SurveyLocker Virus – Remove and Unlock Your PC - How to, Technology and PC Security Forum |

SurveyLocker Virus – Remove and Unlock Your PC

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

computer-virus-stforumA very intriguing ransomware virus been detected by malware researchers. The malware is carrying the name SurveyLocker and has been detected recently in the wild. This interesting idea of locking the screen of the victim PC and asking for the victim to complete a survey is an emerging pattern and is seen in several other viruses as well. Researchers feel convinced that SurveyLocker aims to display the opportunity for victims to fill out a survey which will most likely generate revenue for the cyber-criminals. Users who have become victim of this ransomware virus are advised to read this article thoroughly in order to understand more about SurveyLocker, remove it and hopefully restore your computer back to it’s last known good configuration.

Threat Summary



TypeLockscreen Ransomware
Short DescriptionThe virus heavily modifies the registry entries of the victim computer allowing it to administratively lock the screen. Unlockable.
SymptomsIf you are infected with SurveyLocker you may see a prompt asking you to choose which survey you want to complete in order to get access back to your computer. Getting access back after completing the survey is not guaranteed.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by SurveyLocker


Malware Removal Tool

User ExperienceJoin our forum to Discuss SurveyLocker Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How SurveyLocker Infects Computers

SurveyLocker is a lockscreen type of virus, but when it comes to the infection of the unsuspecting users, similar methods to most distribution of Trojans and other malware are being used. This means that there are most likely two causes of infection related to the SurveyLocker threat:

  • Attachments and files of malicious character.
  • Web links posted on different websites that redirect to malicious hosts.

These two types of distribution methods may exist in different forms. One of those forms is to spread attachments via e-mail spam. This form is the most common when it comes to lockscreen ransom viruses. It is not clear whether this is the case but it is most likely done via distribution malware, such as Trojans, exploit kits and malicious scripts in macros or JavaScript attacks. The other potential scenario is to cause an infection by posting what seems to be a clean* URL but causes a redirect after some time to the malicious host after which the infection is performed.

These type of attacks may result in the successful download of the payload of SurveyLocker which results in a successful infection:


A malware obfuscator may be used for the download of this payload. It usually assists for the obfuscation of the virus from any security software on the user’s computer.

SurveyLocker Ransomware’s Post-Infection Activity

After already having infecting the victim PC, SurveyLocker ransomware may modify some settings affecting the Windows Lock Screen and Windows Screen Saver. This may happen via tinkering with the following subkeys in the Windows Registry Editor:

→ HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut
HKEY_CURRENT_USER\Control Panel\Desktop\
HKEY_LOCAL_ MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

After this has been done, the malware may forcibly restart the computer of the victim under some fake error message pretext or without any notification at all.

After SurveyLocker performs this, the user sees the following screen:

survey-locker-ransomware-display-lockscreen-sensorstechforumImage Source: Karsten Hahn / @struppigel (Twitter)

Users are left with nothing but to wonder how to fix their screens and to try and complete surveys, but fortunately researchers have found an unlock code quickly after the malware was released.

Unlock Your Computer and Remove Survey Locker Permanently

In order to fully erase this virus without further complicating the situation, we have presented what you should do methodologically.

The first step is to enter a password on the unlock screen. The password, which the cyber-criminal left in the source code of the virus is the following:

hurr durr

After having entered this password, your screen will unlock. The only action left to do is to take the safest measure and immediately backup your files while offline. After having done this, we urge you to follow the removal instructions below in order to fully remove Survey Locker ransomware from your computer. In case you are having difficulties or are unsure that you will remove all objects associated with Survey Locker, go ahead and install an anti-malware program which will delete every malicious object automatically, experts advise.

Also, on a side note, we strongly advise you to learn how to protect yourself from such malware in the future and how to store your files safely as well.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share