Remove Lokf Ransomware Virus

How to Remove Lokf Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

is a variant of the notorious STOP/DJVU cyber menace. The nasty ransomware is dangerous and damaging. It slithers into your system via trickery and finesse. And, once it settles, brace yourself. You’re in for quite the ordeal. The infection spreads its corruption, and encrypts every file you have. It locks pictures, documents, videos, archives, music. All your files get renamed with the ‘.lokf‘ extension. And, once it’s in place, they get rendered inaccessible. A photo called ‘one.jpg’ turns into ‘one.jpg.lokf.‘ The only way to remove the encryption, and unlock your data, is with a key. “The only method of recovering files is to purchase decrypt tool and unique key for you.” A unique decryption key that will cost you. The ransomware lists its demands, and provides instruction in the note, it leaves you. It’s a text file, called “_readme.txt.” And, you can discover it on your Desktop. It’s pretty standard as far as ransom notes go. It opens with “Don’t worry, you can return all your files!” And, claims that to get the key, you have to pay $980. To entice you into paying, it even offers a discount. “Discount 50% available if you contact us first 72 hours, that’s price for you is $490.” Supposedly, once you complete the payment, you’ll get the key you need. Don’t fall for that. It’s all a web of lies, in which the Lokf menace, hopes you fall into. Remember that you’re dealing with cyber criminals. Data kidnappers, who extort you for money. Don’t let their tactics prove successful, and don’t let them profit off of your fear and naivety. Don’t waste your time, money and energy dealing with these strangers. Compliance is not the way to go.

How did I get infected with?

The Lokf tool invades via slyness and subtlety. It turns to the old but gold invasive methods to sneak in. And, not only does it succeed, but it does it undetected. And, it manages that, by preying on your carelessness. The infection relies on your distraction, haste and gullibility. And, hopes that you’re not vigilant enough to prevent its infiltration. Don’t oblige. If the tool preys on your carelessness, be extra careful. Don’t ease its invasion. It resorts to the usual antics. Like, hiding behind corrupted links, sites or torrents. Or, using spam emails, freeware and fake updates. The Lokf threat has its pick of tricks. It’s up to you to hinder its attempts at sneaking in. Be thorough enough to catch it in the act of attempting to invade, and prevent its success. Even a little extra attention can save you a ton of troubles. Always take the time to be thorough. Read terms and conditions, and double-check everything. Don’t click on, or agree to, anything, in blind faith. Caution is crucial if you wish to keep an infection-free PC.

Remove Lokf

Why is Lokf dangerous?

After Lokf finishes its encryption process, you face a choice. You have to decide whether to pay the ransom, or not. Heed experts’ advice, and don’t pay these people. Payment won’t solve your problems. Here’s the thing. Think about what happens after you make that choice. What follows, after you send these people the ransom money? They promised to send you the decryption key you need, but what holds them to that promise? All, you get is their word. They provide zero guarantees. They can choose to send you nothing. Or, they can send you one that proves useless. And, even if you get the right one, you’re not in the clear yet. The infection can put you back to square one, by locking your data again. Yes, it can strike a mere minute after you apply the decryption key, and unlock your files. Do yourself a favor, and keep your money. Don’t waste resources on the vague promises of unknown individuals. Always keep in mind that you’re dealing with cyber criminals. Don’t trust them. Don’t comply.

Lokf Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Lokf Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.


  • Locate any suspicious processes associated with Lokf encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Lokf encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment