How does a PC infected with crypto Trojan LOCKY

How does a PC infected with crypto Trojan LOCKY

The time when a backup PC with one click. Threats today took shape in increasingly strange.
A day ago, an acquaintance asked me to check a laptop, and give him some advice, why it moves so hard. I looked and I immediately realized that, in addition to 10.000 extensions, "maintenance / cleaning" programs and toolbars, it had all my personal files CRYPTATE.
The main suspect is LOCKY, which is a Crypto Trojan ransomware. LOCKY, arrived in the victim's laptop, through a "specially prepared" attachment, with the extension .doc.
Now the victim is unable to access photos, movies or documents because they are encrypted, and the extension .locky.
To be able to access files that have been encrypted, the victim must pay around 400 euros through the Tor network, in BitcoinFor software that helps to decrypt. Of course, there was no guarantee that it will work decrypting; And even if it will work, why pay, it's not fair.
As you realize how lame is it with cryptarea files; A clinic in the US, has just paid a lot of money pirates computer to decrypt data with patient records, medical records, etc.
How do we avoid ransomware?
1. Do not open email attachments, unless you have contacted the shipper.
2. Do not open spam attachments (you win, click here, greeting cards, etc.)
3. Keep your operating system updated with all patches up to date.
4. Do not use programs that you can not trust (the torrent)
5. Update your antivirus up to date
6. Do not install all bullshit Software.
7. Do not use unless absolutely necessary browser extensions
8. Uninstall applications you do not use them
9. Be careful when installing freeware, it usually comes with "surprises" in the package
10. Back up on external storage, to be disconnected from the PC after backup.
Backup in advance is the best defense against losing files. I recommend you backup a device, then to disconnect it from the PC. I recommend some tutorials backup programs.
LOCKY affects all hard disks, all partitions, all external hard drives, thumb drives all connected and all network storage. In short, LOCKY infects everything he sees.
Cleaners, even if we get rid of the infection itself, it can not decrypt the files.
Crypto type Trojan infections, and similar Locky CryptoLocker, Arrived on Android. Ransomware the Triad affects Android phones 4.4 or older. This ransomware reach the phone via an app.
Antivirus protection:

Video tutorial - What a PC infected with the crypto Trojan LOCKY looks like


Related Tutorials

About Cristian Cismaru

I like everything related to IT&C, I like to share the experience and information I accumulate every day.
Learn as you learn!


  1. Sebastian said
  2. Today, as we watch what we eat, we must be careful exactly what we do on the net.
    The stink is that would do us harm and friends via email, they can pull the trap at one time.

  3. Locky can operate partitions including hidden files currently on the hdd?

  4. If the Nexus are infected with ransomware, can I unlock the firmware reflash-uirea stock?

    • I do not think you can infect Nexus for Google quickly fix bugs.
      Even if you're infected, you can always reinstall using a stock image. The only loss will be pictures, movies and other files. But if you use automatic backup Drive or Dropbox, you're out.

  5. laurentiu said

    Hi Cristi. Please, I want you to help me with a problem or give me some advice. I bought a one plus one phone second hand, but almost new, for about a year. Yesterday it went off easily and simple while I was looking on the net without doing anything to him. He did not want to start 🙁 The phone is as it came from the factory, it is not rooted, I did not install anything on it, it was not hit down or something that could have led to his shutdown. I did not find any similar problems on the net and here in Pitesti at a famous center, they said they do not repair phones in China They did not even know what phone it is, and the top…. .the ones that fix it are some famous Chinese. At the top of the room you can hear a rumble if I tap it lightly with my finger. I could undo it even though I have some emotions. Can you give me some advice please what could I do? Do you know anyone where I can go to Bucharest to fix it? Nobody gets in here in Pitesti 🙁 I greet you and I'm sorry I didn't post about the topic of the tutorial but I always trusted your advice on Thank you. Good evening.

