Remove Vindows Locker Virus and Restore .vindows Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove Vindows Locker Virus and Restore .vindows Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Vindows Locker and other threats.
Threats such as Vindows Locker may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

stf-vindows-locker-ransomware-virus-ransom-message-note

Vindows Locker is the name for a new ransomware cryptovirus. Malware researcher Jakub Kroustek discovered the virus. The ransom price that it asks for decrypting your files is 350 US dollars. The malware will encrypt your files and place the extension .vindows to each one of them. To see how to remove this ransomware and how you can try to restore your files, carefully read the article to the end.

Threat Summary

NameVindows Locker
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware will encrypt your files and then display a ransom note with instructions for payment.
SymptomsThe ransomware will encrypt your files and put the extension .vindows to every one of them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Vindows Locker

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Vindows Locker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Vindows Locker Virus – Spread

Vindows Locker ransomware can spread its infection in multiple methods. One of the most efficient ways is with sending the payload as an .exe file. That executable file delivers the ransomware, so when loaded the malicious script inside infects your computer machine. You can see the analysis of that executable containing the payload on the VirusTotal website, from the screenshot below:

stf-vindows-locker-ransomware-virus-total-virustotal-detections

Vindows Locker ransomware might be spreading its payload around social media and platforms for file-sharing. The malicious script could be hidden as the setup of applications, which are advertised as legitimate and useful. Refrain from opening files from suspicious sources as links and emails. You should always scan files you download with a security tool and check their size and signature for anything that seems out of place. You should read the tips about ransomware prevention from the corresponding forum topic.

Vindows Locker Virus – Details

Vindows Locker looks like a tech support scam and is one. But more than that – it is also ransomware and a cryptovirus. The malware researcher Jakub Kroustek found it in the wild.

Vindows Locker is named that way and after it encrypts your files, it will put the extension .vindows appended as a secondary extension to every file that’s locked. This ransomware is possible to create entries in the Windows Registry to achieve a greater level of persistence. These registry entries will make this virus start automatically with each boot of the Windows Operating System.

After your files get encrypted, a screen with the ransom message will appear with instructions for payment and the demands of the cybercriminals for unlocking your files. You can see the ransom message from the image below:

stf-vindows-locker-ransomware-virus-ransom-message-note
Image Source: @Jakub Kroustek

The ransom note reads the following:

Vindows Locker
this is not Microsoft vindows support
we have locked your files with the zeus wirus
do one thing and call level 5 microsoft support technician at
1-844-609-3192
you will files back for a one time charge of $349.99

The ransom price that this cryptovirus demands as payment for the decryption of your files is 349.99 US dollars, which is nearly half a Bitcoin. You are lied to that you are infected with the Zeus virus, that you are given a phone to a Microsoft employee. You should NOT consider calling the crooks, nor paying the demanded ransom. This may only result in the cybercriminals making more ransomware with the money. Besides, nobody can guarantee that all of your files will get restored if you pay that sum of money.

The Vindows Locker ransomware encrypts files and appends the .vindows extension to every one of them. The encryption algorithm that is used is not known, but according to some researchers, the code looks similar to that of the HiddenTear open-source project. The list with file extensions which this virus seeks to encrypt is incomplete, but you can see some of the extensions down here:

→.doc, .docx, .jpg, .png, .ppt, .pptx, .txt, .xls, .xlsx

Extensions Source: @Jakub Kroustek

The Vindows Locker cryptovirus is quite likely to erase the Shadow Volume Copies from the Windows operating system by using the command given down here:

→vssadmin.exe delete shadows /all /Quiet

Read further to find out what types of methods you can try to restore at least a part of your data.

Remove Vindows Locker Virus and Restore .vindows Files

If your computer got infected with the Vindows Locker ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by Vindows Locker.

Note! Your computer system may be affected by Vindows Locker and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Vindows Locker.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Vindows Locker follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Vindows Locker files and objects
2. Find files created by Vindows Locker on your PC

IMPORTANT!
Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Vindows Locker

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...