Virus has locked my files on my laptop

My computer files are locked or cannot be opened. It has changed its extension to .xls.lunqwgl and the files cannot be opened even after i delete the extension. Please urgently help. Also i am attaching sample files.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IvanSystem EngineerCommented:

you need to shutdown you computer, download something like ESET SysRescue Live  (, boot pc with it and clean it..or some tool like it.

You have Cryptolocker or some other locker, most likely. There is no cure for locked files :|

If you have CBT-Locker, then there is no decrypting system for it. There is a site that will allow you to see data created by Shadow Copy in Windows, if you have set that up. This may save you some data. Other then that, there is no known system.

For older Cryptolocker, there is a website  which may decrypt some data.

Good luck,

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If you have already gotten the ransom note, it is too late and you will first have to clear the Virus, then restore your data from your backups.

If the ransom note hasn't yet been presented, first make sure you remove the virus (and disconnect the PC from the LAN). You may then still be able to right click the files and select a previous version, or you can search your PC for a temporary directory where the original files may have been copied to. But again, if you already received the note to pay the ransom, it is too late.

One further thing I suggest you do, is to get in touch with your local law enforcement authorities. They may want to check the PC before you clean it, so it might help them to trace the crooks. Also, whatever you do, never even consider paying the ransom.
AshfaqFijiAuthor Commented:
Thanks, I have already cleaned the computer using Kaspersky Anti-Virus and the files are still locked. Can you look at the files and let me know if that can be de-crypted as all my files are locked.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

AshfaqFijiAuthor Commented:
I have already used the mentioned site but the site says that that file is not recognized or de-crypted.
You can't unlock them. Delete them and restore from your backups.
AshfaqFijiAuthor Commented:
What is lunqwgl extension
Thomas Zucker-ScharffSolution GuideCommented:
It means your files are moat likely encrypted and it sounds like CTB Locker. Unless you have a backup (not attached to your computer)there is nothing much to do.  Once you clean the files they cannot even be decrypted by paying the ransom.
AshfaqFijiAuthor Commented:
So basically nothing can be done to get my files back from the computer. I don't have any backup done for the files, which simply means I have lost the files and no recovery process on our Planet will work to get my files back ?
Thomas Zucker-ScharffSolution GuideCommented:
It isn't likely,  sorry.  Ransomware is very effective because most people don't have versionning backups.  In the future I suggest something along the lines of Crashplan  (I have the family plan which allows me to backup up to 10 services top the cloud service) work unlimited storage - my plan is currently 145/year but you can always look for deals.

Crashplan, Spideroak, comodo, and several others have be versionning, which allows you to go back as many versions as exist.  My setup backs up my files (changed files only) every 15 minutes.

Disclaimer: I am not in any way affiliated with any company mentioned here, just a happy, satisfied customer.
AshfaqFijiAuthor Commented:
Thank you for the clarification and response.
Thomas Zucker-ScharffSolution GuideCommented:
No problem.  Sorry it isn't very helpful for the current situation.
web_trackerComputer Service TechnicianCommented:
Shadow explorer as previously mentioned can extract files from a shadow copy, but many of the cryptolocker viruses can either delete the shadow copies or encrypt them as well. So if the shadow explorer application is not able to extract some of your files, and you do not have a backup of your files else where then you are definitely out of luck, as there is no possible way to recover your files.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.