  6. I understand that you are not trying to decrypt that hdd on your laptop? Details, details, details…

  7. use Bitdefender Anti-CryptoWall…'s free. !! that's exactly what he's doing.

  8. Sal.acest virus enters and ios? Thank you.

  9. I happened on this thing today leptop

  10. Does this virus "work" on Ubuntu? 🙂

  11. All my projects to shower)):

  12. I found myself so. I never realized and I reinstalled Windows. after that I saw pictures encrypted in d: \
    if you reinstall Windows I think I had a chance to recover. I'd found something on the internet but I did not have the same user ID in Windows and could not continue. you tried to give you disinfect and restore encrypted files on the preview version?

  13. For Laurentiu, with ONEPLUS One: I suffered something similar, but because I did not install a ROM properly (at the beginning of its use, a year ago). It didn't start at all, it was "dead". I did some digging on the net then and I found the solution: .
    It helped me, and I hope you luck!
    PS sorry for off topic.

    • laurentiu said

      Hello Zuza.Multumesc for raspuns.Ma and I wonder at what could be brick-look? OLX just watching me and suddenly died :(. I have not done anything, it was exactly as it came from the factory absolutely nou.De couple of times I got a notice that you can not update situ ce.Am not given ok I thanked her and replied that I helped to gather data for different bug again without uri.Dar get on any site or be something dubios.Raman surprised that no one in pitesti no jab, it would be encapsulated and a simple search on the net and find out that capped opens quite easy as said, and Cristi a tutorial.Sunt after work and saw a rush of tine.Ramane link sent to study paca but I would not want to do anything stupid .My going to appeal to someone with more experienta.Oricim thank you very much for your answer.

  14. Florin Milovic said

    Hello Cristi,
    I just want to thank you for what you do.
    I wish you good health and many beautiful years.
    Florin Milovic

  15. florin31 said

    I took myself on Android and in that moment I was on my wifi and were connected TV (WebOS), computer, and two android tablets but were not infected, at least I think.

  16. Which is the solution ?

    • I do not believe to be a solution viabilă.Poate Cristi make a tutorial about what encrypting ransomware more detaliu.Acest is very filthy and encrypts very puternic.Nici not know how to come out with it, paying encouraging this type of crime or no guarantee of recovering files.

  17. how did you take it down… at work I hit a crypto but with the termination .org and before it had a meil address a phone number and that's how all the files appeared… crypto pictures jpg png archives pdfs documents office word excel executable the solution was formatting altogether, the virus installs itself infects and deletes itself automatically and you are left with a bug… best your documents on dvd!

  18. I've been there myself one with the extension .org. I searched the net and found an arab how to do it: Kaspersky has a free search tool that makes password and then decrypts the files we have recovered all. But on my Pentium DualCore to 3,2 ran nonstop for joy for 2zile and 13 hours and finally found the password happy. This time I succeeded. Good luck everyone!

  19. FACC as share files in LAN between two laptops connected to a wi-fi router? you can make a tutorial?

  20. so use windows: it's excellent ,, ,,)) I use linux and win 3 4 years I rarely go give him. Therefore all I told myself why not do tutorials linux. and credca not too good at linux. and I know just win and phones. when linux is not good to do. previously he had a linux box were some mooring give tutorials only.

    • It's good but .. Boys linuxu plays a game, also using professional editing web pages made movies, pictures .. You sit on facebook know if it's ok linux.
      Don't say you make servers, vpns, virtual web servers, vlans, mail servers, dns… It's like I don't believe you.
      Facebook and youtube are ok home linux. i think linux lie or ubuntu you have. By no means slackware, fedora, arch…. There can be no question of unix.
      Let me ask iptables rules?

      • Let's start at 360 degrees, put you or hire a professional to put those programs on Linux, Musa give the title to be professional or something or create something from 0 .. The idea is not to take you and me I'll show you a different point of view. Use Windows still does not tell you to pass on linux or windows it's bad but not say what can be done in linux and what not.

