Severity scale:  
  (98/100)

ScammerLocker ransomware. How to remove? (Uninstall guide)

removal by Alice Woods - - | Type: Ransomware

ScammerLocker – a malicious virus which locks up personal files

Image of ScammerLocker ransom note

ScammerLocker is a crypto-virus which is based on the HiddenTear open-source project. When it infiltrates victim's machines, it locks up a variety of personal files using AES[1] cipher and appending .jodis file extension. Then ransomware drops a FILES_ENCRYPTED.txt ransom note and demands a payment in cryptocurrency for data release. 

This deadly crypto-virus is named after a so-called tech support scammer, who’s picture is displayed on the main program window. It is currently unknown who the person is. Also, ScammerLocker virus was developed by hackers who are linked to “Jodis Hunter Team”; therefore, some security experts might refer to this malware as Jodis Hunter ransomware.

As soon as ScammerLocker infects the machine, it renders files like .jpg, .mpeg, .txt, .cab, .bin, .html, .exe completely useless. For example, a file called picture.jpg is turned into picture.jpg.jodis. The only way to decrypt files is by using a unique key which is stored on a remote server, closely guarded by hackers. Without it, recovering files is almost impossible.

However, authors of ScammerLocker suggest a data recovery solution which is not recommended to follow by security experts. The .txt file created by criminals states the following message:

You my friend, have been caught. Don't bother installing AntiVirus.
Because You're f**ked.
You can only decrypt your files with our decrypter, and a special key.
You must buy 10 IOTA and send it to [random characters]
[Click here for info on buying IOTA|HYPERLINK]
Or if you want to decrypt your files for free,
simply send an email to jodishunterteam@protonmail.com and then we can negotiate.
Good day, Jodis Hunter Team.

Hackers are asking for 10 IOTA, which is around 13.68 USD at the time of the writing. It might not seem like much and many users might consider contacting criminals to recover their precious files. However, we encourage you to restrain yourself from doing so. After all, there is always a chance you might not recover your data or you might be blackmailed into transferring more money.

Thus, you should remove ScammerLocker instead of communicating and having business with cyber criminals. Unfortunately, virus removal won't help to recover files, but you will be able to use your PC safely and try alternative data recovery methods. Our team has suggested several methods that might help to get back access to some of the locked files.

We want to discourage you from manual ScammerLocker removal. Instead, you have to employ robust security software for the job, such as Reimage or Malwarebytes Anti Malware. These tools ensure that virus elimination is safe. Attempts to locate and delete ransomware-related components manually often end up with irreparable system damage.

Ways to protect yourself from a deadly crypto-virus

Developers of ransomware usually use numerous distribution methods to infect computers. Security experts from Faravirus[2] warn that users need to be careful when browsing the web and have backups of the most important data. Authors of file-encrypting malware use social engineering and other sophisticated techniques that trick even the advanced computer users.

The most prominent ransomware distribution method is spam emails. This method is often used by crooks because it is incredibly effective as many users carelessly open emails which they believe are coming from a legitimate source. However, email authors are not who they pretend to be.

Thus, whenever you open an email from an unknown source, you should first check what address is it coming from and look for other signs.[3] If you noticed that something does not feel right, DO NOT open the email, click on any links or download any attachments presented. Instead, delete the email immediately.

We must also warn you that using illegal software, keygens and similar can lead to serious infections, including ransomware infiltration. Thus, avoid questionable websites (such as torrents, crack sites, etc.) and pick legitimate software download sources.

Eliminate ScammerLocker ransomware correctly

To remove ScammerLocker virus, you do not need to contact cyber criminals and pay them a demanded sum of money. As we have mentioned in the beginning, it may lead to money loss or blackmailing. Additionally, keeping ransomware on the system might lead to encryption of new files and infiltration of other cyber threats. Hence, no matter how important your files are, you should focus on ransomware removal.

To ensure safe and correct ScammerLocker removal, you should employ a reputable anti-malware software, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware. These programs are designed to deal even with the most stubborn viruses. Remember that ransomware might prevent the security application from starting. In that case, reboot your PC in Safe Mode with Networking as explained below:

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove ScammerLocker ransomware you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall ScammerLocker ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual ScammerLocker virus Removal Guide:

Remove ScammerLocker using Safe Mode with Networking

Safe Mode will allow running automatic ransomware removal:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove ScammerLocker

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete ScammerLocker removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove ScammerLocker using System Restore

System Restore might help with getting rid of the malware as well:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of ScammerLocker. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that ScammerLocker removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove ScammerLocker from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

As we already mentioned, you should avoid contacting cybercriminals at all costs. Instead, try these data recovery tools:

If your files are encrypted by ScammerLocker, you can use several methods to restore them:

Try Data Recovery Pro

Data Recovery Pro is used to fix corrupted or broken files. In some cases, it might help you recover files encrypted by ScammerLocker ransomware.

Windows Previous Versions feature might be useful

Windows Previous Versions feature can only be used if you had System Restore enabled at the time of the virus attack. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try ShadowExplorer

If the virus did not erase shadow volume copies, ShadowExplorer is a perfect tool for file recovery.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

ScammerLocker decrypter is not available yet

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from ScammerLocker and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

References