AutoLocky Ransomware Removal

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove AutoLocky Ransomware. These AutoLocky Ransomware removal instructions work for all versions of Windows.

If you’re on this page you have most likely been befallen by one of the nastiest cases of PC disease out there – AutoLocky . It belongs to the type of malware known as ransomware and is characterized by the fact that it sneaks into your computer and encrypts all of your files. After this, once the encryption process has been completed, the developers will offer you the encryption key in exchange for ransom – which is where this virus gets its name from.

Sadly, as malicious software goes, AutoLocky is so stealthy and unnoticeable that you will not be able to detect its existence until all of a sudden you’re facing a shocking text on your screen. It will usually go along the lines of informing you that your files have been encoded and unless you pay for the key immediately, the ransom will double, then triple and eventually you will lose access to your files forever. This doesn’t, however, necessarily need to be this way and in this guide we’ll show you how to possibly remove this threat.

How has this happened to me?

Ransomware has been around as early as the nineties, where originally they appeared in Russia. Today, unfortunately, it is growing ever popular all across the globe and can infect literally anyone. The way it usually ‘travels’ is ‘on the back’ of a Trojan horse, or Trojan – another type of virus. They may come in the form of an email with an infected file – even a Word file, for example – or a link to some website, which, when you open, unleashes the ransomware into your computer.

There is a small chance that you might not be sure that you are a victim of AutoLocky and only suspect that something might be terribly wrong with your computer. In this case you should keep a lookout for very, very slow functioning of your machine.  Ransomware tends to use a lot of the RAM space and CPU power and if you think there could be an issue, check your task manager for programs using the most RAM/CPU. If you see something you don’t recognize, you should shut down your PC right that instant and seek professional assistance. AutoLocky is nothing to be toyed with, this virus can and will cause serious damage to your system if nothing is done about the matter.

How does this work exactly?

The encryption process of your data is often a time consuming process and is done with the help of two encryption keys – one private, one public (to which you have access to you). The private one is the one the ransom is demanded for and you need access to both in order to regain access to your files.

Here are a few things to keep in mind, when considering paying the ransom money to the criminal minds behind the virus:

Understand that these people are in it for the money, and by giving them money – you will be encouraging them to continue and go on harming other people’s data and blackmailing them into paying the requested ransom. Which, mind you, is absolutely no guarantee that you will in fact receive the key they’ve promised you. Or, for that matter, that the key will work flawlessly and de-encode all of your files. There are NO guarantees here, none. We cannot even promise that the steps in this guide will work 100%, but they will surely not hurt your computer if you try them out before deciding to part with your money on some hacker’s demand.

And having mentioned money – here’s the interesting part and a possible explanation as to why AutoLocky and others like it have become so popular lately. Most of the time the hackers will accept their ransom in Bitcoins – a crypto currency, which is impossible to trace. Therefore, when and if you pay them, you’re making them unreachable for the authorities, which should also serve as a reason not to give in to their threats.

In conclusion, we think it wise to teach users how to prevent getting entangled with problems like these, instead of having to deal with the messy consequences that follow. That being said, we strongly advise you to be very cautious when opening emails from unknown senders – or even senders you know, but seem suspicious. And, of course, you should at all times have a good antivirus program running to ensure a safe browsing experience.


Name AutoLocky
Type Ransomware
Danger Level High (Can encrypt forever all of your personal files on the machine)
Symptoms Slow performance in initial stage, follow by message requesting ransom and having your files encrypted.
Distribution Method Most commonly through a Trojan horse via email attachment or link.
Detection Tool Ransomware may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove AutoLocky

Readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. AutoLocky  may have hidden some of its files.

Hold the Start Key and R – copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with AutoLocky

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”


If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment