ScreenLocker Ransomware - How to remove

ScreenLocker Ransomware

ScreenLocker is a a new ransomware is really similar to all other ransomware of this type. However, it has one strange attribute – it is not finished, yet released. This means that, if your computer is infected with this ransomware, you will have no opportunity to pay the ransom and retrieve your files. And this makes ScreenLocker even more dangerous, because if this infection enters your computer, your files will be encrypted without no possibility to retrieve them.

It’s not quite clear why cyber criminals would want to execute virus like this. However, there are couple of theories – either it’s just a ‘test’ to find out new ways to attack users or it’s because ScreenLocker is not finished yet and users will be allowed to pay the ransom in a near future.

It’s not very difficult to indicate whether your computer is infected with ScreenLocker or not – it’s obvious. Once inside it will display a message on your desktop with a message like this:

Su copia de software no es genuina.
Hemos detectado que el software que corre en su ordenador no es genuino, por favor complete una oferta a continuacion para desbloquear el equipo de forma permanente e inserte la llave a continuacion que le sera proporcionada tras completer la oferta.
To get the key, complete a survey by clicking HERE.

Even though it’s not possible to decrypt your files once they are encrypted by the ScreenLocker, you should eliminate it right away before it causes more cyber security problems to you. You will find manual ScreenLocker removal instructions below this article – we have developed it to assist you through this complicated process of virus removal. However, it’s not enough to eliminate ScreenLocker manually, therefore we recommend to scan your computer with reliable anti-malware application afterwards. We suggest to use either Spyhunter or Malwarebytes for this task. You can use other anti-malware software of your choice as well.

Removal methods of ScreenLocker ransomware

Note, that there are many versions of this scam, but each of them can be removed with various degrees of difficulty. It is tought to identify correct method at once, so if one method fails, skip and try next one. We cover most of the methods from easiest to the most complex to remove this ScreenLocker scam.

The easiest way to get rid of ScreenLocker virus is scan your PC from unaffected account with administrative permissions with Spyhunter or Malwarebytes Anti-Malware. If you are not so lucky and have no unaffected account on your computer, there are other options:

  1. Restart your computer, press F8 while it is restarting.
  2. Choose safe mode with networking.
  3. Launch MSConfig.
  4. Disable startup items rundll32 turning on any application from Application Data.
  5. Restart your computer again.
  6. Scan with https://www.2-viruses.com/downloads/spyhunter-i.exe to find the file and remove it. Here is a video guide, showing how to do all the steps:

Removing ScreenLocker Virus when you can boot to Safe Mode with command prompt only

If you cannot use Safe Mode, try rebooting into safe mode with command prompt. Here how to delete ScreenLocker using this approach:

  1. Reboot into safe mode with command prompt. ScreenLocker should not be launched this time.
  2. Run regedit. Search for Winlogon.
  3. There will be a key labeled Shell under Winlogon. It should refer to Explorer.exe or be blank. If there is something else referring an executable in one of users folders, replace it with explorer.exe.
  4. Save changes, reboot to safe mode with networking.
  5. Run msconfig and disable all unnecessary startup entries. Reboot normally, your system should start without parasite interfering.
  6. Install and run https://www.2-viruses.com/downloads/spyhunter-i.exe. Scan with it the PC and delete ScreenLocker Virus executables it finds.

Here is a video guide illustrating this virus removal method:

There are couple versions of ScreenLocker Virus that encrypts user documents and images. Depending on parasite version, the files might be recoverable, but it is not always the case. In such cases I recommend using PC support or one of the existing decryptors for the files.

Note, that even if all of safe modes are blocked and you can not access other user account and run Anti-Malware program scan from there, you can still clean your PC from this infection. We recommend either using Bootable antivirus CD/USB disk (Hitman Pro Kickstarter USB is one of such choices)  and scanning with it or calling +1-888-334-2444 (USA / CA ) for help.

Using Hitman Pro Kickstarter USB to remove ScreenLocker virus that blocks all Safe Modes

  1. For this approach, you will need an uninfected PC and an empty USB disk.
  2. Download Hitman Pro on this PC. No need for installation and Run it.
  3. Press on Icon to create Kickstart USB. Follow the instructions.
  4. Switch infected PC Off. Put USB disk in, turn PC On and press DEL.
  5. Search for Booting order settings (varies depending on PC) and choose boot from USB as primary option.
  6. Save settings and Exit.
  7. Follow instructions on screen.
  8. When PC is booted, you should have access to your PC. Scan with Hitman Pro and Spyhunter and delete the ScreenLocker scam files.
  9. Take USB out and reboot normally.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Manual removal

One response to “ScreenLocker Ransomware

  1. Few days before, my Pc gets infected through Interpol/FBI Ransom scam and displaying message that i disobayed rules and regulatuions so that system is locked and for unlocking i had to pay a certain amount of money. I got scared what should i do then my frnd told me, you can prefer to Remove Interpol/FBI Ransom scam  for protecting the system.

Leave a Reply

Your email address will not be published. Required fields are marked *