Just ran CCleaner registry again and Locky was back along with another obsolete reg key, 4T54zly5. I don't know if it has anything to do with Locky though. Did a quick search in the registry but didn't find any more. Would help if I knew where else to look. HKEY_CURRENT USER_SOFTWARE and...

Did you see that alphanumeric key in the same section as the Locky key?  If so, it's likely a companion key, especially if it's empty.  I ran my searches on the entire registry.  It's looking like if all we have is the reg keys, we're OK.  Risk of ransomware attack would seem to be low if good AV is running.

Has either of you looked up the topic in the anti-ransomware forums of each program?

Yes.

Nothing in the way of this detail on the Avast forums, though ransomware in general discussed.

This BD-related thread mentions the Locky reg key and suggests it prevents Locky infection.

Still not clear what's going on, but based on the email hits Avast is blocking, Locky is getting around.

Edit:  Indeed, just launched Outlook again & Avast blocked another email with Locky.

It's a gmail-hosted address that is bearing the Locky traffic.  May have to get them involved.

According to post #13 Minimalist suggested not removing the reg keys. I ran CCleaner again but found nothing.

My tech guy suspected that, too, at first but he would have expected the antiransomware to lock down permissions for those keys as a way to block access to them & it didn't.  I'm inclined to leave the keys alone if/when they show up again, but the guys making this stuff keep massaging it to avoid AV detection so who knows?

What's ransomewhare.

http://lmgtfy.com/?q=Ransomware

Some ransomeware lock up the internet if they do just clear your history and exit out of the internet. This seems to work.

That one was just a little bit outside.

\

I did not know this.  The one time I thought I was getting ransomeware I immediately cut the power to my PC.  all was fine afterward.

Folks. Seriously.

Ransomware does THIS:

It installs on your computer while being disguised as another type of file.

There are two stages to the infection but let's forget about that for a minute. It encrypts your data files. It demands ransom for the encryption key. The ransom is in bitcoin paid to some web address. If it is not paid within 24-48 hrs., it doubles.

If you decide not to pay, and if it's of a type which cannot be identified and solved with various software/websites, you can throw that hard drive away, and buy a new one. If you have no recent backup? Adios to all that data, OS, etc.

It does nothing with your internet connection since they want the ransom and the only way you can pay is over the internet. 

It has nothing to do with the power to your computer for the same reason.

Well i don't download anything i don't know. My computer automatically updates so there's no issue there. So all they can do is freese my internet. Anyways what is that called.

Willy -

The free antiransomware tools are "money well spent" and can only protect you.