SurveyLocker Ransomware Removal Guide

Do you know what SurveyLocker Ransomware is?

Our malware researchers have recently acquired a sample of SurveyLocker Ransomware and analyzed it. They found some interesting things about it and determined that it is a highly dangerous application that you should remove. Unlike most ransomware that encrypts files and asks to pay a ransom, this new program falls into the subcategory of ransomware that locks the screen of the infected computer and demands the user to fill out a survey to get the code needed to unlock it. Luckily, this ransomware does not work as intended and does not present the victim with any surveys.

SurveyLocker Ransomware is a one of a kind program, but it is not the first time malware developers have used surveys as a means to make money. We have previously analyzed ransomware such as Sharecash Screenlocker and Fileice Ransomware that also offer the victim to fill out surveys to unlock their computers. Now, if SurveyLocker Ransomware happens to infect your computer, then we want to inform you that its main executable can be dropped anywhere on your PC and the name of the executable file can be random.

Provided that the infection was successful, this ransomware will terminate explorer.exe and taskmgr.exe and prevent from launching them. It will then launch its graphical user interface and present you with the ransom note. The note says that you need to fill out a short survey to get the unlock code. However, there is a slight problem. This ransomware does not open any surveys when you click Open Survey. Therefore, our malware researchers think that this ransomware may be incomplete or its command and control server could be offline. In any case, this means that you cannot fill out a survey even if you wanted to. Nevertheless, there is a way to bypass the lock screen and get back control over your PC.SurveyLocker Ransomware Removal GuideSurveyLocker Ransomware screenshot
Scroll down for full removal instructions

There is no use trying to close the window by clicking the Close button because you will be greeted with "Hmmm, that didn't work I wonder what will" message. Nevertheless, if you enter “hurr durr” in the dialog box and click Unlock PC, the application will crash and launch explorer.exe. However, this would not be the end of it because this ransomware creates a Point of Execution (PoE) that is set to launch SurveyLocker Ransomware on system startup. It creates a registry string named Update at HKCU\Software\Microsoft\Windows\CurrentVersion\Run that is configured to launch this ransom once Windows is booted up. You should delete this string, but before you do that, you should eradicate the main executable causing you all this trouble.

Before we move on to its removal, we want to provide you with some information about how SurveyLocker Ransomware is being distributed. According to our malware analysts, this ransomware is disseminated via email spam. Its developers have probably set up a server dedicated to sending email spam to random email addresses in hopes to infect the computer of a potential victim. The ransomware is included in an attachment that is said to be an ordinary executable. You have to launch it manually for it to start doing its dirty work.

In summary, SurveyLocker Ransomware is a semi-functional malicious application that is set to lock your computer’s screen and demand that to fill out a survey to unlock your computer. However, it does not open any surveys, so the only thing you can do is remove it and we can help you with that. Our security specialists have composed a guide that will help you delete this particular ransomware. However, in order to do that, you must boot up your PC in Safe Mode or Safe Mode with Networking if you are planning on installing an anti-malware program. If you do, then we recommend SpyHunter as testing has shown that it is more than capable of dealing with this ransomware.

Boot your PC in Safe Mode with Networking

Windows 10

  1. Click the Start button and then the Power button.
  2. Hold down the Shift key and select Restart.
  3. Select Troubleshoot in the resulting full-screen menu.
  4. Go to Advanced options and select Startup Settings, then press Restart.
  5. The PC will reboot, and bring you to a Startup Settings screen.
  6. Use the arrow keys on your keyboard to select Enable Safe Mode with Networking.

Windows 8 & 8.1

  1. Press the Win+C keys and then click Settings.
  2. Click Power, hold down Shift on your keyboard and click Restart.
  3. Click Troubleshoot, then click Advanced options, and select Startup Settings.
  4. Click Restart and press 5 on your keyboard to Enable Safe Mode with Networking.

Windows 7 & Vista

  1. Restart the computer.
  2. Press and hold the F8 key as your computer restarts.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.
  4. Log on to your computer with a user account that has administrator rights.

Windows XP

  1. Click the Start button and then click Restart.
  2. Press and hold the F8 key as your computer restarts.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking, and then press Enter.
  4. Log on to your computer.

Delete the malicious program

  1. Locate the malicious executable (check Downloads folder)
  2. Right-click it and click Delete.
  3. Then, press Windows+R keys.
  4. Enter regedit in the dialog box and hit Enter.
  5. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  6. Locate Update, right-click it and click Delete.

In non-techie terms:

SurveyLocker Ransomware is a program made to infect your computer secretly and then lock it. To unlock it this ransomware offers you to fill out a survey, but does not provide any. It seems that this program is not working as it is supposed to, but the good news is that you can bypass the lock screen and delete it using our instructions.