How to remove LockOn virus and restore encrypted files

In this item we've compiled important info on what is LockOn, and the deletion of LockOn from the machine. In addition, we'll tell you how to recover the encrypted information and is it possible. 


Locked ransomware


The knowledge of computers is quite important in our century, because it helps user to protect the computer from malicious software. Statistically, most people comprehend the significance of computer knowledge just after ransomware infection. To guard yourself, you need to remember a few simple principles:


    • Do not accept any alterations to the PC, originating from strange software. One of the most efficient ways of file recovery is the restoration from Shadow Copies, and Web-criminals have added the removal of SC in the basic features of ransomware. The deleting of copies needs administrator rights and acceptance from the user. Thus, if you do not accept alterations from a suspicious program at the proper moment, you will keep the way to restore all encrypted information free of charge.
    • Be careful with the messages that contain data. If you don't know the user who send the letter and it tells about receiving some prize, a lost parcel or something similar, this could be a scam message. The #2 effective sort of scam letters is a "business messages". It is natural to be interested and click on the e-mail even if it might be not for you, but remember that one click on the viral file may cost you lots of money, time and efforts.
    • Keep an eye on the state of your PC. It requires a lot of computing power to encrypt the information. In the first minutes of infection, the CPU speed decreases, and the encryption process emerges in Process Manager. You might anticipate this event and shut down the computer before information will be completely encoded. This, in case of penetration, will protect some of your information.

LockOn is the unwanted software penetrating computers mostly with help of e-mail spam and Trojans. Also, scammers use zero-day vulnerabilities to get into the system, but major program companies promptly fix them. When infection takes place, the virus inspects the hard drive to find the folders for encryption and their rough cost. Nowadays, any new virus is able to encrypt video, audio, text and image files in all popular extensions. LockOn cyphers all folders, but those that look like business documents go first. LockOn encrypts only information, and does not affect the software, so that the man can use his computer to pay the ransom. The process is executed with the help of world-known AES and RSA algorithms, and it is so complex that that it cannot be bruteforced. This is the reason for impressive effectuality of ransomware in recent years: usual PC operator, even if he has a very good experience in suchlike things, won't ever decrypt the data, and will have no choice except paying the ransom. The sole way to get back the data is to find the scam webpage and retrieve the master key. Some skilled hackers can withdraw encryption keys through faults in viruse's program code.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

We draw your attention to the fact that the elimination of LockOn is just a, first step, which is required for the normal operation of the machine. To decrypt the files you'll have to read the advices in the next paragraph of this entry. To deelete LockOn, you need to boot the workstation at safe mode and run the scanning via antivirus tool. Some viruses can't be removed even through antivirus-software, and have other efficient types of defense. The most common viral defensive technique is the uninstalling of data in case of data restoration or malware deletion attempt. To avoid this, abide to the instructions below.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.

Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to decrypt files

After removing LockOn from the system, user has to recover the encrypted information. Actually, this is not literally decipherment, since the encryption algorithms owned by web-criminals are extremely complex. There are the lucky chances, but usually data recovery takes plenty of time and efforts. If you picked the independent information restore - take a look at our article, which shows all the most effective ways.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore




Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience