.LOL Files Virus - Remove Ransomware and Restore Files

.LOL Files Virus – Remove Ransomware and Restore Files

This article has been created in order to help you by showing how to remove the .lol ransomware virus from your computer and how to restore .lol encrypted files without having to pay ransom.

New ransomware virus, using the .lol file extension has been detected to roam around the web, infecting users left and right. The malware aims to encrypt the files on the computers infected by it and sets the .lol file extension as a default suffix to the files encrypted by it. In addition to this a message appears on the computers of victims, beginning with “!!!!! Your personal files are now encrypted !!!!!”. In the event that your computer has been infected with the .lol files virus, we recommend that you read the following article to learn how to remove this ransomware and how to restore files that have been encrypted with the .lol extension without having to pay the ransom.

Threat Summary

Name.lol Files Virus
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on your computer and then asks for $700 dollars as a payoff for their decryption.
SymptomsAdds the .lol file extension to the encrypted files and an info.txt ransom note to the encrypted files.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .lol Files Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .lol Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.lol Files Virus – Distribution

In order to be widely spread, the .lol files ransomware uses multiple different techniques, the main of which is via e-mail spam messages, like the example below displays.

Such messages often contain different types of files embedded in them, like:

  • Malicious executables, disguised as documents.
  • Microsoft word documents (.docm) with malicious macros embedded within them.
  • Adobe .PDF files that lead to the download of the above mention macros documents.
  • Malicious JavaScript (.js) or flash (.wsf, etc.) files that are compresses within .ZIP or .RAR archives.

In addition to via e-mail, the malicious files may also be uploaded online as fake key generators, license activators and other types of files. One infection file, which is associated with the .lol files ransomware has been reported by malware researchers to be the following:

What is interesting is that it may be the same keygen.exe file that is used to infect users with the extremely similar .fake files virus variant:

.lol Files Virus – More Information

After infection, the payload of .lol files ransomware is dropped in one of the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

As soon as this is done, the ransomware virus may modify the Windows Registry editor, more specifically attack the following Windows Registry sub-keys by adding values with data in them to make sure it’s malicious executable runs automatically on system boot:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In addition to this, the malware may also modify the Windows backups and recovery settings, more specifically delete your volume shadow copies via running the following WCP commands as an administrator:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

After doing so, the .lol files virus may begin the file encryption operation, resulting in the following ransom note to appear afterwards:

Text from image:

If you see this message it means you have 24 hours to send 0.1 BTC to the following address or your files will be encrypted forever

All files with the following extensions have been encrypted: .jpg .png .gif .tif. .avi .mp4 .xls .xlsx .doc .docx .pptx .pdf .txt .csv
Status:
Loading:
Time Remaining:

.lol Files Virus – Encryption

For encryption, the .lol ransomware virus targets the following file types on your computer system:

→ .jpg .png .gif .tif. .avi .mp4 .xls .xlsx .doc .docx .pptx .pdf .txt .csv

The virus is very careful not to encrypt files that are important for the functioning of Windows, so that you can still use your computer to pay the ransom.

After the encryption has completed, the files no longer look the same:

Futhermore, a unique key is generated which is the only direct method to recover the encrypted files and this key is available only to the crooks, but trusting them with your payment is strongly inadvisable.

Remove .lol Files Ransomware and Restore Encrypted Data

In order to remove this ransomware infections, we recommend following our removal instructions down below. They are specifically designed to help you delete all the related files plus other objects to .lol files virus either manually and automatically. Researchers recommend using the automatic approach for removal and downloading a removal tool for the .lol files virus which will scan for and delete all the objects professionally and secure your computer against future ransomware infections, without you having to reinstall your Windows OS.

If you want to recover files that have been encrypted by the .lol ransomware threat, recommendations are to try and use the file recovery methods below in step “2. Restore files, encrypted by .lol Ransomware”.

Manually delete .lol Files Virus from your computer

Note! Substantial notification about the .lol Files Virus threat: Manual removal of .lol Files Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove .lol Files Virus files and objects
2.Find malicious files created by .lol Files Virus on your PC

Automatically remove .lol Files Virus by downloading an advanced anti-malware program

1. Remove .lol Files Virus with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by .lol Files Virus
Optional: Using Alternative Anti-Malware Tools

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.