Am I victim or RANSOM_LOCKY.PUY ?

“Ransom_Locky.puy” is part of ransomware group like other viruses . This type of virus lock files on your computer , changes windows registers and downloads other malicious programs . Does your files have “.locky” extensions ? – If they have , your computer is in trouble. “Ransom_Locky.puy” like “TeslaCrypt viruses” is hazardous for your files and system . Locky virus crypts your files with AES-128 cryption. If you love to know something more about this type of encryption  – AES encryption . Your desktop image might be changed, or unknown files will appear in your desktop. Infection with this virus creates files on your desktop – text and image files . Filenames may content phrases like “Help instructions , decrypt instructions or etc” .

How RANSOM_LOCK.PUY operates on our system ?

When installed the virus injects into core files of your operational system . If you use Windows operational system ( Windows 2000 , Windows XP , Windows Vista , Windows 7 , Windows 8 or Windows Server ), there is a risk to collide with this awful virus . The virus creates registry entries which modify your Windows startup settings . The registry line looks like that :

lockyreg

This is a registry line (in blue) enables the automated execution of this virus every time you startup your Windows . If you know how to operate with Windows registry – delete these registry entries. If you are newbie to Windows registry we will give you easy steps to follow and delete the virus entries :

For Windows 10 users :

Windows registry

 

For Windows XP , Vista , 7 , 8 users you can use the combination of Windows button + R key . It will open little box in down-left side of your desktop and there you must write regedit and tap enter .

After that you have to locate virus registry in reigistry folders : HKEY_CURRENT_USER -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Run .

Delete the string by selecting it and press delete , then you can exit Registry editor .

Note: Removing RANSOM_LOCKY.PUY manually could be very risky and unpredictable!

The RANSOM_LOCKY.PUY may create files on your desktop , you have to erase them . Some of them may be image files containing frightening messages to make you pay the ransom for your files. remove locky

Do not afraid of those message and don’t open any of this sites or download applications . And don’t even try to thing to pay something for getting back your files . In next lines we will give you steps to try to restore your files , before that we want to share with you some useful tips for safe internet browsing :

  • Do not trust and do not follow any advertisement links or sites.
  • Do not download anything from untrusted internet places.
  • Watch carefully when you install some product . Pay attention to installing process . If you have advanced options , always use it to prevent installation of programs which may cause serious damage to your information or system.
  • Always make backup of your important data and use up-to-date antivirus software.
  • Do not open files attached to your e-mails.

How to recover files infected by RANSOM_LOCKY.PUY

You can try to use Windows function to recover your system from early date (it is not 100% that this method may return your files) . Here are the steps how to do that :

Open Control Panel by clicking the Start button, and then clicking Control Panel. You should get this window opened.

windows-7-control-panel-screen

After that click on “System and Security” , click on “Backup and Restore”

SS_BaR

And this Window will appear :

BaS

If you do not have the backup copies of your Windows , you have to download program which can return previous versions of your file . One program we have experience with is Recuva . This program is freeware , so you can download it and scan your disks. This may take a long time but it’s worth it . After the long scan a list of files will appear on your screen , select this files which you find most important , or recover all of them if you have enough system space , then clean whatever you do not need .

Go here to find out how to recover deleted files.

Manual steps to remove ransomware or malware. How to prevent ransomware or malware.

For now, removing ransomware or malware manually will only be able for IT specialists. If you don't know one don't worry. We have a solution for you. Over here we will use Spyhunter to remove the virus. The Spyhunter anti-malware is a collection of programs that can be used to scan for malware and clean infected computers. You can also use full anti-malware program in this case which is the better option because it also offers protection.

How to remove "ransomware or malware"

NOTE: In this option the virus will be removed but the files will remain locked! You have to decrypt your files.
  1. Download Spyhunter anti-malware.
  1. 2.  After program has been downloaded, double-click to open it. User will have to install the program. Click on Spyhunter.exe to start the process.
User Account Control dialog may appear, asking you to allow the following program to make changes to this computer. Click "Yes" or "Run" to proceed with the installation. User can also choose variety of languages. Click Ok and the installation will begin with a welcome massage for Spyhunter. Click Next to continue to the next step. User will also have to accept Spyhunter license agreement by clicking on "I accept the agreement" and click Next. Spyhunter will ask user to read important information provided before continuing. Once done click on next to go to the next step. User can choose where to install the program. By default - C:Program FilesEnigma Software GroupSpyHunter. The process will continue and then Spyhunter will install. The installation process may take awhile, depending on a computer system performance. Once the installation is done, click Finish.
  1. 3. Update the software before scanning. Once program has been updated go to scan. You can choose from a free trial version or activate license. It is recommended to buy full version as the trial will not protect computer system.
  1. 4. The scan process will begin. The scan process may take awhile, depending on a computer system performance.
  1. 5. Once the scan is complete you can choose between delete or quarantine the viruses. The quarantine option is recommended and since the malware is active a reboot will be required to finish process.

Click here for guide of how to uninstall spyhunter.

Decrypt ransomware files.

Good news is that we can now use decryption programs. A lot of security companies like Kasperky lab, bitdefender and more has developed a program that is fully capable of decryption key for ransomware malware. You can find this programs anywhere on the internet but it is strongly suggested to download this programs from official websites. NOTE: It may take a long time for your files to be decrypted depending on your PC performance.