Mrlocker ransomware is another cyber infection that pretends to be a ransomware. This fake ransomware has two variants which luckily, also does not encrypt any files. The first version of this fake crypto-infection is somewhat called scareware while the other one works as a lock screen virus. Right now, it is not yet confirmed if the Mrlocker ransomware and its variants are capable of deleting files permanently. Even so, you should not take any chances and get rid of this fake ransomware right away.
As soon as it gets in to your computer, it opens a blue window in full screen like the sample below, telling the users that they have to enter a code and that they have to pay $250 in Bitcoins in order to unlock their computer and to decrypt the said encrypted files which aren’t encrypted at all. Besides, unlocking your computer shouldn’t be a problem since all you have to do is enter this code: 6269521 in the blue window.
0
According to our researchers, Mrlocker ransomware was originally created for testing purposes only since at the moment of writing this article, the fake crypto-infection does not contain any information about the payment as well as how to purchase the key to unlock the screen. And the message on the blue window that the fake ransomware displayed does not help much since you’re only told that your computer screen is locked because you’ve downloaded an illegal content which of course is a trick to make you panic.
Moreover, after conducting a series of tests, our research team found out that Mrlocker ransomware kills three system processes, such as the taskmgr, cmd, and regedit to make it difficult for you to remove it.
The developers of Mrlocker ransomware might have used several distribution methods to spread the infection. The infection is carried out through two executable files which are VisualStudioProgramIMade.exe and MrLocker.exe that may have sent to your through spam emails. These malicious executable files can also be obtained through bogus software downloads or software bundles, fake updates and malvertising.
We have prepared a set of instructions below to help you eliminate Mrlocker ransomware, follow them thoroughly.
Step 1(Option1): Type in 6269521 in the unlock box that can be found on the blue window opened by Mrlocker ransomware. Take note if the code does not work, try Step 1 (Option2).
Step 1 (Option 2): Reboot your computer into Safe Mode.
Step 2: Open the Windows Task Manager by pressing Ctrl + Shift + Esc. Go to the Processes tab. Locate suspicious processes that can be related to the Mrlocker ransomware. Right-click on them and select Open File Location then scan them using any up-to-date antivirus. After opening each folder, end the infected processes and delete their folders.
Step 3: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Look for the Mrlocker ransomware or any suspicious program that might be related to it and then click Uninstall.
Step 4: Go to the System Configuration. To do so, click the Windows button and type msconfig in the search box and hit Enter Proceed to Startup and unmark items with an unknown manufacturer.
Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Go to the directories listed below and delete everything in it. Or other directories you might have saved the file related to the Mrlocker ransomware.
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 7: Look for the malicious executable file or any suspicious executable file that could be related to Mrlocker ransomware.
Step 8: Right-click on it and click Delete.
The next step is not recommended for you if you don’t know how to navigate the Registry Editor. Making changes can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that Mrlocker ransomware might have created.
However, if you are well-versed in making registry adjustments, then you can do proceed to step 9.
Step 9: Open your Registry Editor. To do so, tap Windows + R keys and type in regedit in the dialog box and then press Enter. As stated, making changes in your computer’s registry can affect your computer and may cause some damage with one single mistake. To prevent that make sure to make a copy of any registry key by exporting it.
Step 10: Locate the path below and check if there is a new suspicious entry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Step 11: Look for suspicious entry like Mrlocker value and then delete it.
Step 12: Close the Registry Editor.
Step 13: Empty the Recycle Bin.
Step 14: Restart your PC.
Step 15: Perform a full system scan using SpyRemover Pro. To do so, follow the instructions below.
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- Click OK to launch SpyRemover Pro.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.