Severity scale:  

SynoLocker virus. How to remove? (Uninstall guide)

removal by Lucia Danes - -   Also known as SynoLocker ransomware | Type: Ransomware

What is SynoLocker virus?

SynoLocker virus is a serious ransomware, which has ability to encrypt specific files that are kept on network-attached storage devices. Of course, after blocking connection to these files, virus asks to pay a ransom of $350 and claims that it will decrypt these files in exchange for this fee. Just like Cryptowall virus and similar ransomwares, as soon as SynoLocker encrypts files, it asks to pay a ransom in bitcoins via Tor browser. It is known that this cyber infection has attacked Synology servers. For those who don't know this company, we will say that it is a Taiwanese company that creates popular storage devices helping people store their files on the Internet. If you use storage devices of Synology, don't be surprised after discovering such notification:

Automated Decryption Service
All important files on this NAS have been encrypted using strong cryptography.

List of encrypted files is available here.

Follow these simple steps if files recovery is needed:

In this case, you should contact Synology support and power off the DiskStation. We also recommend scanning computer with reputable anti-spyware to make sure that it is free of this cyber threat. The latest victim of SynoLocker is the Chinese Medicine University. According to reports, virus managed to affect its storage devices and blocked the connection to 10,000 patient records.

How can SynoLocker virus infect my computer?

It's still unknown how hackers spread SynoLocker virus. According to some of security experts, this virus may got a chance to affect Synology servers because of the critical vulnerability that has recently been patched. In order to prevent infiltration of SynoLocker virus to your computer, you should always be careful with emails from such well known companies as Bank of America. If they are full of suspicious links, grammar or typo mistakes, there is a huge chance that these mails are used for spreading SynoLocker virus. Also, stay away from insecure websites and never fall for questionable alerts. If they offer you to update some of your programs, it might be that they are used for spreading this or other ransomwares, trojans and other seriously dangerous viruses. Finally, don't leave your PC without anti-virus and anti-spyware installed on the system because it can help you to prevent infiltration of previously mentioned viruses. If you think that your PC is infected with SynoLocker virus, you should follow this guide:

How to remove SynoLocker virus?

We have some bad news to you.. If SynoLocker virus infects computer or data storage device, there is the only method that can be used for decrypting files and this method is making a payment of $350 in bitcoins. Of course, we don't recommend that because by doing so you will support hackers and their dirty business. In order to remove SynoLocker virus from the system, we recommend using Reimage or Malwarebytes MalwarebytesCombo Cleaner. If you can't run these programs, follow the steps:

  1. Reboot you infected PC to 'Safe mode with command prompt' to disable virus (this should be working with all versions of this threat)
  2. Run Regedit
  3. Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
  4. Search the registry for these files you have written down and delete the registry keys referencing the files.
  5. Reboot and run a full system scan with updated anti-spyware.

However, if this works for you, it works just for unblocking computer.. We highly recommend thinking about the prevention of such infections. For that you can use previously mentioned programs. Besides, don't forget to think about the immunity of your files and backup. For that you can use USB external hard drives, CDs, DVDs, or simply rely on online backups, such as Google Drive, Dropbox, Flickr and other solutions.

do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Malwarebytes.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.
SynoLocker virus snapshot
SynoLocker virus snapshot

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

Removal guides in other languages