Severity scale:  
  (99/100)

PowerLocky ransomware virus. How to remove? (Uninstall guide)

removal by Julie Splinters - - | Type: Ransomware

What can you expect from PowerLocky virus?

If PowerLocky virus manages to infect your computer, there are bad and good news. The bad news is that this cyber threat is categorized as ransomware. It means that the only possible way to recover the files is to find the decryption key. Paying the ransom should not be considered as an option. Therefore, virus researchers suspect that this virus is the improved version, specifically the combination of notorious Locky and PowerWare viruses. It uses AES algorithm to finish encoding personal information. Thus, you should not underestimate this threat. Finally, the good news is that you can remove PowerLocky without bigger trouble by using anti-spyware application Reimage.

This virus hybrid hit the spotlight quite recently, but it managed to wreck quite a havoc already. The complexity of this threat makes it even more dangerous and threatening. The hackers thoroughly employed an AES-156 set of two interrelated codes to encode personal files. Moreover, the threat mainly targets %AppData%, %Temp%, %Roaming%, %Common%, %(User’s Profile)%, and %System32%. Keeping important and valuable information in these folders increases the risk that your data will be encoded and lost if the file-encrypting virus decides to infect your device. When this specific virus finishes its misdeed, the virus opens the _HELP_instructions.html file with the instructions to recover the files. We highly discourage you from paying the ransom which varies from 500 to 1000 USD. There is no guarantee that the hackers will return the data when if you remit the payment.

The screenshot of PowerLocky virus

Questions about PowerLocky ransomware virus

Speaking of the decoding, the hackers offer to install their PowerLocky decrypter which is identical to the one employed by Locky. Brush away any thought purchasing the decryptor. You may succeed in recovering some of your files, but the probability increases that the decrypting tool might contain the malware within. When the time comes, PowerLocky ransomware might infect the device again. Since this virus possesses elements of two mentioned threats, you may notice that .tax2016, is appended to the encrypted files, though, mainly, .locky extension will be attached. Moreover, the ransomware might be hidden in notepad.exe, svchost.exe, setup.exe or patch.exe. Thus, differentiating which file is malicious becomes a challenge. Therefore, start PowerLocky removal right away.

The distribution techniques of the ransomware

Its transmission methods do not fifer from other samples of file-encrypting viruses. PowerLocky malware targets users via spam emails. Beware of such emails which contain these subjects: “Windows Free Upgrade Is Here,” “Your PayPal Account Has Been Suspended,” or “Your Bank Account Receipt.” They might persuade users into opening the required .doc. exe, or .scr file which contains the menace of PowerLocky malware. In addition, treat carefully the emails which are seemingly sent from governmental institutions or customs. Fake emails often contain spelling or grammar mistakes. Arm up with a reliable anti-spyware application as well. It will decrease the amount of spam emails targeting your Inbox.

PowerLocky removal options

We do not recommend wasting time nor energy on manual elimination. Locating potentially malicious files is completely futile taking into the account the ability of the malware to disguise under common .exe files. Thus, opt for the automatic elimination method. The security application, such as Reimage or Plumbytes Anti-MalwareMalwarebytes Malwarebytes, will remove PowerLocky shortly. It will check your operating system for all kind of threats. After the virus is terminated, you can concentrate on the recovery of your files. Some data recovery applications might be of help, but the most efficient way to retrieve them is to use back-ups. If you do not have them, develop a habit of regularly backing up your valuable information.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove PowerLocky virus, follow these steps:

Remove PowerLocky using Safe Mode with Networking

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove PowerLocky

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete PowerLocky removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove PowerLocky using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of PowerLocky. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that PowerLocky removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from PowerLocky and other ransomwares, use a reputable anti-spyware, such as Reimage, Malwarebytes MalwarebytesCombo Cleaner or Plumbytes Anti-MalwareMalwarebytes Malwarebytes

About the author

Julie Splinters
Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

Removal guides in other languages