What is Winlocker?
Winlocker is a kind of malicious software which locks the operating system of the user. Of course, if the computer has got this virus, it immediately begins to do his business. For example, once infected, it automatically registers itself in the startup of the system, and this means that it can automatically run together with the personal computer. After starting Winlocker restricts user literally in all actions with mouse and keyboard. Also requests to send to the specified account a sum of money, after the payment which it is alleged will be automatically deleted. Of course, if users fall for this trick, no unlock system is not going to happen.
Winlocker has mostly file extension .exe. While it is usually distributed through different electronic messages that in one way or another interested user. This message is attached the attachment can be either a picture or a video (although in reality it is the same Winlocker). In order not to fall for the trick, users should be vigilant and at least look at the extension of the file, which was sent to him. Generally have the following extension .jpg, .pmg .gif etc. Video, in turn .avi, .mp4, .flv, etc. If the file extension does not correspond to these extensions, most likely it Winlocker (extension is .exe).
How to remove Winlocker?
If your personal computer is still infiltrated by a ransomware, you must remove it from startup, and then fully remove from your PC. First, before proceeding, you should check what functions Winlocker blocked. To do this, press the hot key combination Ctrl + Alt + Delete. If these steps did not help, then try to run the program "Run" with a combination of Win + R and enter regedit.
It should be noted that in most cases neither of these teams is not working. Then you must start the computer in safe mode (after restart press F8). Command line is also prescribed regedit and run registry editor. Here navigate to the following branch: HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run and HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / Run. In those branches you want to remove unfamiliar programs: hkcmd.exe, igfxtray.exe, igfxpers.exe. Then you need to find the parameters of Shell and UserInit, the value of which should be spelled out explorer.exe and the path to the file userinit.exe (C:/Windows/system32/ userinit.exe), respectively.
Usually instead of one of these parameters is prescribed, the path to the malicious file. It is required to remember, and once the correct values have been entered, go that route, find the file and delete.