SurveyLocker Ransomware Removal Guide

SurveyLocker Ransomware is a screenlocker-type ransomware which means that it locks the victim’s computer and prevents using it altogether. Removing this software is not only possible but highly recommended as well. Our research has shown that this ransomware is distributed via email spam and can enter your computer by stealth. It is designed to lock your computer’s screen and make you fill out a survey to unlock it. It appears that instead of demanding that you pay a ransom, this ransomware makes money by forcing you to fill out the surveys. To find out more about it, we invite you to read this whole article.

We do not see a program of this type too often, and the way it works is rather unique. Still, it has vulnerabilities you can exploit to get rid of it without inflicting lasting consequences. However, before we go any further, it is important to talk about its distribution methods first because this information can help you avoid getting it on your PC if you have not already got it. Our research has revealed that it is distributed in the same way as most ransomware-type software is. Its developers use email spam featuring a malicious file attachment that can get your computer infected with this ransomware. The malicious email spam can pose as legitimate business-related correspondence, invoices, and so on and use subtle persuasion to get you to open the attached file. We think that the attachment should contain a Trojan that, when executed, secretly downloads SurveyLocker Ransomware. However, we have received reports that this ransomware can also be included in a self-extracting file archive that downloads and executes this file automatically.

Once this ransomware is executed, it will terminate and block explorer.exe and taskmgr.exe from running. Then it will open its Graphical User Interface (GUI) window that says that your computer has been locked and that you have to fill out a short survey to unlock your computer. It features a dialog box in which you can enter the unlock code. If you attempt to click the Close button, this ransomware will render a box with a message that reads “Hmmm, that didn't work I wonder what will.” Now, even if you fill out the survey, there is no guarantee that this ransomware will unlock your PC. We have found that if you enter “hurr durr” instead of the unlock code this program will crash and open explorer.exe. Take note that this code may not work for you as this ransomware can have several variants or iterations. As a result, you will be able to use your computer, but you are far from finished.

SurveyLocker Ransomware creates a Point of Execution (PoE) at HKCU\Software\Microsoft\Windows\CurrentVersion\Run that has Value name of Update. This PoE ensures that this ransomware is launched on system startup, so it must be deleted as well. Hence, if you enter “hurr durr” in the dialog box it will kill this ransomware’s randomly named executable in the current Windows session, but will not delete this PoE.

As you can see, SurveyLocker Ransomware is quite a dangerous program, but you can deal with it on your own. We tested this ransomware and found that it does not open any survey when you click Open Survey. The surveys might not work because it is still in development or its server is down, provided that it has one. We recommend that you remove it manually using the guide included below this article that includes using SpyHunter to detect the malicious file. Also, you can use the said program to not only detect but eradicate this infection.

Boot your PC in Safe Mode with Networking

Windows XP

1. Open the Start menu and click Restart.
2. Press and hold the F8 key while the computer restarts.
3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking and press Enter.
4. Log on to your PC.

Windows 7 and Vista

1. Click the Start button click the arrow next to the Shut Down button, and then click Restart.
2. Press and hold the F8 key as your computer restarts.
3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.

Windows 10/8.1/8

1. Press the Windows Key.
2. Type Change advanced startup options in the search window and press Enter.
3. Under the Recovery tab, select the Restart now option under Advanced startup.
4. Select Troubleshoot.
5. Select Advanced options and go to Startup Settings.
6. Click the Restart button.
7. Select Enable Safe Mode with Networking by pressing 5.

Delete SurveyLocker Ransomware

1. Open your browser.
2. Go to http://www.411-spyware.com/spyhunter
3. Download SpyHunter-Installer.exe
4. Run the Installation Wizard.
5. Launch the program.
6. Select Scan Computer Now! And let is scan the PC.
7. Then, press Windows+E keys.
8. Enter the file path of the malicious files in the File Explorer’s address box and press Enter.
9. Right-click the malicious files and click Delete.
10. Empty the Recycle Bin.