Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HKCU\Software\Locky


  • Please log in to reply
5 replies to this topic

#1 cd1123

cd1123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 01 May 2016 - 02:11 AM

I have only this in my registry, but no locked files ...   

 

I have managed to delete it but after a restart it shows up again. What is triggering this?


Edited by cd1123, 01 May 2016 - 02:43 AM.


BC AdBot (Login to Remove)

 


#2 Havachat

Havachat

  • Members
  • 1,050 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sleepy Hollow - Geelong - Go Cats.
  • Local time:02:46 AM

Posted 01 May 2016 - 03:44 AM

It will probably be in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

And each time you restart it adds elsewhere and etc.

 

I would advise strongly against editing the registry if you dont know what you are doing , you can render your PC to not work - RIP.

 

You would be better following instructions from an expert in the appropriate forum - Am i Infected and following their process to clean your system.



#3 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 01 May 2016 - 04:24 AM

The newest Locky variants do not create this registry entry anymore. So either your system is infected with an older Locky variant; or you have some security software that adds these entries as a vaccine. The old Locky variant does not encrypt any files if this registry entry is already there.

 

Please follow this Preparation Guide to request help in the Virus, Trojan, Spyware, and Malware Removal Logs subforum. Investigating this needs a little more advanced tools than are allowed in the Am I infected forum.

 

Back up your files if you haven't already!


Edited by Curie, 01 May 2016 - 04:25 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:46 PM

Posted 01 May 2016 - 06:00 AM


If you choose to follow the above instructions and post a FRST log, please reply back in this thread with a link to the new topic so we can closed this one. If not, at least you know doing that is an option available to you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 cd1123

cd1123
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 01 May 2016 - 06:28 AM

Thanks Curie,

 

I have installed Bitdefender Anti-Ransomware. I guess it istalled the registry entry. I guess you can close this topic.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:46 PM

Posted 01 May 2016 - 06:35 AM

According to several users commenting here, Bitdefender Crypto-Ransomware Vaccine will create the HKCU\Software\Locky\ entry.

If you are not posting a FRST log, then there is no need to close this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users