Lssr Virus


Lssr is a malicious infection of the ransomware type that is aimed extorting money from web users through the methods of file encryption. Lssr targets valuable digital files and renders them inaccessible so that it can demand a ransom payment for their decryption.


The Lssr ransomware will leave a _readme.txt file with instructions

If you are reading these pages, you possibly have fallen victim to Lssr which is one of the latest ransomware infections. Looking for how to recover from the strong encryption that this malware has applied on your most needed files can be very frustrating but the good news is that, on this page, we have a removal guide that is specially designed to assist you. The instructions in it will explain to you how to get the Lssr infection removed and, hopefully, how some of your files can be restored. Our “How to remove” team has created detailed screenshots and step-by-step descriptions that will direct you through the entire manual removal process.

The Lssr virus

The Lssr virus is a ransomware infection that robs users of their digital files by encrypting them. Once the file encryption has been applied, the Lssr virus generates a ransom-demanding message that requires a money transfer from the victims.

A group of cyber criminals has created this cryptovirus with the only objective of generating plenty of money through blackmail. The scheme that the Lssr (or Pooe and .Zqqw) ransomware uses is quite simple: as soon as the infection sneaks into the system, a powerful encryption algorithm is applied to all files stored on the victim’s machine. These could be images, digital documents, archives, databases, audio and video files, etc. The ransomware can even change the file extensions of the encrypted information in order to make it unrecognizable to the device and any software that is installed on it.

Unlike other viruses that hide their presence and continue to perform malicious tasks stealthily, the ransomware alerts you of its presence by displaying a ransom message on the computer immediately after the encryption process has ended. In this message, the victims can find instructions for obtaining a decryption key through the ransom payment. The cyber criminals typically ask for a fixed amount of money for the decryption key that is supposed to be used to recover the victim’s files.

The .Lssr file encryption

The .Lssr file encryption is a harmful process during which user files become inaccessible without a decryption key. The .Lssr file encryption is performed in secret and the users are notified about its consequences with the help of a ransom note.


The .Lssr virus encrypted files

The victims always have the dilemma about how to deal with a ransomware infection in the best possible way. Paying the ransoms seems to be the fastest way, but no one can guarantee that the crooks will really give the decryption key, let alone that it will work flawlessly. On the other side, not paying the ransom leaves not so many choices for you. In any case, the system is still vulnerable to malicious attacks if you don’t remove the infection. That’s why our suggestion is to remove Lssr from your device using the instructions below and try our free suggestions for file recovery.


Name Lssr
Type Ransomware
Data Recovery Tool Not Available
Detection Tool

anti-malware offerOFFER *Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

Remove Lssr Ransomware


Lssr is known for starting a number of malicious processes that operate in the background of the system without the victim’s knowledge. Therefore, the first thing that users who want to remove this ransomware should do is to find those processes and stop them.

Before doing that, however, we advise you to click on the Bookmark icon (top right) and save this page with removal instructions for reference later in the guide where you will need to get back to it after each system reboot.


Now, head to the Start button and click it. Type Task Manager in the search bar and open the first result at the top.

In the new window, click on the Processes Tab.

Then, carefully scroll the list of processes and search for a dangerous process that could be related to the malicious activity of Lssr on your system. Pay special attention to any process with an odd name or unusual activity and do the following:

  • Select the suspicious-looking process and right-click it.
  • Select Open File Location


Scan whatever files are found in that location with the free online virus scanner below :

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    If the scanner detects danger in the files, end the related processes (right-click on it >>>End Process), and remove its files and folders.

    You can repeat the scanning process above for every single process that you find suspicious until you are sure there are no more dangerous processes running in the Task Manager.


    In the second step, we recommend that you reboot the infected computer in Safe Mode (use this guide from the link to do that quickly) to prevent any other possible malicious processes from running in the background without your knowledge.

    Once the computer reboots in Safe Mode, use the Windows and R key combination to open a Run dialog box on the screen. Then,  copy the line below in the Run box and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    Inside the text of the Hosts file that opens, search for Localhost and check what is written below. If you find suspicious IP addresses there, just as in the image below, please write us in the comments with a copy of those IPs. We will take a look at them and will tell you what to do in case they turn out to be dangerous.

    hosts_opt (1)

    Otherwise, if you detect nothing suspicious, you shouldn’t worry.


    A common place where ransomware threats like Lssr may add malicious entries is the Startup tab in System Configuration.

    For that, type msconfig in the search field and hit enter to open the System Configuration screen. After that, in the Startup tab, search for  startup items that aren’t related to any of the programs that usually start when the system boots.

    Entries with unknown Manufacturer or odd names are most likely to be part of the threat, so once you detect them, remove their checkmark to disable them.


    Finally, click OK to save the changes that you have made.


    The Registry is another system location where Lssr may add malicious entries without the victim’s knowledge. Therefore, it is especially important that you check it out for dangerous items that need to be deleted.

    For that, start the Registry Editor by typing Regedit in the windows search field.

    Select the first result and once the Editor opens, press CTRL and F keys from the keyboard together.

    In the Find box that appears on the screen, write the exact name of the ransomware and click on Find Next. If there are entries with that name in the Registry, delete them. If needed, repeat the search again until no more entries are found.

    Caution! There is a high risk of involuntary  system damage if you delete entries not related to the ransomware. To avoid that risk, please use a professional removal tool that can scan and clean your entire system.

    Once you are done with the Registry, go to the Windows Search Field and type each of the five listed lines below one by one:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    In each of them, check for recently added files that could be related to Lssr. When you open the Temp folder, make sure you delete all of its content.


    How to Decrypt Lssr files

    Decrypting the files encrypted by Lssr require different actions that are not related to the steps you used above to remove the ransomware. Therefore, to separate things and avoid confusion, in this final step, we have added a link to another comprehensive guide that describes the most effective alternatives that may help you decrypt your files. You can check it out here for free and give a try to all the listed data-recovery methods.

    If you need help during any of the steps on this page, please drop us a comment below. Also, know that if Lssr turns out to be more persistent than expected, you can use the recommended removal program from this guide to remove any hidden traces of the ransomware from your computer.

    About the author


    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment