Rocklee
Rocklee is a program of the Makop Ransomware family that can encrypt your most valuable data. The first thing that Rocklee does is to figure out which are the files that are of greatest value for you so that it can encrypt them later and ask for a ransom.
The next move you can expect from this terrible virus is to send a warning message that tells you your files have been encrypted and you won’t be able to decrypt them unless you pay a certain amount of money to some anonymous cyber crooks. A few viruses can be more dangerous than Ransomware viruses. These are, perhaps, the most complex and disturbing pieces of malware on the internet. More and more users are abused by threats like Rocklee because the criminal creators use highly versatile distribution methods for spreading ransomware online. At present, as Ransomware becomes increasingly popular, you can get infected from almost anything on the Internet – from compromised emails and malicious attachments to drive-by downloads, torrents, malicious websites, infected software installers, and malvertisements. Dealing with such software can also be very challenging more so since it can be very hard to remove it and recover the system to its previous state. On this page, however, there is a manual guide that contains instructions that can be of great value for someone who has been struggling with Rocklee.
The Rocklee virus
The Rocklee virus is a malicious piece of software, that will make your files unavailable and will ask you to pay a ransom to regain access to them. To keep your data hostage, the Rocklee virus uses a secret encryption code that cannot be reversed without a decryption key. Once the targeted files have been encoded, the ransomware will display a very frightening ransom message that typically will include instructions from the criminals who control the infection, payment details, and deadlines.
Text in this ransom note and the “+README-WARNING+.txt” file:
::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.
.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.
.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
.4.
Q: How to contact with you?
A: You can write us to our mailbox: [email protected]
Or you can contact us via TOX: 2045F43C36CF86051CC7129C1FF74E84BCDC7A527C059676E546F58A1D8DF94B3C47F17F2E54
You can download TOX client here: hxxps://qtox.github.io/
.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
.6.
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice – time is much more valuable than money.
:::BEWARE:::
DON’T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions – please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
In general, if you want to clean your computer from Rocklee, you should know that there is a way for the malware to be removed. Typically, this can happen manually, with the help of a removal guide or automatically, by using a professional removal tool. As far as your files are concerned, their recovery is a completely different story. You can never be sure whether you will be able to access them again unless you have a full data backup on an external drive where you can copy them from. Even the money you may decide to pay as ransom could go in vain because the offenders who blackmail you usually have no honest intent. They are typically only after your money and once they get it, they can vanish.
The Rocklee file recovery
The Rocklee file recovery is a challenging task that may require you to risk your money for a secret decryption key. However, the Rocklee file decryption key may never be sent to you even if you strictly fulfill the hackers’ demands. These people regularly break the law, so you can’t expect them to be honest with you. Therefore, do your best to explore the possibilities for recovery and consider all the steps you can take before you decide to pay the ransom. Get the most effective tool against such infections, ask an expert for support or check the web for some removal guides and solutions.
SUMMARY:
| Name | Rocklee |
| Type | Ransomware |
| Danger Level | High (Ransomware is by far the worst threat you can encounter) |
| Symptoms | Very few and unnoticeable ones before the ransom notification comes up. |
| Distribution Method | From fake ads and fake system requests to spam emails and contagious web pages. |
| Detection Tool |
Remove Rocklee
Some of the steps will likely require you to exit the page. Bookmark it for later reference.
Reboot in Safe Mode (use this guide if you don’t know how to do it).
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous.
Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:
After you open their folder, end the processes that are infected, then delete their folders.
Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.
Hold the Start Key and R – copy + paste the following and click OK:
notepad %windir%/system32/Drivers/etc/hosts
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Type msconfig in the search field and hit enter. A window will pop-up:
Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.
- Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.
Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.
Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you delete entries not related to the ransomware.
Type each of the following in the Windows Search Field:
- %AppData%
- %LocalAppData%
- %ProgramData%
- %WinDir%
- %Temp%
Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!
How to Decrypt Rocklee files
We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.
If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!
Leave a Comment