Home / Spyware Help / Trump Locker Ransomware Removal Guide

Trump Locker Ransomware Removal Guide

by 0 Comments

Do you know what Trump Locker Ransomware is?

Trump Locker Ransomware is a dangerous infection that appears to have been created using the same source-code that was used for the creation of VenusLocker Ransomware, another malicious ransomware that we advise deleting. This infection is likely to slither in via a corrupted spam email as you open a malicious file attachment. If the threat is executed successfully, it begins the encryption of your files. According to the research we have conducted, the infection uses RSA-4096 and AES encryption keys to encrypt your files, as well as the decryption key, also known as the “private key.” Unfortunately, this method of locking your files is very complex, and it is unlikely that third-party software will help you recover your personal files. Obviously, that is not what you want to hear if the files corrupted by this infection are extremely important for you. Continue reading this report, and you will learn more about the encryption of your personal files, as well as the removal of Trump Locker Ransomware.

When the vicious Trump Locker Ransomware starts its malicious processes, it targets your files in two different ways. Some of your files (e.g., .php, .html, .java, or .doc files) are encrypted fully, and the extension they are given is “.TheTrumpLockerf”. Others (e.g., .pdf, .doc, .mp3, .jpg, or .zip) are encrypted partially, and the extension they receive is “.TheTrumpLockerp”. As you can see, the infection can corrupt the same type of files in different ways as well. There is no reason for the ransomware to do that, and so our research team believes that its creators are testing different options. Another thing that happens when the threat encrypts your files is that it renames them, which makes it impossible to recognize your files, and that, of course, can stop you from assessing the damages. For example, if some of your files are backed up, you will not know if they are the ones that were encrypted. Unfortunately, this makes Trump Locker Ransomware extremely dangerous, and it is more likely that its victims will choose to follow the demands that are presented to them.Trump Locker Ransomware Removal GuideTrump Locker Ransomware screenshot
Scroll down for full removal instructions

As soon as the files are encrypted, Trump Locker Ransomware displays a scary image of Donald Trump with the warning that states: “YOU ARE HACKED!!” It also changes the background wallpaper, and the new one informs that you can have your files decrypted in an exchange of 50 USD. Well, when the real ransom note pops up in a new window, you are asked to pay 150 USD. You are asked to transfer the money in Bitcoins (a virtual currency) to a specific Bitcoin Address (1N82pq3XovKoJYqUmTrRiXftpNHZyu4jyv), as well as to confirm the payment by emailing at TheTrumpLocker@mail2tor.com. An intimidating warning is also attached to the ransom note suggesting that the decryption key will be destroyed in 72 hours. The same ransom demands should be represented via a file called “What happen to my files.txt” on the Desktop. Although you might have no other way of getting your files back than by paying the ransom, you also have to think about the possibility of being scammed. What if you pay the ransom and you files remain encrypted?

You can delete Trump Locker Ransomware from your operating system using the guide below or using an automated anti-malware tool. Unfortunately, this move will not help you decrypt your files. If you do not want to pay the ransom, you might have to come to terms with the fact that your personal files are lost. Of course, you can research legitimate file decryptors, but it is unlikely that you will be capable of decrypting your files for free. Although 150 USD is not an impossibly big ransom, you have to think carefully if you should pay it. After all, there is always a possibility that you will end up losing your money for nothing.

Remove Trump Locker Ransomware

  1. Right-click and Delete the malicious .exe launcher (might have come from a spam email).
  2. Move to the Desktop and Delete the file called What happen to my files.txt.
  3. Also, Delete the file called RansomNote.exe (might have a different name).
  4. Launch RUN by tapping Win+R keys and then enter regedit.exe.
  5. In Registry Editor, move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  6. Right-click and Delete the value called TheTrumpLocker (might have a different name).
  7. Launch Explorer by tapping Win+E keys and then enter %Temp% into the bar at the top.
  8. Right-click and Delete the file called uinf.uinf.
  9. Empty Recycle Bin and then perform a full system scan to check for leftovers.

In non-techie terms:

The manual removal guide above reveals how to delete Trump Locker Ransomware from your Windows operating system. If you are struggling to erase this infection manually, do not hesitate to install an automated malware remover that will eliminate other infections if they exist as well. The bad news is that your files will remain encrypted even if you successfully get rid of the ransomware. Unfortunately, it appears that the only way to restore your files is to pay the ransom, but there are no guarantees that cyber criminals would provide you with a decryptor if you did, which is why you have to think about paying it carefully.