FenixLocker Ransomware

How to Remove FenixLocker Ransomware and Decrypt your Files back? 

Threat Name:

FenixLocker Ransomware




Encrypts Files

Threat Level





FenixLocker uses AES Cryptography method to encrypt your files. It enters in your system using spam email and makes all your files inaccessible. It demands ransom ranging .5 to 1.5 Bitcoin (1 Bitcoin = $996). Paying such huge amount is not easy for most users.


FenixLocker Ransomware encrypts your personal files and appends them with .centrumfr@india.com. You cannot access your files once it encrypts them. It also leaves instruction named "Help to decrypt.txt" in every folder.


To remove FenixLocker infection from your computer install MalwareFox antimalware on your computer and scan it. To get your files back we will tell you how to restore windows or take help of recovery software in this guide. 

FenixLocker is a ransomware that encrypts your files and demands money to decrypt them back. It uses AES cryptography method to encrypts your personal files. FenixLocker appends .centermfr@india.com extension to the files after encrypting them. Also, it creates an instruction text files named Help to decrypt.txt in each directory. Like other ransomware, it does not leave much information in its instruction file. It asks you to send the key in instruction file trough email to centrumfr@india.com. After that, you are supposed to receive the further instruction to decrypt your files. FenixLocker does not reveal the ransom amount at first. Usually, they ask from .5 to 1.5 Bitcoin. As of now, 1 Bitcoin is cost you to $996. Even .5 Bitcoin is huge money for most users. To save you from such situation we will guide you to remove FenixLocker Ransomware from your computer and decrypt your files back.

How to Remove FenixLocker Ransomware

What is FenixLocker Ransomware?

FenixLocker is Trojan that enters in your computer not to destroy your files but to encrypt them. Your files become inaccessible once it encrypts them. It uses AES cryptography for that. FenixLocker enters in your system and search for important files like .pdf, .xls, .doc, .docx etc. It tries to encrypt all the files including videos. So that you don’t get any way other than following its instruction. The instruction file named Help to decrypt.txt contains a key, it says to forward this key to the centrumfr@india.com email address. After that, you receive instruction to pay the ransom and get the decryptor. Ransomware makers demand ransom in Bitcoin because it is untraceable for authorities. It is a secure method for them to get money without getting caught.

How FenixLocker gets into your System?

FenixLocker ransomware is also using same strategy like other ransomware to spread. It uses spam emails which look genuine. These emails contain the Trojan attachment. When you open these emails or download the attachment, you open the door for it. Usually, such attachments contain the word or excel files with macro programmed in it. The macro is small written codes to achieve big goals. When you open the word file and enable macro, it contacts the C&C server of the Trojan and downloads it. After that, the macro put it in your system memory so that it can start the infection process. It goes folder by folder and encrypts all your files leaving the instruction text file in each folder.

FenixLocker uses some other strategy to infect your computer like P2P networks, fake update notifications, free software updates etc. If you are seeing any update notification in your browser like “Critical Update Notification” “Update Required to Continue”, do not blindly click on update button. First, analyze what software needs to be updated if you find a software name then open that manually and check for the update there. Lack of information and not following proper caution is the prime reason of such infections. We will first check how to remove FenixLocker Ransomware infection from your computer?

FenixLocker Ransomware Removal Guide

Screenshot of a Non-English Language Computer Infected with FenixLocker Ransomware

FenixLocker Ransomware Removal Guide

Restore Windows to Previous Date to Remove FenixLocker Ransomware

  • WINDOWS 10
  • wINDOWS 8 / 8.1

Click on the Start button and search for System Restore in the search box and select the System Restore from the search result.

Restore Windows 7 - 1

Select Choose a different restore point and click Next in the window. In the next window you will see different restore points and select one appropriate and click next.

Restore Windows 7 - 2

Now Click on Finish button.

Restore Windows 7 - 3

Now Windows will ask for confirmation that the once the Restoration will start it cannot be stopped. Click on Yes to confirm.

Restore Windows 7 - 4

Automatically Remove FenixLocker Ransomware from your Computer

Ransomware like FenixLocker are clever they hide in the computer. It is not easy for Antiviruses to detect them, you need a good antimalware to do this task. I recommend you to download and install MalwareFox. It will scan your computer and remove all the traces of FenixLocker virus. To begin this step download MalwareFox.

Step 1- Install MalwareFox on your PC

Open the Installer by Clicking on the Downloaded file.

Install MalwareFox Instruction 1

Now choose your desired language and follow the instructions to install the MalwareFox on your computer.

Install MalwareFox Instruction 2

After completing the installation, the MalwareFox will update the application to its latest version. Let it update.

Install MalwareFox Instruction 3

Now it will sync the Malware database with server. It is important step as it needs to know latest types of malwares.

Install MalwareFox Instruction 4

Step 2 - Scan and Clean your Computer for Malware

When the update process completes it will show Real Time Protection: On. Now you can scan your computer. Press Scan button and leave everything on MalwareFox, it knows how to deal with FenixLocker Ransomware and other malware.

Install MalwareFox Instruction 5

After the scan complete click on Next button to clean your computer completely.

Recover your Files using Recovery Software and Decryptor

A shadow copy of all your files in the drive is created in case of any emergency. However, ransomware tries to delete that too. Sometimes, recovery software successfully restored that. These software look for the shadow copy traces through the drive and joins them to create the actual file. Software like Shadow Explorer and Recuva works well in this case. You can also search for other recovery software and can take help from that.

If you have infected with FenixLocker ransomware then don’t just pay the ransom. Your first step should be to remove the infection from your computer then find the decryptor. Some good developers have created the decryptor for FenixLocker ransomware. You don’t need to pay the money to get your files back. Check Ransomware Decryptors page of MalwareFox and search for FenixLocker. Download the decryptor from there, execute it and drag-drop your encrypted files to get them back. 

How to Stay Away from FenixLocker Ransomware?

Ransomware including FenixLocker uses spam email to infects the computer. You should be little cautious If you want to stay away from such trouble. Do not open any spam email. If you don't know the sender then simply don't open the email. Such emails contain dangerous malware attached. If you open or download the attachment from spam emails, you may be infected with more serious malware.

Another good practice to stay away from trouble is to take backup of your important files. Take backup regularly on a separate drive and leave it unattached. In case you lost your files then you can easily retrieve them from here. You should also install a good antimalware on your computer. MalwareFox is expert when it comes to safety from malware attacks. Install it on your computer and keep the real-time protection on to stay protected all the time.

You have successfully removed the FenixLocker Ransomware from your computer system. Keep the Real time protection enabled in order to prevent any further attacks.

Leave a Comment