How to remove Ykcol virus

XXX adware


The article is dedicated to Ykcol virus (Locky ransomware) which penetrates customers' machines around the world, and corrupts the data. Locky ransomware family is one of the most dangerous and consists of seven viruses that began to appear two years ago and dealed a great damage to files of ordinary users and also to representatives of small and large business. The previous versions of virus were called Locky, Aesir, Odin, Diablo6, Thor and others. Most of them were never hacked, because scammers often release new versions. In this item you can find complete information on what is Ykcol, and the deletion of Ykcol from the computer. Furthermore, we will explain how to restore the corrupted files and is it possible. The corrupted files get .Ykcol extension, and virus requires 0.25 BTC (almost $1000) as a ransom.

For all types of harmful programs, one thing is true: it's way easier to dodge it than to cure it. For ransomware this is very relevant, as, in contradistinction to normal suspicious programs, when you uninstall ransomware from the computer, the consequences of its doings do not disappear anywhere. To guard your PC, you should keep in mind a few basic rules:

  • Heed to the pop-ups. The most effective method of information restoration is the restoration through Shadow Copies, so Web-criminals have included the removal of shadow copies in the basic functionality of ransomware. Anyway, deletion of copies requires admin rights and verification from the user. The moment of thought before accepting the checkbox can save your data and your efforts.
  • Carefully examine your mailbox, particularly those messages that have attached files. The #1 pattern of fraud e-mails is the notification about prize gaining or parcel receiving. The second very effective type of fraud letters is a "business letters", summaries, lawsuits, reports, Invoices for goods and services and suchlike specific information don't come without warning, and you, as a minimum, should know the person who sent it. In most of the cases it is a fraud.
  • Keep an eye on the state of your laptop. Information encrypting is a intricate process that requires a significant amount of PC resources. When the virus starts to work, the CPU speed decreases, and the encryption process appears in Process Manager. You may anticipate this moment and shut down the workstation before information will be completely encrypted. This, if the laptop is really infected, will save a lot of your data.

Ykcol is the unwanted software getting into computers mainly through e-mail spam and Trojans. It operates using RSA-2048 and AES-128 enbcryption algorithms. When infection takes place, the virus scans the PC memory to find the folders to be encrypted and their general cost. Nowadays, each modern virus knows how to encrypt video, image, audio and text files in all known extensions. Ransomware corrupts all folders, but those that might be business documents go first. All programs in the system will be safe because scammers want only information. The operation is executed with the help of world-known AES and RSA algorithms, and it is so sophisticated that that it cannot be bruteforced. This is the ground for such a stunning effectuality of ransomware in last years: common user, even if he has a very high experience in suchlike things, won't ever be able to decrypt the data, and will need to pay the price. The only method to get back files is to crack the scam website and withdraw the encryption keys. Sometimes it is possible to withdraw encryption keys through faults in virus program code.


XXX adware


Ykcol deletion is not answer to the whole problem - it's only a one move from many until the complete data restoration. If you get rid of virus, you won't recover the information instantly, it will require additional measures written down in the next section. To eliminate Ykcol, you need to start the workstation at safe mode and run the scanning with AV-tool. We do not suggest trying to uninstall the virus by hand, because it has various protection mechanics which will counteract you. Some malware can easily erase corrupted data, or part of it, when trying to uninstall the program. To neutralize this, abide to the guide below.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

If you made all steps, described in previous paragraph - it's time to recover the information. We won't try to decrypt the information, but we'll restore them using Windows functionality and the extra software. There are the lucky exceptions, but usually data restoration takes a lot of time and efforts. If you are more interested in the by-hand data recovery - follow the instruction.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


If you need additional assistance in file recovery, take a look at our article, which describes the safest ways:  file restoration.




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience