How to remove Evil Locker virus and restore encrypted files

So, what we have to say about Evil Locker? It consists of an absolutely legal coding system which ciphers all files on user’s PC and makes them unreadable if you have no key. The key is also encrypted with another algorithm. Usually, these algorithms are AES and RSA, which have asserted themselves the most complex and fail-safe. The mentioned manners and the software based on them are in public access on the Internet, so web-criminals just have to add techniques of defense, to restrict an admittance to a ransomware, and create the safe control and update system. Some encrypting tools just function independently, and swindlers know of a new "client" as late as he turns to them and transmits his ransom. The complex encrypting viruses are function in another manner, and send files to thousands servers, to confuse the security specialists and maximize the time needed to defeat a virus.



Virus sort doesn't really matter, as the AES and RSA algorithms are overly complicated to break them directly. It it requires thousands of years to perform all necessary operations on a common machine and, maybe, 2-3 decades if you have an access to an industrial gear. The best manner to beat a high-quality virus is to find flaws in its code, or hack its database, to find a master key. In some cases there is a breaker, able to cease virus' activity totally or to leave unscathed a particular computer. If someone discovers that switch for this ransomware, or develop a decryption program, we'll provide you with complete information in this guide.


There are a few alternatives to examine, before you can yield and look for a decryption software. As it is said above, scammers make errors, and some characteristics of the system may assist you to restore data.


  • If you do not use the system from an admin account – you can compliment yourself. The point is that your OS duplicates any information until they’re eliminated or altered. Those files are called Shadow Volume Copies, and the virus has the ways to erase them. If you're using the user's profile – the system requests for a permission at the exact second Evil Locker starts to delete shadow copies. In case you saw such confirmation and ignored it – your copies are fine, and you may download a specialized software to recover the information.
  • A protected copy is the sole entirely productive way to recover your data, but you should uninstall Evil Locker first. Ensure that Evil Locker is deleted totally, as if it’s not – all information will be spoiled one more time, with the files that are on an outer hard disc.


If all of written above hints didn't help and you have no chance to restore the files – you need to eliminate Evil Locker from your machine and wait until a decryption program will be published.

How to remove Evil Locker

Unfortunately, you can't fully avoid an installation of software. This ransomware is incredibly cunning and you could miss some parts and then regret it (for example, when you connect an external drive with your saved information to a not-really-clean machine). It knows how to lurk damn good, and you literally won’t have an opportunity to get rid of it entirely with your own hands. Here's your deletion directions which can suit all your needs. It consists of a few manual stages and one optional antivirus software phase.

Removal instruction

If you are MAC user, follow this guide: how to decrypt files on MAC.




Step 1. Boot the system into safe mode

  • Press Start
  • Type Msconfig and press Enter

Safe mode. Step 1


  • Select Boot tab

Safe mode. Step 2



  • Select Safe boot and press Ok

More information about Safe mode: What is Safe Mode and how to boot computer in Safe Mode


Step 2. Show all hidden files and folders

  • Press Start
  • Click on Control Panel

Show hidden files. Step 1


  • Select Appearance and Personalization

Show hidden files. Step 2


  • Click on Folder Options
  • Select View tab
  • Select Show hidden files, folders and drives

Show hidden files. Step 3


  • Press Ok


Step 3. Remove virus files


Check next folders to find suspicious files:

  • %TEMP%
  • %ProgramData%


Step 4. Fix hosts file

  • Go to %SystemRoot%\System32\drivers\etc\ folder



  • Open hosts file using Notepad or other text editor
  • Delete suspicious elements
  • Basic hosts file looks like this:



Step 5. Clean registry (for experienced users)

  • Click Start
  • Type Regedit.exe and press Enter
  • Clean startup registry keys
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER)\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

Step 6. Scan computer with antivirus

Here's Spyhunter anti-viral program which is not just efficient, but also modern and constantly progressing program that can clear your computer of all viruses. Push the button under this paragraph to purchase our tool and eliminate Evil Locker.


Special Offer

Download Spyhunter - Anti-malware scanner

We advise downloading SpyHunter to see, if it can detect malware for you.

Spyhunter has a biggest malware database

It protects the system against all kinds of threats: Trojans, adware and hijackers

24/7 Free Support Team

SpyHunter scanner detects threats and malware for free, but to remove infected elements you need to purchase a full version of program for 39.99$. More information about Spyhunter, EULA and Privacy policy.


Step 7. Disable Safe Mode and restart computer

  • Press Start
  • Type Msconfig and press Enter
  • Select Boot tab
  • Remove the check near Safe boot

How to restore files

Since you cleared your system of the virus, or at least you know how to do that, let’s think over the info recovery. As we said in previous paragraphs, if you use an administrator account and you granted Evil Locker a pass to the system – there is no method to restore your files aside from the previously saved copies. If you use a usual profile – you still have a chance, but it needs specific recovery tool. The most popular ones of them are Recuva or ShadowExplorer programs. You can download these tools easily on the official sites of their creators, with close instructions.

  • Click Start
  • Click Control Panel

Decrypt files. Step 1


  • Click System and Security

Decrypt files. Step 2


  • Select Backup and Restore

Decrypt files. Step 3


  • Select Restore files from backup
  • Select checkpoint to restore


Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 0.00 [0 Votes]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience