NanoLocker

What is NanoLocker?

If you have never encountered ransomware applications before, you might be confused to see NanoLocker on your screen. However, if your desktop was adorned with a red notification that tells you owe somebody money, then you have definitely been infected with this malicious program. A ransomware program is a type of computer infection that promises to undo the effects of its payload if you pay a predetermined amount of money via Darknet channels. It goes without saying that users should never give their money away to cyber criminals. Your job right now is to remove NanoLocker from your computer, and then safeguard it so that similar intruders would never enter it again.

Where does NanoLocker come from?

NanoLocker looks like one of the many ransomware applications from the Crytolocker group. It surely shares the same features as previously released programs from this family, because upon installation it encrypts a list of files that have the following extensions: .sln, .php, .asp, .aspx, .html, .xml, .psd, .java, .jpeg, .pptm, .pptx, .xlsb, .xlsm, .db, .docm, .sql, .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb. Unlike the FBI Virus family ransomware, this program does not try to convince you that you have committed something wrong and thus you need to pay for your mistakes.

On the contrary, NanoLocker states outright that your files have been encrypted, and now you have to pay up if you want them back. Would you really get them back if you were to pay the ransom? That is a good question. Just like the one that asks how this program manages to find its way into your system.

The answer to the latter is simple: this program gets distributed via spam email messages. Spam emails often come with attachments that carry Trojan installations. At the core, this ransomware program is nothing, but the usual Trojan that enters target system pretending to be something else. For instance, the installer file might look like an image document or an MS Word document, and some users might feel compelled to click it in order to see what is inside. Unfortunately, once that happens, NanoLocker takes over the system.

What does NanoLocker do?

As you can already tell, the biggest problem with this infection is that it denies access to a great deal of files by encrypting them. Also, the application displays an obnoxious message on your screen that even contains the instructions on how to transfer the payment to a custom address:

Please follow these simple instructions to get Key and decrypt your files:

1. Create A New bitcoin Wallet in the site blockchain.info/wallet/new

2. Buy 0.11 BTC and put it to your new wallet. <…>

3. Send 0.10 BTC to address <address> from your blockchain wallet. <…>

4. Wait for answer mini-payment (it may take up to 24 hours) to get the Key

The key in question is the supposed decryption key that should decrypt your files when you have transferred the ~$43 payment. The notification also claims that the payout will be increased if you fail to pay within the first week.

Although this ransomware program does not block any system services, it renders your computer almost inoperable because you can no longer access your major files. Nevertheless, you can still open your browser and get yourself a legitimate antispyware tool that would help you delete NanoLocker for good.

Even if you restart your computer, the notification will not disappear anywhere because it is launched automatically from the lansrv.exe file that is located at the AppData directory. Not to mention that the ransomware program has a value added in the Run key, and it allows it to run automatically whenever you boot your PC.

How do I remove NanoLocker?

It is possible to delete this program manually, but it is not that easy to get rid of all the infection consequences. The problem is that it might be too challenging to restore your files without a professional decryption tool. And even so, the files could have been encrypted with a unique key that might be hard to emulate. Therefore, the most efficient way to get your files back is to restore them from a backup.

That is also why computer security experts urge users to keep a file backup either on a cloud drive or an external hard disk. Without this backup, it might be hard to restore your files, even if you do remove NanoLocker from your system.

While you are at it, please run a full system scan with the SpyHunter free scanner to see whether you have more unwanted applications on-board. Should you have any questions related to system security, do not hesitate to leave us a comment.

Manual Removal

1. Press the Win key + R for the Run box to open.
2. Enter %AppData% into the Open box and press the OK button.
3. Go to the Local folder and delete lansrv.exe.
4. Go back to your desktop and delete Decryptor.lnk and ATTENTION.RTF.
5. Press Win+R once more and the Run command box will open.
6. Enter regedit into the Open box and click OK.
7. Open HKEY_CURRENT_USER and click Software.
8. Go down to Microsoft and select Windows.
9. Open CurrentVersion and click Run.
10. Right-click the LanmanServer value on the right.
11. Click Delete in the drop-down menu and exit the Registry Editor.

Download Removal Tool100% FREE spyware scan and
tested removal of NanoLocker*