Severity scale:  

.Locked virus. How to remove? (Uninstall guide)

removal by Julie Splinters - - | Type: Ransomware

The working principles of .Locked virus

.Locked virus is a type of a cyber infection that infiltrates computers and encrypts data stored on them. Such viruses are called ransomware [1] because they demand owners of the encrypted data to pay particular sums of money in exchange for the special deciphering key [2] . The infected users are then faced with a dilemma – to pay the ransom and hope to get their files back or bid farewell to the encrypted information, but making sure that hackers do not receive any reward for their fraudulent activities. So, if you fell on the ransomware’s target list, the first thing that you should do is remove .Locked virus from your PC which you can do using the removal instructions below. 

Questions about .Locked virus

This ransomware virus seems very similar to other infamous ransomware threats such as Locky virus, .locky extension virus, TeslaCrypt, Cerber, and KeRanger. However, there are slight differences between the older ransomware and this particular malware. .Locked ransomware uses AES-256 encryption algorithm contrary to RSA-2048 and AES-128 algorithms used by Locky, for instance. Furthermore, the ransomware demands 500 USD in Bitcoins [3], as opposed to the usually required amount of $400. Moreover, if you don’t rush to pay the money in the specified period of time, the amount of ransom doubles! If you have decided to go along with cyber criminals by paying the money, once you click the “Pay” button, .Locked malware starts showing you detailed payment instructions. After that, you are supposed to download a specific software and the private decryption key. However, we don’t recommend doing that as there is no guarantee that it will work out after you complete the financial transaction. You mind reveal your personal information and lose your money after paying the money but failing to access your personal files. Thus, you should think about .Locked removal rather than act according to cyber criminals‘ expectations. For that, we recommend using Reimage.

Speaking of the creators of this ransomware, some speculate that famous vigilante hacker organization called Anonymous [4] might be related with the ransomware. Such suspicions arose after another ransomware – Anonymous virus – emerged. The latter virus seems to be originated by the organization. Knowing genius abilities of these maverick hackers which managed to hijack international governmental and private institutions, .Locked virus might become a real challenge. Moreover, the hackers use the photo of the Anonymous trademark mask which enforces the speculations as well.

The latest reports about the Locked ransomware show that this virus has picked up a new distribution tendency and is now spreading disguised as Netflix login generator [5]. Now, the hackers are exploiting the users’ desire to access the huge Netflix movie and TV series database for free and secretly place the malicious script inside the fake account activation software. The command that activates the encryption is cleverly hidden under the “Generate Login!” button. Once the victim clicks this button, the virus initiates the encryption and locks the computer. The temporary lock screen urges the user to go follow the instructions provided in the Instructions.txt document that is placed on the desktop. It is currently unknown what extensions does this Netflix ransomware use to mark the encrypted files, nor what sum the hackers demand for the data decryption. It is known for sure that this virus spreads via various pirating sites and low reputation software distribution platforms. So, if you care about the security of your device and your data do not even try go looking for such illegal tools and invest in your security by spending a few dollars on a legitimate Netflix account.

What triggers ransomware infection?

Like similar malware, the virus is encountered via infected spam attachment. A victim user receives a false invoice or traffic alert which includes a ZIP or a Word file with the embedded macro code. If the victim download the file to the operating system, the ransomware sets out to encrypt your important documents, certificates, work accounts, reports, and family-related information. As soon as it finishes the job, it leaves a .locked file in the encrypted folders. Then a message appears on user’s screen declaring of the mischievous deed.

Furthermore, it has been observed that .Locked malware can also be spread via a trojan. This threat provides a necessary disguise for the ransomware. Usually, a trojan is unspotted by anti-virus programs, since it seems like a legitimate file. After it safely passes through the system protection, the trojan sets free the vicious content and .Locked ransomware starts its job. In this particular situation, you need to have an anti-malware program to detect trojans and other malware of such kind. In addition, some ransomware is observed to disperse via cracked games. So if you are a passionate gamer, be aware that despite minor PUPs attacking your computer after every game hacking, serious viruses might pose you a challenge as well.

Remove .Locked following these instructions:

If you are infected with .Locked ransomware, you should come to terms with the fact that the encrypted files may be lost. You can restore them from backup, but if you can’t find extra copies of your important data, it may be that you won’t get it back. Secondly, manual removal option might not work out considering the complex structure of the ransomware and its encryption algorithm. Therefore, you are left with only one solution – remove .Locked with the assistance of a powerful anti-malware application, such as Reimage or Plumbytes Anti-MalwareNorton Internet Security. Lastly, it is essential to keep it updated and run regular scans in order to ensure its full protection and enjoy safe browsing again. If you can’t launch any of previously mentioned programs, follow a guide below:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.

If you decided to select another anti-spyware, uninstall Reimage from your computer.
Press mentions on Reimage
Alternate Software
Alternate Software

To remove .Locked virus, follow these steps:

Remove .Locked using Safe Mode with Networking

If Locked virus or any of its versions are blocking your antivirus, please follow the instructions our experts have provided below the article.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove .Locked

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete .Locked removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove .Locked using System Restore

You antivirus may be blocked by the malicious .Locked virus features which might not allow to remove the virus from your computer properly. In such a case, please follow virus decontamination steps below:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of .Locked. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that .Locked removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove .Locked from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by .Locked, you can use several methods to restore them:

Apply Data Recovery Pro for the recovery of your files:

If you want to use a tool that will recover encrypted system files automatically, you should give Data Recovery Pro a try. you may find brief recommendations on how to use this tool here:

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by .Locked ransomware;
  • Restore them.

Learn about the Windows Previous Versions feature and its benefits of data recovery:

Windows Previous Versions feature is a useful technique that you may use to recover some of your files, but not the entire system. Of course, none of the alternative data recovery techniques can promise that. But if you are in desperate need of that special archive or document — do not hesitate to try out Windows Previous Versions feature.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Find out how to use ShadowExplorer for data recovery

ShadowExplorer can be used for data recovery in case the virus in question does not delete Volume Shadow Copies of the encrypted files. If it did destroy these files, we recommend you check out the previously mentioned data recovery techniques.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions


Removal guides in other languages