing applications, email attachments etc. When activated ZeroLocker encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware’s control servers. The malware then displays a ransom message which offers to decrypt the data if a payment is made by a stated deadline, and threatens to delete the private key if the deadline passes. The payment should be made through Bitcoina – untraceable payment method. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware’s operators, for a significantly higher price in Bitcoin. If you pay the initial ransom it will costs you about 300-3500 buks, but for the next 5 days delay – 500 USD and for 10 days 1000 USD.
There are two ways to remove this infection. It is totally up to you to decide which way you want to go:
1. Automatic Removal Method (recommended for regular or novice users) using a Professional Malware Removal Software.
2. Manual Removal (recommended for PC Experts or Enthusiasts).
Automatic ZeroLocker Removal:
We recommend using SpyHunter Malware Security Suite.
You can download and install SpyHunter to detect ZeroLocker and remove it, by clicking the button below. Once installed, SpyHunter will automatically scan and detect all threats present on your system, but in order to use it as a removal tool, you need to purchase a subscription.
SpyHunter will automatically scan and detect all threats present on your system.
Learn more about SpyHunter (EULA). You can find Install Instructions here: (LINK) SpyHunter`s free diagnosis offers free scans and detection. You can remove the detected files, processes and registry entries manually, by yourself, or to purchase the full version to perform an automatic removal and also to receive free professional help with any malware related queries by their technical support department.
Manual ZeroLocker Removal:
!!! Please note: You can remove ZeroLocker manually. However, you should proceed at your own risk. Any of these interventions might render your system inoperable. Therefore this manual removal method is highly recommended for PC Experts or Enthusiasts. For regular users, MalwareKillers.com recommends using SpyHunter or any other reputable security application.
1. Remove ZeroLocker by restoring your system to a previous state.
1. Reboot your computer into Safe Mode with Command Prompt. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard.
***For Windows 8:
If you are using Windows 8, you need to hold the Shift button and tap the F8 key repeatedly, this should boot you into the new advanced “recovery mode”, where you can choose the advanced repair options to show up. On the next screen, you will need to click on the Troubleshoot option, then select Advanced Options and select Windows Startup Settings. Click on the Restart button, and you should now be able to see the Advanced Boot Options screen.
2. Using the arrow keys on your keyboard, select the option “Safe Mode with Command Prompt” and press Enter on your keyboard.
3. When the command prompt loads up, type:
Windows XP: C:\windows\system32\restore\rstrui.exe and press Enter
Windows Vista/7/8: C:\windows\system32\rstrui.exe and press Enter
4. System Restore should initialize, and you will be displayed a list of restore points. Try using a restore point created just before the date and time before the Your-computer-has-been-locked virus has infected your computer.
When System Restore has completed its task, start your computer in Windows normal mode, you would need to perform a scan with anti-spyware software as the infection might still be on the system.
Method 2. Using Shadow Explorer:
You can also use a program called Shadow Explorer to restore entire folders. You can download the program from the following link: http://www.shadowexplorer.com/downloads.html
When you download and run the program, you will see, on the left side, a list with your available drives. Next to it, you will see the dates that a shadow copy was created. You can select the drive and the date that you wish to restore from.
To successfully remove and learn more about the newest ransomware CryptoWall, please read our article HERE.
To successfully remove and learn more about the ransomware CryptoDefense, please read our article HERE.
To successfully remove and learn more about Cryptorbit or HowDecrypt ransomware, please read our article HERE.
To learn how to recover your files encrypted by older ransomware like CryptoDefense, please read our article HERE.
To learn how to recover your files encrypted by older ransomware like Cryptorbit or HowDecrypt, please read our article HERE.
CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ – external link from Bleeping Computer, please read the article HERE.