        • Romanians in general do not understand one thing and that is: It's not the linux developers are not certain programs and for linux but the developer in question. but if you search the net you will see how Linux and gain ground continuously won and how Microsoft lost. I said that I win and only when it is a must and that's when I found the game to desktop or alternative to certain programs. and why linux? for it does not have errors like viruses do not win is more secure're not spies. I said put that dual boot to desktop or playing games I know what programs you who do not attend or are not alternatives on Linux. and respond and using rosa use linux which is drawn from the current Mandriva fostu mageia. and I used and I used fedora arch arch but I do not like and fedora for it is not so stable. Since I started with ubuntu linux I started but then do not install the graphics interafa was more complicated. but nowadays anyone can install linux without problems interafa I mean those with graphics such as Ubuntu, Linux Mint, openSUSE Linux rosa and others. and do not forget that 98% of servers are linux and unix and 1 1%% others. and yes not to say that Linux is gree and that since it was invented heat and then read the debian lultat for freedom and for free. dindebiane and readheat descended all linuxurile. Now I do not force anyone unless you use you be exempt from viruses and other nonsense. It depends on you what you want

        • Linux is very good now because it is not as popular as Windows, I mean in terms of virus. But as using increasingly more people you'll get linux as easy and secure linux .. because those who handle infected computers are weak point with Linux

          • It does not have weaknesses. android phones that look all too can run Linux viruses is not correct. and a simple unistall the application in question and remove the virus. While the win in vain delete virus application that stay with the virus. and I repeat can not really run on Linux viruses even those for Linux. and argue with Linux is popular but not as a win for that linux is not doing paid advertisements as a win. May you read the documentation and forums. LINUX and WINDOWS IS NOT can not be compared with him

  21. Hi, Where can I get the virus? I want to get infected for a test ..

  22. LucianGL said

    Hi, I want to say that Cristi has exaggerated a bit and the situation is not so bad. The window is very well protected and cannot be 100% infected if you in turn know how to protect yourself. One of the simplest solutions is Sandboxie which works perfectly and GUARANTEED 100% YOU CANNOT BE INFECTED. Another solution is Deep Freeze which again eliminates 100% any software threat; and last but not least one of the simplest solutions is running a windows in the virtual car which again guaranteed 100% no It can infect you. Linked to bitdefender as an antivirus, I had to manually delete a .dll file that was working in a laptop and the "famous" antivirus did not see it, even if it runs every 2 seconds. The best ANTIVIRUS are the ones presented above. However, I also recommend the connection through Adguard + Malwarebytes Anti-Malware premium that filters ads and harmful sites quite well but at a maximum accuracy of 99%

  23. @ Tux

    Do not confuse with Android's desktop operating system, children play games, men with women, and there are professional programs.

    The problem is the mentality user.

  24. Hello.
    Only once I managed to decrypt files virus from someone above.
    The solution approached me was:
    1. I used the Windows restore points. The more points the better restoration. That depends on how it is configured your computer.
    2. With the utility "Shadow Explorer" (can be downloaded from the Internet) I navigated through the restore points of windows until I found the day when those files were not encrypted. Strange was the fact that the uninfected files were not in the older restore points, but somewhere in between the newer restore points and the older restore points. I was present when a customer who came to our service paid around 800-900 RON to receive the file decryption code, but it took a toll.

    • Cristi Hello!
      Please help me with an answer ... I'm stuck with an unknown address wallet when I want to transfer from scrypt Satoshi cc in my wallet .... just do not let me change the address that appears there ..sigur know what I mean ..
      It may have been blocked by someone with crypto Trojan locky that ..?

  25. Cristi Hello!
    Please help me with an answer ... I'm stuck with an unknown address wallet when I want to transfer from scrypt Satoshi cc in my wallet .... just do not let me change the address that appears there ..sigur know what I mean ..
    It may have been blocked by someone with crypto Trojan locky that ..?

