Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

ShellLocker Ransomware

Specialists at have recently detected a new ransomware infection ShellLocker Ransomware. It has been released recently, but it could have already infected a number of computers. If you ever find this infection on your PC too, you need to delete it as soon as possible. This has to be done without further consideration because this infection will not allow you to access Desktop, i.e. it blocks it, which means that you could not use your PC freely. On top of that, it might strike again and thus encrypt your data one more time. Yes, ransomware infections are threats that lock files the moment they enter computers. They all do that so that they could then demand a ransom. Do not transfer money to cyber criminals because supporting those crooks means that they will never stop developing malicious applications locking files. Also, there are no guarantees that they will send you the key to unlock those personal files after you make a payment. Therefore, it would be best that you recover your files using alternative methods, for example, you can easily recover these files if you have their copies. If a backup of the most important files does not exist, you should try to use free data recovery software. ShellLocker Ransomware does not delete shadow copies of files, so it might be possible to recover them without the key cyber criminals claim to have.

Once the malicious file is executed and ShellLocker Ransomware is inside the computer, it immediately places its executable file svchost.exe to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup. Then, it scans the system to locate users’ files and, finally, encrypts them all. These files it touches all have a new filename extension .L0cked, so it will not take long to realize that almost all files have been locked by this ransomware infection. The ransom note covering Desktop informs users what has happened to their files: “All your photos, videos, music’s are encrypted.” According to the message left by the ransomware infection, the only way to unlock those files is to transfer a ransom of 100 USD to the provided Bitcoin address. Users are given only 48 hours to do that so that they would not think much and transfer the required amount of money. As has probably become clear after reading the first paragraph, specialists at are strictly against payments to cyber criminals even if this means that files will be lost permanently.

According to researchers, it might be very true that ShellLocker Ransomware is associated with Exotic Ransomware, which was quite prevalent some time ago. If it is true, it is not surprising that ShellLocker Ransomware is distributed as an attachment in spam emails too. It has been observed that many people open these attachments themselves because they think that they have received an important document. Other malicious applications are disseminated through legitimate-looking spam emails too, so you might infect your system again if you do not stop opening spam emails you receive. To be frank, it is not always enough to ignore the spam mail folder because ransomware infections and other malicious applications might be very sneaky sometimes and thus find alternative ways to enter computers. Do not worry; security specialists have another piece of advice for you. They say that users who wish to prevent malicious software from entering their computers should install a reputable security application on their computers as well.

Ransomware infections are quite hard to erase, so do not expect that it will be very easy to delete ShellLocker Ransomware from the system, especially when it blocks system utilities, including the Task Manager. Blocking important system utilities means that users will have to boot into Safe Mode with Networking first and only then delete ShellLocker Ransomware from the system. Since so many users find it hard to get rid of ransomware, specialists at have prepared the manual removal instructions for them. Feel free to use this guide or go to eliminate the ransomware infection automatically with SpyHunter after starting Windows in Safe Mode with Networking. This malware remover is highly recommended by our experienced specialists because it will remove all other infections (e.g. adware, hijackers, potentially unwanted programs, etc.) it manages to detect on your computer at the same time too. In other words, it will clean junk you may not even know you have.

Delete ShellLocker Ransomware manually

Start your Windows OS in Safe Mode with Networking

Windows 7/Vista/XP

  1. Restart your computer.
  2. Start tapping F8 on your keyboard in 1-second intervals.
  3. Select Safe Mode with Networking using arrow keys from the menu.
  4. Press Enter.

Windows 8/8.1/10

  1. Reboot your system.
  2. Press and hold the Shift key while clicking Power at the login screen.
  3. Click Restart.
  4. Select Troubleshoot and then click Advanced options.
  5. Click Startup Settings.
  6. Click Restart.
  7. Press F5 or the number 5 on your keyboard.

Delete malware

  1. Boot into Safe Mode with Networking.
  2. Press Ctrl+Shift+Esc simultaneously.
  3. Open the Processes tab.
  4. Locate the process svchost.exe and kill it.
  5. Close the Task Manager.
  6. Open Explorer (Win+E).
  7. Open %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup (copy and paste the directory in the URL bar).
  8. Locate the svchost.exe file and delete it.
  9. Find and remove the file opened recently (the malicious file).
  10. Empty the Recycle bin and restart your PC normally.
Download Spyware Removal Tool to Remove* ShellLocker Ransomware
  • Quick & tested solution for ShellLocker Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.