Malware may reinstall itself multiple times if you don't delete its core files. This may require tracking down dozens of files in different locations.
We recommend downloading Restoro to eradicate Malware for you (it should cut down the time to about 15 minutes).
What is Lost Files ransomware? And how does it execute its attack?
Lost Files ransomware is a data-encrypting virus that can corrupt the files in an infected computer. It adds a suffix of “.Lost_Files_Encrypt” to each one of the files it encrypts. This new crypto-virus sends an email disguised as a notification email from Microsoft with the “Virus Detected On Your Computer” as its subject. The malicious email has an attached archive file named “WSS.zip” and if you open this file and allow the “Windows Security Scanner.exe” to run on your computer, it will display an installation progress bar making it look like its loading the tool even when it’s really not.
After its successful infiltration, Lost Files ransomware will make
“Attention!!! First of all we are terribly sorry to have encrypted your data. Because we are human too and we feel some guilt encrypting your data. We offer that we can help you decrypt it again for a small amount of Bitcoins(BTC).
The amount that we need from you is 500 USD that you will transfer to our BTC account. To Get your unique tool to decrypt your files, your need to push the button below and your BTC payment address will show, transfer 500 USD in BTC to that address.
After you have transfered the BTC you are going to send an email to our email address(Our email will also get displayed when pushed the button). Where you provide your BTC address of the wallet that you used to send our BTC(If you have other comments, you are welcome to say it)[Also remerber to check your spam inbox for when we send your decryption tool].
We will check it, if you have sent the BTC, you will get your decryption tool.
Another thing to keep in mind is that, at some point you won’t be able to get your data back again and it will be lost forever.
Everything from family memories to the hard work of yours, will be washed down the toilet and it will never return.
So it’s strongly advised that you start paying us for helping you to decrypt it. In the case that you are a little older and don’t know much about all the computer stuff then you can ask your children or grandchildren.
PLEASE Look below for additional information.”
How does Lost Files ransomware spread online?
Terminate Lost Files ransomware from the infected computer by following the removal guide presented below.
Step 1: Restart your PC and boot into Safe Mode with Command Prompt by pressing F8 a couple of times until the Advanced Options menu appears.
Step 2: Navigate to Safe Mode with Command Prompt using the arrow keys on your keyboard. After selecting Safe Mode with Command Prompt, hit Enter.
Step 3: After loading the Command Prompt type cd restore and hit Enter.
Step 4: After cd restore, type in rstrui.exe and hit Enter.
Step 5: A new window will appear, and then click Next.
Step 6: Select any of the Restore Points on the list and click Next. This will restore your computer to its previous state before being infected with the Lost Files Ransomware. A dialog box will appear, and then click Yes.
Step 7: After System Restore has been completed, try to enable the disabled Windows services.
- Press Win + R keys to launch Run.
- Type in msc in the box and press Enter to open Group Policy.
- Under Group Policy, navigate to:
- User Configuration\Administrative Templates\System
- After that, open Prevent access to the command prompt.
- Select Disable to enable cmd
- Click the OK button
- After that, go to:
- Configuration\Administrative Templates\System
- Double click on the Prevent Access to registry editing tools.
- Choose Disabled and click OK.
- Navigate to :
- User Configuration\Administrative Templates\System>Ctrl+Alt+Del Options
- Double click on Remove Task Manager.
- And then set its value to Disabled.
Step 8: Next, tap Ctrl + Shift + Esc to open the Task Manager and then go to the Processes tab and look for the malicious processes of Lost Files Ransomware and end them all.
Step 9: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK to open the list of installed programs. From there, look for Lost Files ransomware or any malicious program and then Uninstall it.
Step 10: Tap Windows + E keys to open the File explorer then navigate to the following directories and delete the malicious files created by Lost Files ransomware such as Windows Security Scanner.exe, WSS.zip, Ransomware Lost Files Message.txt and [random].exe.
- %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
Step 11: Close the File Explorer.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use Restoro, this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then by all means go on to the next steps.
Step 12: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.
Step 13: Navigate to the paths listed below and delete all the registry values added by Lost Files ransomware.
- HKEY_CURRENT_USER\Control Panel\Desktop\
- HKEY_USERS\.DEFAULT\Control Panel\Desktop\
Step 14: Close the Registry Editor and empty your Recycle Bin.
After you’re done with the steps given above, you need to continue the Lost Files ransomware removal process using a reliable program like Restoro. How? Follow the advanced removal steps below.
Perform a full system scan using asr. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot it.
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in the URL address, https://www.fixmypcfree.com/download.php?asr in the Run dialog box and then tap Enter or click OK.
- After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
- Once the installation process is completed, run asr to perform a full system scan.
- After the scan is completed click the “Fix, Clean & Optimize Now” button.