West Yorkshire Police your computer is locked file repair fix

About the infection

Today we came across a new variation of the Metropolitan Police virus posing as West Yorkshire Police claiming to lock your computer until you pay a fine for looking at suspicious pornographic websites. This is otherwise known as ransomware and is completely bogus.

How do I remove the ‘Computer is Locked’ infection?

Either call our tech guys on 0161 291 1044 and have an engineer fix it remotely, or look for one of the many spyware removal tools out. You will need to have the laptop/PC in safe mode with networking for us to assist. This can be done in 3 easy steps stated here. 

Be warned: If you manage to remove it, you will be left with a hard drive full of locked files, please read on to find out how to repair them.

I’ve removed the infection but my files are still locked

The files are actually locked as such, the infection renames your files using the following method and alters the header properties so it cant be read.

“locked-<original_name>.<4 random characters>”

example a picture called sarah.jpg could now be called locked-sarah.jpg.ywmy

Some of the files i’ve found have the following extensions YWMY,TJOO,XJQF,NXDQ,ZRZS,BBIH.

Unfortunately simply renaming the file won’t help as it stores information in the header of the file making it unreadable. It mostly only effects your Music, Pictures, Documents and Videos.


How to repairs your damaged files

Well after much messing around trying to write our own script to repair these files it turns out Kaspersky have already made a Decryptor which automatically scans your hardrive for the damaged files and recreating the files without the damaged header. It takes on average 1-3 hours to complete the scan depending on the speed of your computer and amount of data you have.

Download the Repair Tool here

Source: http://support.kaspersky.com/faq/?qid=208286527

please note this is a tool developed by Kaspersky and we will not be hand responsible for any loss of data, we are purely providing you with the information that helped us repair the West Yorkshire Police ‘Your Computer is Locked’ infection.

Before you go, how to clean up the mess

New update: a quicker way of doing what follows is to click on change parameters as shown on the image above and you can tick a box to automatically remove locked files after its been repaired.

Well after actioning the above you should now find you have your files back but still mixed up with the LOCKED-FILENAME.EXT Files, a quick way to clean up the mess is to do the following for each of the following libraries (Pictures, Documents, Music, Videos)

Go into your My Documents folder using your Windows Explorer and in the top right you will see ‘Search Documents’, type in “locked-” and let it search through your docs. After its finished you can select all (CTRL+A) and either delete them or move them to a new folder for deletion later. Do the same with all your Libraries as mentioned above and you should only be left with the files you originally had.

