What is the "Los Pollos Hermanos" Virus?
Los Pollos Hermanos (Trojan.Cryptolocker.S) is another ransomware virus that uses the fast food logo of the famous Breaking Bad TV Show to inform the victims that their files will be lost for ever if they don't pay the requested ransom.
The Los Pollos Hermanos trojan, after infecting a computer, encrypts all the critical data on it (documents, photos, videos, etc) with a strong encryption and then displays a ransom demand message that informs the user that "Your important files have been encrypted: photos, videos, etc. If you want to decrypt your files you must pay the feed of $$$$. Failure to pay with the specified time will mean you must pay $1000 AUD. For support related inquires contact: theonewhoknocks…@mailinator.com".
Once your computer data are encrypted with Los Pollos Hermanos virus, then a message appears on your screen giving you a time limit of in order to pay the demanding ransom and decrypt your files. Many users (on the Internet) complained that the files are remained encrypted even after having paid the ransom. So do not pay the ransom and support the criminals.
In this article you can find detailed instructions on how to remove the new Los Pollos Hermanos (Cryptolocker.S) virus from your computer, if you don't want to pay the ransom to decrypt your files. Keep in mind that your files will be remain encrypted after the Pollos Hermanos virus removal, so it’s your own decision (and risk) to pay (or not) the ransom.
How to get back – decrypt - Los Pollos Hermanos encrypted files?
Unfortunately, there isn't exist (yet) a free decryption tool or service to decrypt Los Pollos Hermanos encrypted files. So, the only ways to get your files back is to pay the ransom (I suggest DON'T) or to restore your files from a clean backup. Also you can try to restore the encrypted files by using Shadow copies.
ONCE AGAIN: DO NOT REMOVE the Los Pollos Hermanos (Cryptolocker.S) infection if you want your files.
How to remove the "Los Pollos Hermanos" (Cryptolocker.S) Virus - Trojan infection?
Step 1. Start your computer in Safe Mode with Networking.
First of all you have to boot your computer into safe mode to prevent Cryptolocker.S virus from running. To do that:
- Windows 7, Vista & XP:
- Restart your computer and hit the “F8” key while your computer is starting up (before the appearance of Windows Logo).
- When “Advanced options” menu appears on your screen, navigate to “Safe Mode With Networking” option (using your keyboard arrow keys) option and hit Enter.
- Windows 8 & Windows 8.1:
- Press “Windows” + “R” keys to open the RUN window.
- Type msconfig & press OK.
- Click the Boot tab.
- Select the Safe Boot & Network options & click OK.
- Restart your computer.
Step 2. Terminate and remove Los Pollos Hermanos malicious process with RogueKiller.
- RogueKiller is an freeware anti-malware program, able to detect and remove generic malwares and some advanced threats such as rootkits, rogues, worms, etc.
- Download and run RogueKiller. (Download a compatible version for your system 32bit or 64bit)
- Allow the Pre-Scan to complete and then press the Scan button.
- Be patient until Rogue Killer scans your system.
- When the scan is completed, select all items found at Registry & Web Browsers tabs.
- Press the “Delete” button to remove items found.
Step 3: Remove Los Pollos Hermanos (Cryptolocker.S) malware infection with MalwareBytes Anti-Malware.
- Download and install Malwarebytes Anti-Malware Free. *
* Beware: at the last screen of installation, uncheck the box next to “Enable free Trial of Malwarebytes Anti-Malware PRO” in order to use the free version of this GREAT software.
- Run Malwarebytes Anti-Malware.
- Update the Database.
- Press the Scan Now button and then wait until the scan process is finished.
- When the scan is completed select all items found and then press Quarantine All.
- Restart your computer if needed and you ‘re done.
Step 4. Scan your system with your antivirus program.
Perform a full scan with your antivirus program to remove all remaining threats.
That’s all folks! Did it work for you?
Please leave a comment in the comment section below or even better: like and share this blog post in the social networks to help spread the word about these really annoying crap Windows infections.