ScreenLocker virus (Virus Removal Guide) - Dec 2016 update

ScreenLocker virus Removal Guide

What is ScreenLocker virus?

ScreenLocker – what kind of computer infection it is, and what should you know about it?

ScreenLocker virus is a malicious software, which is better known as ransomware. It differs from the widely-known ransomware variants such as Locky[1] or Cerber, because unlike these viruses, it doesn’t encrypt files, but locks your screen and prevents you from performing even the simplest tasks. ScreenLocker-type ransomware viruses are not that popular because more advanced computer users can get rid of them quite easily. Screen-locking attacks are much different. Once such virus breaks into the target system, it blocks the executable system files and thus prevents users from accessing essential settings and folders (for instance, Windows Registry or, in some cases, Task Manager). As a recent research has shown, users whose computers have been attacked by the ScreenLocker ransomware have to delete the value that is named as “RealtekSoftware”. Its default location is HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. However, there is one problem. ScreenLocker virus locks the screen and does not allow users to initiate any tasks, so there is no chance to reach aforementioned location without unlocking the screen. Although this ransomware does provide with the instructions what should be done in order to unlock the screen, surprisingly there is not a clue about any payments. The alert by ScreenLocker usually looks like this (either in English or in Spanish):

We have detected that the software running on your computer is not genuine, please complete an offer below to unlock the computer permanently and insert the key below that will be provided after completer supply.
To get the key, complete a survey by clicking HERE.

As you can see, this ransomware accuses computer users of storing illegal software, which is quite serious. Nevertheless, it doesn’t matter whether you have downloaded illegal programs or not, you should not trust ScreenLocker ransomware and never participate in any surveys that it requests you to because it may be an attempt to distribute other malware on your computer’s system. Locked screen is a serious warning that you PC’s system is infected by a malware, so the best solution is to take immediate actions and remove it ASAP. For that, our recommendation would be FortectIntego.
ScreenLocker virus blocks access to PCScreenLocker virus prevents access to the computer system.

ScreenLocker as a type of ransomware

As you can see, this article describes a program that is recognized by the name “ScreenLocker.” However, this term can be used to describe a big group of ransomware viruses that lock the screen by displaying a full-screen window or preventing the victim from logging into Windows account[2]. However, just like typical ransomware threat, it wants something from the user. The majority of ransomware viruses demand money, others ask to fill out surveys, and finally others are meant to convince the victim to call technical support scammers. Over time, we have seen these different types evolving, and we are sure that eventually we will encounter more ransomware types. For now, we would like to introduce some examples of screen-locking ransomware viruses.

Examples of screen-locking viruses

MagicMinecraft Screenlocker ransomware virus. This virus blocks access to the computer by displaying a lock screen that says “Every time you Enter a false Password a ransom Windows file gets Deleted!” What is interesting is that this ransomware doesn’t leave any ransom notes or instructions on how to recover access to the computer. It seems that the virus has been developed by a script kiddo or simply an amateur and low-level programmer who didn’t know how to configure program’s functions properly. Luckily, it is an advantage – malware researchers shortly cracked the virus and revealed the right password that removes the lock screen. The password is 62861094725560. Victims are advised to scan the system with anti-malware software[3] to remove MagicMinecraft virus entirely, as well as check the system for other potentially unwanted or harmful programs and get rid of them.

VinCE tech support screen locker virus. At the end of 2016, we have encountered a whole new wave of ransomware viruses that appear to be associated with tech support scammers. VinCE locker, which is named after a folder it creates on the compromised system, is a fraudulent program that is built in MSIL, and its main executable is SBSCP.exe. Once run, this executable launches a blue screen that says: “Your PC ran into a problem and needs to restart. We are just collecting some error info, and then we’ll restart for you.” The virus is programmed to show a percentage completion value, which typically pauses at a random number between 25 and 50. The ScreenLocker also says that the user may call 1-888-523-2979 for more information about the issue identified as CRITICAL_PROCESS_DIED. The VinCE virus is also made to prevent the user from shutting the screen or computer down, but apparently, a simple trick can close this screen. To shut down the VinCE ScreenLocker, one simply needs to push down F6 key. Of course, the system must be scanned with anti-malware software afterward.

SurveyLocker ransomware virus. This virus is a ransomware that doesn’t actually ask to pay a ransom. It doesn’t encrypt files, but it blocks access to the computer and displays an annoying message that says Locked! Surprisingly, the virus wants the victim to answer some questions of a survey that it provides. However, victims are not obliged to answer no surveys, especially because it is extremely easy to get rid of the lockscreen. Victims simply need to enter hurr durr in the password box and hit Unlock PC.

Methods used to distribute ScreenLocker virus

There is a handful of ransomware that employ illegal methods of distribution and may infect computers without being noticed. ScreenLocker is one of them. Security experts state that it may be carried by various Trojans that can be executed right after clicking on the infected links or fake software updates[4]. However, the most successful ransomware distribution method is still considered to be spam filled with infected attachments or malicious links. Usually, such email messages report about serious things that catch users attention, for instance, missing payments, warnings from various authorities, taxes, and so on. Therefore, if you want to stay safe and want to maintain immunity of your private data, NEVER trust questionable emails, avoid visiting illegal websites, downloading suspicious updates or checking your PC online. Otherwise, ScreenLocker virus or any other infection may slither onto your machine.

Uninstall ScreenLocker ransomware

Fortunately, ScreenLocker virus does not encrypt private data and does not require paying the money for unlocking the screen. However, since it may try to spread other malware or you may execute file stealing ransomware one day, our piece of advice would be to backup files regularly. Use alternative file storage, such as USB external hard drives, CDs, DVDs, or any of cloud storage (Google Drive, Dropbox, etc.)[5]. If you need more information on that read the following: Why do I need backup and what options do I have for that?

Speaking about ScreenLocker virus removal, it’s important to note that it is not advisable to try to remove it from the system manually. This way other more serious system issues may be caused leading to serious damage. Therefore, if you are a victim of this ransomware, you should rely on a reputable anti-malware, for example, FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes and let them remove ScreenLocker automatically.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of ScreenLocker virus. Follow these steps

Manual removal using Safe Mode

Before you run your anti-malware software to delete the virus, reboot your PC using instructions presented here.

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from ScreenLocker and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions