Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel Ransomware Ransomware also known by its alias as FenixLocker Ransomware is a ransomware-type program, so you ought to remove it as soon as possible. However, if you do not have an antimalware tool, then this program can easily enter it and encrypt your most cherished and valuable files and then offer you to purchase a decryptor for getting them back. In short, it is a scam program whose objective is to export money from you but be warned that you might not get the promised decryptor once you have paid. Nevertheless, you may be able to decrypt them with a free decryption program developed by cyber security researchers, but you must first delete this ransomware to do that.

It seems that Ransomware is similar to the likes of, Ransomware, and Ransomware due the chosen name and the fact that it encrypts files with the AES encryption algorithm just like the above-mentioned ransomware. As far as its dissemination channels are concerned, we have found that this application is distributed through email spam disguised as legitimate emails. The emails have zipped malicious file attachments that are set to drop this ransomware’s main executable on your computer once it has been opened. The malicious emails are known to masquerade as invoices, receipts, and tax return forms, so if you receive such an email, then be sure to validate its legitimacy.

Furthermore, we have got information claiming that Ransomware is also being distributed using exploit kits. These exploit kits can be found on compromised and infected websites. An infected website can redirect you to another infected website that hosts the exploit kit. This is called a drive-by attack. The exploit kit then proceeds to scan your browser for security holes and is likely to target the Java plug-in and secretly drop its payload.

Once on your computer, this ransomware will spring into action immediately and scan it for files of interest. To our knowledge, this ransomware is configured to encrypt most file types, and our tests have shown that this is true. For example, it will encrypt targeted file formats, such as .doc, .xls, .ppt, .jpg, .exe, .png, .csv, .sql, and .mdb and replace the file extensions with its custom extension!!. However, there are some file types that it will skip, namely .exe files or executables, so standalone applications that do not require additional files can still run. According to our research, Ransomware uses the AES encryption algorithm, so decrypting the files may prove to be a challenge. We do not recommend that you contact this ransomware’s developer via the supplied email address and pay the ransom for the decryptor to get them back. Also, the price for the decryptor may be too high, so it may prove uneconomical to get it in the first place.

Once the encryption is complete, this ransomware will generate a text file that can be called either Help to decrypt.txt or CryptoLocker.txt and drop it on the desktop. The text inside this file reads “All of your files are encrypted, to decrypt them write me to email :” and it also features a unique key which is probably used to assign the decryption key, so the criminal may ask you to send it via email as it is not uploaded to the C2 server but stored locally. This program has no autorun, so it will not start each time you power on your computer. Therefore, no new files will be encrypted, and you can look for ways to delete it.

Since Ransomware’s executable is set to be named randomly and it can be placed in almost any hidden folder on your PC, but we suggest checking a list of directories if you want to remove it manually. However, if that does not work, then we recommend using SpyHunter, an anti-malware application that is more than capable of dealing with this infection.

Delete Ransomware manually

  1. Hold down Windows+E keys.
  2. Enter the following file paths in the address of File Explorer.
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
    • %WINDIR%\Syswow64
    • %WINDIR%\System32
    • %TEMP%
    • %APPDATA%
    • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
    • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
    • %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\Startup
  3. Find the executable file, right-click it and click Delete.
  4. Go to the desktop and delete Help to decrypt.txt/CryptoLocker.txt
  5. Empty the Recycle Bin.
Download Spyware Removal Tool to Remove* Ransomware
  • Quick & tested solution for Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.