DMA-Locker ransomware. How to remove? (Uninstall guide)

removal by Ugnius Kiguolis - - | Type: Ransomware
12

What is known about DMA-Locker ransomware virus?

DMA Locker virus (also known as MadLocker ransomware) is dangerous computer infection that takes user’s files to hostage and then asks to pay the ransom. The virus is supposed to be a new version of powerful cyber threat – CryptoLocker virus. Compared to other active ransomware viruses, it has two dangerous and threatening features – it has a Direct memory access (DMA) and asks for enormous ransom for file decryption. Usually, ransomware launches their attacks and rely on their success only by a dropped malicious file on an infected computer. DMA-Locker virus operates on directly in affected computer’s memory. Virus researchers spotted this virus at the beginning of 2016, and since then, hackers have already updated malware several times. Malware can step into a computer as a Trojan horse or might be delivered in malicious spam email. Once inside, it starts scanning computer’s system and looking for important files. Then, it encrypts them using strong algorithm and appends !XTPLOCK5.0 file extension. Virus corrupts the files and makes them useless unless a victim will purchase a decryption key for 15 Bitcoins ($7000). This time hackers became greedy and asked at least five times more money than other cyber criminals. Usually, the ransom varies from 1 to 3 Bitcoins, which is also a huge sum of money. However, we strongly discourage from paying the ransom. No one can guarantee that crooks will help you to get your files back. Instead of looking for money, remove DMA-Locker from the system. For virus elimination you have to employ an anti-malware program, for example, Reimage. It finds and deletes all malicious files related to this threat.

For data encryption ransomware uses combined AES and RSA chippers. It targets personal files that are located on PC and network devices. DMA Locker ransomware encrypts various video, image, text and other types of files, for example: .xls, .tif ,.gif, .png, .jpg, .jpeg, ,.bmp, .raw, .max ,.accdb ,.db ,.dbf, .3dm, .mdb, .sql, .wma ,.ra ,.avi, .mov, .3g2, .pdb, .mp4 ,.3gp, .asf ,.asx, .mpeg, .pdf. After the attack, in each folder that stores corrupted files, you will find a ransom note in .txt and .html formats. Both of them include the same scary information and try to swindle a huge amount of money:

The only way to get your files back is to pay us for unique decryption key. Otherwise, your files will be lost.

Cyber criminals are not worth trusting. Even if hackers provide necessary decryption software, you might also get additional malware with it. After the attack, you should concentrate on DMA Locker removal. Bear in mind that data decryption is not recommended while malware residents in the system. Ransomware might encrypt your files again and ask for more money. Besides, there’s no need to consider paying the ransom, because there are free decryption tools that are created for recovering corrupted data.

DMA-Locker virus message

Variants of DMA-Locker virus

DMA Locker 3.0. This version of ransomware was discovered in February 2016. It showed up right after IT experts had discovered a DMA Locker decryption tool. Surprisingly, they moved from the first version straight to the third version, which is known to rely on the AES-256 algorithm. Beware that DMA Locker 3 targets a wide range of files and can easily encrypt various documents, images, audio and video files and image file. When it comes to infiltration, the virus uses a trojan horse that infects computers as a legitimate attachment to an email message. The DMA Locker 3.0 decrypt key costs around 4 BTC.

DMA Locker 4.0. The fourth version of DMA Locker was released in May 2016. Reportedly, it spreads via Neutrino Exploit Kit and encrypts a wide range of victims’ files. This version of DMA-Locker virus demands 3 BTC in exchange for the decryption key and promises to increase the ransom if the victim fails to pay the ransom within the given period. Once the time passes, virus increases the amount of ransom to 4.5 BTC. Unfortunately, cyber security experts haven’t presented a DMA Locker 4 decrypt tool, but we hope to see it soon. In the meanwhile, you should make sure that you have extra copies of your most valuable files to prevent their loss.

How does this cyber threat spread?

You can get infected by this virus in case you tend to explore dangerous content on the internet. You have to keep in mind that cyber criminals develop various ways to enter users’ computers. So you have to be prepared and be wary of prevention ways.

  • Most commonly, ransomware threats are being spread via malicious e-mails, which contain deceptive attachments. They might look like ordinary documents, PDFs, and other regular files. However, such attachments hold infectious self-extracting components. You should never open such e-mails or attachments!
  • Bear in mind that developers of DMA-Locker virus use social engineering tactics, so their messages might be very convincing and persuasive. So, it’s easy tricked by the criminals!
  • Viruses might also spread via rogue websites. Do not click on doubtful links on web pages full of gambling and pornographic content.
  • Install software on your computer ONLY using “Advanced/Custom” settings and untick suspicious add-ons.

DMA-Locker elimination guide

You need to remove DMA-Locker virus before attempting to do anything else. You must eliminate it completely to be sure that it will not cause harm to your system later. That is why we strongly recommend you to remove DMA Locker automatically. Automatical removal requires employing strong and reputable anti-malware tools such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware. Of course, you can use another antivirus program that you prefer. However, sometimes ransomware might block access to security tools or prevent from scanning computer’s system. Below the article you will find instructions how to solve this issue and run the program.

After DMA Locker removal, you can get your files back from a backup, or decrypt them with this DMA Locker decryption tool. If this one doesn’t work, try this DMA Locker decryptor. Use these tools or plug your backup device into your PC only AFTER you remove the virus.

 

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove DMA-Locker ransomware you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall DMA-Locker ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual DMA-Locker virus Removal Guide:

Remove DMA-Locker using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove DMA-Locker

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete DMA-Locker removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove DMA-Locker using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of DMA-Locker. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that DMA-Locker removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove DMA-Locker from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

For data recovery, you can use either DMA Locker decryption tool or DMA Locker decryptor. Bear in mind that paying the ransom to the crooks is not an option! However, if these tools do not work for you, you can try using additional methods that are presented bellow.

If your files are encrypted by DMA-Locker, you can use several methods to restore them:

Data Recovery Pro and data decryption

This tool is created for restoring missing and corrupted files after system wreckage. However, it can still be useful for retrieving files corrupted by the ransomware.

Restoring individual files using Windows Previous Versions feature

If you have previously enabled System Restore function, you can try to restore individual files using Windows Previous Versions feature. However, if System Restore hasn’t been enabled before the attack, this method won’t work for you.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Take advantage of ShadowExplorer

Some victims of the ransomware claim that SadowExplorer helped to restore at least some of their files. If DMA Locker decryptors are not working for you, give this additional data recovery method a try.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from DMA-Locker and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

Removal guides in other languages


  • ChristianSi

    Whoa, I need to change my browsing habits. I do not want to get infected…

  • pitto

    scary virus. So how do I know which websites are dangerous and which ones are not?!

  • ACe

    One of my friends got infected by opening an e-mail that came from a FRIEND. How would you explain this, 2-spyware?

    • 2-spyware

      Dear user,
      we are sure it was a WORM. It is a different kind of malware. For example, one of the most popular worms that has infected massive amount of PC users all over the world was called I LOVE YOU. This worm was spread via e-mail, too, and it silently copied victims contacts list and sent the malicious letter including the LOVE-LETTER-FOR-YOU.TXT.VBS file for them. This ransomware does not do that (at the moment of writing).
      2-spyware team.