FANDOM


DexLocker or DexCrypt is a ransomware that was discovered by JAMESWT.

Payload

Once the user installed the ransomware, it immediately reboots the computer, overwrites the Master Boot Record and the victim is greeted with an ascii skull and a message to send 30 yaun to the 2055965068 qq address in order to get access to their computer again.

Ransom note:

   .-'      '-.n rel-1.11.0-11-g4a6dbce-dirty-20180208_122420-PC)
  /            \ 643f-7562-4575-b6a5-747bd6b5f02d
 |              |
 |,  .-.  .-.  ,|7aee315
 | )(__/  \__)( |.org) 00:03.0 C980 PCI2.10 PnP PMM+DFF929DO+DFF529DO C980
 |/     /\     \|
 (_     ^^     _)
  \__|IIIIII|__/d Disk...
   | \IIIIII/ |
   \          /
    `yao mi ma gei 30 yuan jia qq 2055965068`

Removal

According to kangxiaopao, the user can enter the ssssss password to gain access. If this password does not work and it does only replace the Master Boot Record, it can be fixed by booting up into the Windows Recovery Console and restoring the Master Boot Record using the following commands:

bootrec /RebuildBcd
bootrec /fixMbr
bootrec /fixboot

Once the user enters these commands, they can reboot and get access again to Windows again.

Community content is available under CC-BY-SA unless otherwise noted.