What is Malki Ransomware?
If you see words “ENTER UNLOCK CODE GIVEN BY MALKI!!!” and your screen is blocked; you might have encountered a threat known as Malki Ransomware. Unfortunately, it also means your files are most likely enciphered with a secure cryptosystem. Users can see how much damage was done after unlocking the screen. All files that were affected by this malicious program should have .malki extension at the end of the title. If you cannot wait to evaluate the damage to your files, we can offer our instructions provided at the end of the article. They will show both how to unblock the screen and erase the infection. However, if you wish to learn more about the malware first, we invite you to read the rest of this report.
How does Malki Ransomware work?
To block users screen, the threat shuts down the Windows Explorer. As a consequence, the user can no longer see the Window’s graphical user interface (GUI). Right after this, the malicious program should place a borderless blue window on the screen. The top sentence says “enter unlock code” and below it, the user can see a box to enter the mentioned code. Slightly below the box, there is also a small check box and a sentence in small letters: “I agree to Malki that I won't run the malware again...” It is probably some warning saying you cannot erase Malki Ransomware.
The last element on the Malki Ransomware’s blue screen is a button called “Unlock!” Clicking the button without inserting the right code does not do anything. It is difficult to say why the threat’s creators did not place instructions explaining how to obtain the right unlock code, but our researchers at Anti-spyware-101.com managed to find it while testing one of the infection’s samples. Therefore, if you type MALKIMALKIMALKI into the given box and click the unlock button you might be able to unblock the screen immediately.
What’s more, after removing the blue borderless window and restoring Windows Explorer we could not find any ransom note from which we could learn what these cyber criminals want in exchange of a decryption tool. Not that we would advise risking your savings while dealing with such untrustworthy people, but providing no ransom note is quite unusual for ransomware infections. Under such circumstances, all it is left to do is to replace enciphered data with copies or wait and see if the volunteer IT specialists can come up with a decryption tool. In any case, we urge you not to leave Malki Ransomware on the system as it could still pose a threat to it.
How to delete Malki Ransomware?
Before you can erase the malicious program, you will have to unblock the screen and restore the Windows Explorer. The instructions below the text will show a different way to unlock the screen from the one we provided in the text above. If you are determined to delete Malki Ransomware manually, you should complete all given steps. As for users who would prefer to use a legitimate antimalware tool we would recommend following the steps only until they restore the Windows Explorer. Then you should be able to download and install an antimalware tool of your choice. Once it is ready to use, set it to perform a full system scan and click the removal button that should appear after the scan to eliminate all detected threats at the same time.
Eliminate Malki Ransomware
- Tap Ctrl+Alt+Delete.
- Open the Task Manager.
- Click on File and choose either New Task (Run...) or Run new task.
- Type explorer in the given box and select OK.
- Navigate to Processes tab.
- Find a process belonging to the threat (process’s description could say AsloHora Ransomware).
- Select this malicious process and click End Task.
- Exit the Task Manager.
- Press Windows Key+E.
- Navigate to Downloads, Desktop, Temporary Files, or other directories where you save downloaded files.
- Identify the file that was launched before the computer got infected.
- Right-click the malware’s launcher and press Delete.
- Leave the Explorer.
- Empty Recycle bin.
- Restart the system.
tested removal of Malki Ransomware* 100% FREE spyware scan and
0 Comments.