LMAOxUS Ransomware – Remove It and Restore Your Files

LMAOxUS Ransomware – Remove It and Restore Your Files

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article will help you remove LMAOxUS ransomware in full. Follow the ransomware removal instructions at the bottom of the article.

LMAOxUS is a new ransomware cryptovirus. The virus is an EDA2 variant, originally named Stolich or Win32.Stolich. Your files will become encrypted and the LMAOxUS cryptovirus will leave a distinctive message on a web page or as a screenlocker. Proceed to read below and see how you could try to potentially restore some of your data.

Threat Summary

Short DescriptionThe ransomware virus encrypts files on your computer and demands payment for unlocking them.
SymptomsThe ransomware will encrypt your files and after that display a distinctive ransom note message, after the encryption process is finished.
Distribution MethodSpam Emails, Email Attachments, Executables
Detection Tool See If Your System Has Been Affected by LMAOxUS


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss LMAOxUS.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

LMAOxUS Ransomware – Infection

LMAOxUS ransomware could spread its infection via different methods. The payload file that initiates the malicious script for this ransomware, which in turn infects your computer machine, is circling the Internet. A few malware samples have been found by different malware researchers. You can see the VirusTotal detections for security vendors of one sample by checking the snapshot below:

LMAOxUS ransomware could also distribute its payload file on social media sites and networks for file-sharing. Freeware that is found on the Web could be presented as useful but at the same time could hide the malicious script for the cryptovirus. Refrain from opening files just as you have downloaded them, especially if they come from suspicious sources such as links or e-mails. Instead, you should scan them beforehand with a security tool, while also checking the size and signatures of these files for anything that seems out of the ordinary. You should read the ransomware preventing tips thread in the forum.

LMAOxUS Ransomware – Description

LMAOxUS ransomware is also a cryptovirus. It seems to be based on the EDA2 open-source project. The original name is given as Stolich or Win32.Stolich.

LMAOxUS ransomware could make entries in the Windows Registry to achieve persistence, launch or repress processes in Windows. Some entries are designed in a way that will start the virus automatically with each launch of the Windows Operating System, such as the example provided down here:


After the encryption process is finished, the ransom note will be displayed. The note is written in English. Inside, you will find instructions on what to do for file restoration.

A website page alternative can be loaded, as well. That page looks like this:

It reads the following:

If you are a victim, click here

The note is contained in a file with the name LMAO_READ_ME.txt. You can preview the ransom note right down here:

The ransom note reads the following:

You’ve been hit by LMAOxUS
But there’s still hope for you.
Send 0.1 BTC to 1Jek8L6HRj3pNpcAasgoV37eoHqLUMyYjU
Use any payment processor you want. I recommend Coinbase or Blockchain.info. If BTC is too hi-tech for you, send me an email, I’m sure we can work something out.
Once done, send an email to lmaoxus@safe-mail.net with the transaction details.
Listen fam. I don’t care about your data. My goal is not to cause harm or to fuck with people just for the hell of it.
I’m just a broke college student in need of money. I have nothing personal against you. I promise I’ll fix your data once I get payment.
If for whatever reason you’re even more broke than me, well shoot me an email and give me your best sob story. I do have a heart.
Otherwise, you have until the date listed in your notepad until the server automatically deletes your decryption key.
After that date, there’s nothing I can do.
So I wouldn’t waste any more time. :)

The ransom note of the LMAOxUS virus should not be followed. In the note is stated that the only way to revert your files back to normal is if you pay 0.1 Bitcoin, which is equivalent to 115 US dollars at the time of writing this article. That is not true and you should NOT under any circumstances pay these cybercriminals. Your files may not get recovered, and nobody could give you a guarantee for that. Furthermore, giving money to these crooks will likely motivate them to create more ransomware virus or do other criminal activities.

LMAOxUS Ransomware – Encryption Process

A list with file extensions that the LMAOxUS ransomware seeks to encrypt is available. More extensions could be added if somebody who uses the code wishes to add them. The current list with file extensions which will get encrypted is the following:

→.txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd

Every file that gets locked will be encrypted with both RSA and AES algorithms.

The LMAOxUS cryptovirus is possible to erase the Shadow Volume Copies from the Windows operating system by using the following command:

→vssadmin.exe delete shadows /all /Quiet

Keep on reading and see what kinds of ways you can try out to potentially restore some of your file data.

Remove LMAOxUS Ransomware and Restore Your Files

If your computer got infected with the LMAOxUS ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share