How to remove Lukitus virus and restore encrypted files

Lukitus is the second version of Locky ransomware that was released this month, and we can clearly see that its creators are going to make more. The virus is almost identical to the previous version: the only difference is a slightly modified ransom note, and another file extension: .lukitus. Obviously, hackers are trying to slow the progress of researchers in hacking the virus, and therefore will continue to make minor changes to its code. So far, there is no evidence of progress in research, so users should only hope for the best.

 

Lukitus ransomware virus

 

Until the decryption program is created, users affected by the virus should focus not on recovering files but on removing the virus from the computer itself and on protecting against re-infection. As you understand, it is much easier to protect yourself from the virus than to later deal with the results of its actions. There are only two most popular methods of infection, which are preferred by the creators of ransomware. The second most popular way is to use zero-day vulnerabilities to penetrate the system. In this way the WanaCry virus spread, and this allowed its creators to earn hundreds of thousands of dollars in a short period of time. The only drawback of this method is that such vulnerabilities are quickly removed by software developers, and new vulnerabilities that are suitable for infection are not so easy to find. A more reliable method depends not on flaws in software structure, but on the human factor: this is an infection through e-mail. Scammers send out false letters, composed in such a way that the user wants to open a file attached to the letter with the virus. It is in this way that all versions of Locky, including Lukitus, penetrated the computers of the victims, and therefore we will focus on it. Here are a few simple and effective tips to help you protect your computer from getting infected with ransomware:

 

  • The easiest way to protect yourself from fraud is to create separate mailboxes for various activities. For example: one box for communicating with friends, one for work and one for registering on websites. Scammers do not know who owns the mailbox to which they send spam, and act at random, while you will know that on your personal e-mail you will never receive a working letter and vice versa. So you will filter out most of the dangerous letters.
  • If, however, you are going to open a message with an attached file, not being sure that it is safe - you should use the so-called sandbox programs. Such programs exist both separately and as part of the functionality of antivirus suites and some mail services. The sandbox allows you to open a file in quarantine, not allowing it to affect the system and infect it. Such a program should be used when opening all letters containing files.
  • If the virus already penetrated the computer, then you can protect against it, or rather - get the ability to restore the files. The bottom line is simple: do not use an account with administrator rights. Having penetrated into the system and encrypting the files, the virus will try to remove the shadow copies with which you can restore the files. Deleting copies requires administrator privileges and user confirmation, and if the copies are not deleted, you can later easily recover all the data.
  • If the virus has penetrated the system, and you, using an account with administrator rights, have confirmed the removal of shadow copies, only backups can save you. If important information is stored on your PC, backup is the most reliable way to protect data. Just save important files on external media and disconnect it from the computer. In this case, even if the virus penetrates the system, you can easily remove it, and then download the backup.

 

Lukitus ransomware virus

 

These four simple tips will help you prevent infection, or cope with it in one of the intermediate stages. In the event that the files are already encrypted, you can only wait for the experts to hack into the scam site and get the master encryption key. However, even if you are going to pay a ransom (which we do not recommend to you, as there are no guarantees of data recovery after it is paid), you still need to remove the virus from your computer so that you can use it in normal mode.

How to delete Lukitus Virus

Removing viruses like Lukitus is almost impossible to do manually, because in case of an error the virus will fully recover and, possibly, completely delete all files. To avoid this, we advise you to use our instructions very attentively. Execute exactly each step described in the instructions, and after a few minutes you will completely get rid of the virus and can again safely use the computer. Alternative way is to use special antivirus scanner that delete malware components completely.

 

Download Spyhunter - Anti-malware scanner

Why we recommend SpyHunter

Spyhunter removes malware fully

It protects the system against all kinds of threats: viruses, adware and hijackers

24/7 Free Support Team

More about Spyhunter: User manual, System requirements, Terms of service, EULA and Privacy policy


Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.

 

 

 

Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1

 

  • Select Boot tab

Safe mode. Step 2

 

 

  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode

 

Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1

 

  • Select Appearance and Personalization

Show hidden files. Step 2

 

  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3

 

  • Press Ok

 

Step 3. Remove virus files

 

Check next folders to find suspicious files:

  • %TEMP%
  • %APPDATA%
  • %ProgramData%

 

Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder

Hosts_file_location

 

  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:

Hosts_file

 

Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

 

Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files encrypted by Lukitus

In this guide we have already mentioned that the user whose machine is captured with encrypting virus has only one entirely reliable way to restore files: to upload the backups. You should try these ways if there's no another choice, but be ready that they may fail. The main advantage of backup copies is that they are kept on the separate media, and are not available for viral impact.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1

 

  • Click System and Security

Decrypt files. Step 2

 

  • Select Backup and Restore

Decrypt files. Step 3

 

  • Select Restore files from backup
  • Select checkpoint to restore

 

Other manners depend on the OS in-built services, and their efficiency may be minimized by the virus itself and the lack of skill. We can suggest you two more decryption techniques. You can use the shadow copy service, or a special program to restore the data. Decryption using the special decryptor is very efficient, but unfortunately, such a tool doesn't yet exist. News about the advancement in the creation of the program might be seen on EmsiSoft, MalwareHunterTeam and Kaspersky lab official web-pages. By-hand restore using Shadow Volume Copies might be made immediately. You can use the built-in Windows functionality, however, there are other programs that will make this task simpler. These tools are called Recuva and ShadowExplorer. Both of them are free, you might find them from the official websites, with detailed guide for their use.

 

 

 

Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [2 Votes]

Add comment

Security code
Refresh

 Norton_scan_results

Google_SafeBrowsing_scan_results

AVG_Scan_results

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?

 

This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.

 

Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

White Ops unveiled the biggest botnet ever, called Methbot

White Ops cyber-security company revealed the largest botnet in history, called Methbot. In this article you’ll find full information about the net, its width and possible methods to shut it down.

 

This website uses cookies to improve your experience