Severity scale:  
  (99/100)

LOL ransomware virus. How to remove? (Uninstall guide)

removal by Julie Splinters - - | Type: Ransomware
12

Hackers have created an unusual name for a ransomware — LOL

Image of .LOL! ransomware

LOL virus is a malicious program designed to encrypt valuable data on the targeted computer. It is easily recognized by the extension mark .LOL! appended at the end of the file-name. Immediately after the virus finishes data encryption, get data.txt file is dropped on the desktop and victim is asked to pay 1 Bitcoin as a ransom. According to the research, malware is a variation of another highly aggressive virtual threat – GPCode ransomware (also known as GPCoder).

Several weeks ago, cybersecurity experts from NoVirus.uk[1] warned users about the similar version of this ransomware. It appends .lol file extension and demands a significantly lower amount of money for a decryption tool — 0.1 BTC. However, the risk of getting infected with this threat seems to be much higher as it was found spreading as a keygen[2] on highly unreliable websites. Therefore, you should not only remove .LOL virus but also be cautions of similar malware infections. 

The most peculiar features of .LOL! ransomware serves the get data.txt message. It is divided into two sections named “JOKE” and “SERIOUS”. In the former part, the hackers address their victims in a mocking way by addressing them “Boys and Girls.” Later on, it preaches them of not being cautious about their cyber security.

Moving on to the latter part, .LOL! developers threaten the community that all their data has been locked by the strongest encryption techniques, standard AES and RSA algorithms[3]. Therefore, there is no supposed decryption tool except their own. They assure the victims that they are not scammers and encourage to contact via gpcode@gp2mail.com e-mail address.

The cybercriminals try to earn the trust of their victims by allowing to decrypt files up to 5 MB for free. To increase the rate of successful transactions, attackers urge to pay the ransom or the files will be permanently deleted within a month. At this point we want to calm you and offer another solution that will protect you from financial losses and recover some parts of your data.

We recommend you to start LOL ransomware removal right now with the help of Reimage or any other security software of your choice and try to retrieve your files from backups. It is the best alternative way to fight ransomware attacks and minimize illegal profits used to finance the development of other types of high-risk computer infections. 

Spam messages are the major cause of the ransomware infection

Analysts have spotted LOL virus spreading via malspam campaigns that send e-mail messages with malicious attachments worldwide. In order to delude as many users as possible, developers wrap their viruses in the fake package of financial reports, invoices, and customs declaration forms.

Unfortunately, credulous users who are unaware of the hidden danger, open the attachment and activate the threat. Needless to say, you should be extremely cautious if you want to avoid ransomware attack. Even if the message is sent from the local police or tax institution, double-check the sender in order to escape the severe consequences of the file-encrypting virus.

Learn how to safely terminate LOL virus

We always recommend to use a reputable anti-malware program to remove LOL ransomware from your system. It is the safest way since it is designed to not only detect ransomware but other computer threats as well. As a result, you will get rid of the malware and increase your computer's security in future.

Be aware that .LOL virus removal won't decrypt your files. After the elimination, you can concentrate on the file recovery. Below this article you will find the instructions on how to retrieve your files using verified decryption tools.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove LOL ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall LOL ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual LOL virus Removal Guide:

Remove LOL using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

To start .LOL! removal, you should reboot your computer to Safe Mode with networking.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove LOL

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete LOL removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove LOL using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

In some cases, the ransomware might block the installation of a professional security software. Thus, the instructions provided below will show you how to boot your PC into a Safe Mode with Command Prompt.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of LOL. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that LOL removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove LOL from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by LOL, you can use several methods to restore them:

Use Data Recovery Pro tool

this professional tool might recover files after ransomware attack or if the user accidentally deletes them. Follow the guide below to learn how to use it:

Windows Previous Versions feature might be the solution

Note, that this tool only works if you have enabled System Restore function before the virus started data encryption. If you have, check the instructions below.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Shadow Explorer might be useful

To start data recovery with ShadowExplorer, make sure that the Shadow Volume Copies are not erased from your PC.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from LOL and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References


  • ernie$^(^

    Thye need to pay for this mischief.

  • stockmarketter44

    How longs does it take to create such malware!

  • bilbo.56446

    Poor humor, as always…