MotoxLocker Ransomware - How To Remove?

Type: Ransomware

MotoxLocker ransomware, a new variant of DetoxCrypto, has just recently been reported abusing the unsuspecting users. This new ransomware threat pretends to be CryptoLocker, a ransomware as solid as the Rock of Gibraltar. But MotoxLocker crypto virus, as a matter of fact, is as weak as a kitten. It is decryptable, it has been decrypted and we will tell you how to do that in an easy way without paying a cent to these hackers, most probably suffering from the delusion of grandeur. Get yourself comfortable, grab a donut, make some tea and give as just a couple of minutes to tell you the true story of MotoxLocker the ransomware virus.

About MotoxLocker Ransomware

MotoxLocker crypto-malware invokes the asymmetric encryption, commonly know as AES, to turn the data of the victim into a pile of junk. The targeted data files can be of various types, including text, audio, video files, archives, directories, images, etc. MotoxLocker ransomware is as sneaky as a snake – it does not append any extra or substitute extension to the filenames of the encrypted files. Thus, it is impossible to discern the encrypted files solely by their names. Only when they are clicked to be opened, the victimized user is faced with the fact that he (she) cannot open nor read them. The only bird of ill omen is the ransom note, which replaces your desktop wallpaper:


This ransom message by MotoxLocker crypto virus contain the contac e-mail, which we recommend enter into the field of the receiver, only if you want to initiate a massive screwup of the data you store on your machine. The size of the ransom is 50 EUR. Even though it may seem to some as small as the point of a fine needle, we would rather spanked those guinea pigs who are willing to experiment with paying these cyber criminals, as the free legitimate decryptor is within your reach.

How is MotoxLocker Ransomware Spread?

MotoxLocker file-encrypting virus is a typical instance of a Trojan Virus, since it sends deceitful spam e-mails to the victims. These spam e-mails pass themselves off as e-mails sent by Trend Micro, an international security software company, and they enclose a PDF document which, having been executed, downloads the payload of MotoxLocker cryptomalware on the victim’s computer. At this point in time, it is not specified what false message these fake spam e-mails try to convey.

How to Decrypt Files Encrypted by MotoxLocker Ransomware?

You will need to have two tools to wipe MotoxLocker ransomware off the map. The first one is the public key, a random sixteen-character string, which is present on the screen covered with the ransom note and it is also stored in %USERPROFILE%\TrendMicro\key.pkm. You yourself will not need to do anything with it, since the decrypter will detect the key.pkm file itself and load it. The free decrypter is available at

We now that retrieving your data is your utmost concern at the moment. But before implementing the procedure of data retrieval, you have to remove the MotoxLocker virus. For this purpose, employ elaborate tools such as Reimage, Spyhunter or Malwarebytes. When you have booted your computer in the Safe Mode, the latter automatic malware removal software will do the rest in the most efficient way possible. The manual removal of ransomware viruses can be a rather tricky job. However, the free guide for the manual removal of MotoxLocker encrypting malware is the fig leaf, which covers the rest of this very page.

How to recover MotoxLocker Ransomware encrypted files and remove the virus

Step 1. Restore system into last known good state using system restore

1. Reboot your computer to Safe Mode with Command Prompt:

for Windows 7 / Vista/ XP
  • Start Shutdown RestartOK.
  • Press F8 key repeatedly until Advanced Boot Options window appears.
  • Choose Safe Mode with Command Prompt. Windows 7 enter safe mode

for Windows 8 / 10
  • Press Power at Windows login screen. Then press and hold Shift key and click Restart. Windows 8-10 restart to safe mode
  • Choose TroubleshootAdvanced OptionsStartup Settings and click Restart.
  • When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings. Windows 8-10 enter safe mode

2.Restore System files and settings.

  • When Command Prompt mode loads, enter cd restore and press Enter.
  • Then enter rstrui.exe and press Enter again. CMD commands
  • Click “Next” in the windows that appeared. Restore point img1
  • Select one of the Restore Points that are available before MotoxLocker Ransomware has infiltrated to your system and then click “Next”. Restore point img2
  • To start System restore click “Yes”. Restore point img3

Step 2. Complete removal of MotoxLocker Ransomware

After restoring your system, it is recommended to scan your computer with an anti-malware program, like Reimage and remove all malicious files related to MotoxLocker Ransomware. You can check other tools here.

Step 3. Restore MotoxLocker Ransomware affected files using Shadow Volume Copies

If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually MotoxLocker Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so.

Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer.

a) Native Windows Previous Versions

Right-click on an encrypted file and select PropertiesPrevious versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.

Previous version
b) Shadow Explorer

It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Shadow explorer

Step 4. Use Data Recovery programs to recover MotoxLocker Ransomware encrypted files

There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:

  • We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
  • Download Data Recovery Pro (commercial)
  • Install and scan for recently deleted files. Data Recovery Pro

Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.


About the author

 - Main Editor

I have started in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.

September 23, 2016 08:21, July 17, 2017 08:30

Leave a Reply

Your email address will not be published. Required fields are marked *