Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


aesir locky, managed to shut down computer before it was finished. what next?

  • This topic is locked This topic is locked
2 replies to this topic

#1 MrMusashi


  • Members
  • 1 posts
  • Local time:03:11 AM

Posted 25 November 2016 - 07:46 AM



Last night a client got hit by locky with aesir file extension. He managed to shut down the pc before the program managed to encrypt everything,

I am making an image of the disks as we speak so i can work on it without worrying about breaking things

I have been looking for information on what to do since it never completed the encryption run.

I have read this thread http://www.bleepingcomputer.com/forums/t/605607/locky-ransomware-zepto-support-and-help-topic-help-instructionshtml
and i have searched for more detailed information but i havent been able to find anything about what to do

I presume the encryption process will run automatically again when i start the computer from the infected drive
What can i do to stop that from happening?

Also some information about the order of how the program operates would be nice
Reason i ask is because id like to know when it removes the shadow copies. At the beginning? end of process?

Im hoping for some help regarding this

Thanks for reading!



BC AdBot (Login to Remove)


#2 junior1505


  • Members
  • 2 posts
  • Local time:07:41 AM

Posted 26 November 2016 - 12:54 AM

Greetings of the day.

Share your concern and pains MrMusashi.  i join you in the same.

Yes, for us it was Black Thursday.  We were infected with Locky Ransome virus and we how ever could remove the virus using Kaspersky Virus Removal Tool (KVRT) and MBAM antimalware.

But still searching solutions for decrypting of the encrypted files in .aesir format.

Can anyone help and suggest.



#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,077 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:11 PM

Posted 26 November 2016 - 06:41 AM

A repository of all current knowledge regarding Locky Ransomware is provided by Grinler (aka Lawrence Abrams), in this topic: Locky Ransomware Information, Help Guide, and FAQ.

Unfortunately, there is no known way at this time to decrypt files encrypted by Locky variants without paying the ransom.

There is an ongoing discussion in this topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users