DMA Locker Ransomware

What is DMA Locker Ransomware?

DMA Locker Ransomware is a malicious computer infection that enters your system having only one purpose in mind: money. Ransomware programs are exceptionally dangerous because they unleash their payload before you can even understand that your computer’s security has been breached. They will not allow you to open your files until you pay the ransom, and that is something we would strongly discourage you from doing.

Please scroll down to the bottom of this description for the manual removal instructions. You can delete DMA Locker Ransomware from your computer on your own, although it would be a good idea to find out more about the program and how it has affected your PC.

Where does DMA Locker Ransomware come from?

The researchers at Anti-spyware-101.com say that this malicious infection spreads around via spam email attachments. We receive spam email messages every single day, and, for the most part, the biggest amount of them get filtered into the Junk Mail folder by our email service providers. However, some spam messages manage to get through pretending to be legitimate notifications from financial institutions and so on. Not to mention that quite often users do not realize the actual danger behind random messages.

Before you click a link or open an attachment from an unfamiliar sender, you should ask yourself whether you really have been expecting such a message. Also, even if you have downloaded the attachment already, you would do yourself a favor if you scanned it with a legitimate antispyware tool. Perhaps it is about time to invest into one.

We have actually encountered similar infections before, and the previous versions of this program went by the name of MadLocker. We believe that this exact program is the fourth version already because of the DMA Locker 4.0 line that we see at the top of the program’s interface.

What does DMA Locker Ransomware do?

The moment you launch the malicious installer file, the program drops a copy of itself in the %ALLUSERSPROFILE% directory. The file is called svchosd.exe, and it is one of those files you will have to remove from your system. The good thing is that the ransomware does not try to hide this file; it can be easily seen in plain sight.

Once that is complete, the ransomware will also create two more files, called select.bat and cryptoinfo.txt. These two files display the ransom notification even if a user deletes the svchosd.exe file. You see, at this point, your files have already been encrypted, so the program no longer needs to keep on dropping its payload. It only has to display the ransom message that would push you into giving away your money.

The ransom note says that you have to pay approximately $440 (or one bitcoin) within four days. If you fail to acquire bitcoins, and you do not pay the ransom fee, it will increase, and eventually the criminals will destroy the decryption key that should otherwise help you decrypt your files. Here we would like to point out that there is no guarantee the criminals would issue a decryption key in the first place. They are only concerned about getting your money, and they cannot guarantee that the decryption key will be issued immediately.

How do I remove DMA Locker Ransomware?

You can terminate this program by following the instructions we have provided below this description. Also, the best way to restore your files would be copying and transferring them from external hard drives and cloud storages. Please do so AFTER you have erased this infection from your computer. Ransomware programs are programmed in a way that they can detect and decrypt files in plugged in external drives as well, so you should know better than to give it a chance.

Finally, do not hesitate to get yourself a legitimate antispyware tool. It is highly possible that you have several unwanted and potentially dangerous programs in your computer, and some of them might be too complicated and intrusive to delete on your own. Thus, a licensed antispyware tool is always your best bet when it comes to protecting your PC from harm.

Should you have any further questions on ransomware applications, malicious infections, and computer security in general, please do not hesitate to leave us a comment. We will reply as soon as possible.

Manual DMA Locker Ransomware Removal

1. Press Win+R for the Run prompt to open.
2. Enter %ALLUSERPROFILE% into the Open box and press OK.
3. Find the svchosd.exe, select.bat, and cryptoinfo.txt files and delete them.
4. Press Win+R again and enter regedit into the Open box. Click OK.
5. Navigate to HKEY_CURRENT_USER\Software.
6. Find the dma_id and dma_public_key values on the right pane of your window.
7. Right-click the values and delete them.
8. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
9. Locate the Windows update value on the right pane with “select.bat” for Data.
10. Right-click the value and select to Delete it.
11. Exit the Registry Editor.

Download Removal Tool100% FREE spyware scan and
tested removal of DMA Locker Ransomware*