  26. Yes, I've been there I suck but I noticed something very interesting, tip.rar picture archives and documents were not infected nor gen.iso image films, otherwise I lost everything, I was only photos from the archives and the email that I sent to someone else, these mails sent reistalare windows and good antivirus (crypted pictures I put DVDs can who knows them can recover once)

  27. It can be used in this case system restore?

  28. Hi Cristi, I found that my files are also encrypted because I have the id extension…[email protected]
    What should I do thank you!

  29. I was encrypted with the extension .CERBER what to do as decrypt files?

  30. Hello Christ. Please can you help me…. I have an Asus F550C laptop… .CPU intel core i3 -3217U, 1,8 ghz… ..etc. I want to tell you what the problem was this morning when I opened it… the screen brightness is very low, the aero theme on the bar has disappeared… it just seems to be the xp theme… I have no connection on the net… neither directly nor via wifi, and the sound doesn't work anymore… and when I right click on my computer, it writes to my processor… unavailable, memory, unavailable…. 32-bit system type, .. computer description… unavailable, group work… unavailable..what do you think would be the you want a virus ?, did my processor break down ?, to start re-installing wind. ?… My laptop opens normally… the pictures look normal, the word opens normally..the movie program works..but without tone, what do you advise me… thank you in advance and have a good day

  31. thanks… .I re-installed wind. now on 64 bits cred., I think the problem was from some time…

  32. Andrew C said

    Good evening !
    And I post a question here, and I think I got a virus:
    Google chrome and internet explorer but can not use google:
    may enter any site they want but when I write a post from chrome or you write and I enter instead of google I get a page that says "there is a problem with this website's security certificate" and writes something else. I can give you a print screen if needed. Is there anything from bit defender ??? (antivirus is licensed, purchased).
    It's the first time it happens to me. I uninstalled chrome, I installed it back but the problem has not gone away! I scanned the whole computer and say that I have not viruses. I do not know what to do ! The only solution is to reinstall Windows ??
    Thank you !

  33. On Windows XP go to recover files (or some of them) with Recuva. I recalled about 70% of the data with him.

  34. Cristi said

    With Acronis to backup your Windows or other software and use as many antivirusuri deep freeze for free.
    more safety

  35. adrian said

    I got a new virus at work crypto org 😀 luckily I had a backup on the second partition that it didn't encrypt otherwise it crashed windows xp… anyway it doesn't matter windows like on 7 I saw a colleague the same knock out ! Some people say that they didn't suffer from such a thing on linux hmmm android is pure linux… it can definitely be installed on linux too!
    I change the extension to archives that do not recognize them from what I understand virus is guided by extension it has in the database!
    Curious was that I had in ISO format as not encrypted and no extension exe programs!

  36. adrian said BitDefender anti ransomware see here that's not his job as the place !!!

  37. I saw how in a tutorial someone consciously infected some locky files in the virtual machine. Some of those files had the "read only" option checked. Namely, those files were not touched at all. The method of preventing encryption at that time, I do not know what stage of development the trojan is now.
    Users are to blame for finding themselves in such situations - because they are flickering. They can save their data on optical discs, HDD or online - with synchronization at one week. They can also install an antivirus: 360 security - e free + is in a way a "combination" between bitdefender and avira - in some performance tests and not only behaves like a premium antivirus. There are a million protection methods, all you need is just to be able to read. in the most trivial case. Or to install a linux distributor on PC with windows, the last one to enter only when he has to play something, or when he needs a software that is not on linux. is to buy a macbook / imac, or to install a bone x on your own pc (I do not say how). I end with the phrase that windows is the worst operating system, but so far something better not them.

  38. iacob eusebiu said

    I bought a friend shared a portatil Aspire V5-591G V5-591G-77HB. Reference number NX.G66EB.011. Can you tell me please an opinion about it, if it's worth the money given him. 800 euros.

Speak Your Mind