Pages

Wednesday, 2 November 2016

WHAT IS CRYPTOLOCKER VIRUS AND HOW TO REMOVE IT ?

WHAT IS CRYPTOLOCKER VIRUS AND HOW TO REMOVE IT ?
CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows,believed to have first been posted to the Internet on 5 September 2013. CryptoLocker propagated via infected email attachments, and via an existing botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment (through either bitcoin or a pre-paid cash voucher) is made by a stated deadline, and threatened to delete the private key if the deadline passes. If the deadline is not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin.


The main way used to spread it relies on seemingly harmless email messages. These messages typically contain malicious attachments, which carry the ransomware payload. When the victim opens it, the virus attacks the target PC system, encrypts victim's files and displays a ransom note, which is displayed below. No matter that it belongs to the same category as FBI virus, Police Central e-crime Unit virus or Department of Justice virus, this virus tries to convince its victims that they have to pay a ransom by encrypting their personal files. Cryptolocker is the file-encrypting ransomware, so it uses RSA public-key cryptography to lock the following file types on victim's PC:


3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx.

As you can see, this list is full of widely used files names, such as doc, xls and similar. In order to restore them, it asks to pay a ransom via Moneypak, Ukash, cashU, or Bitcoin. Typically, this threat asks from $100 to $500, but the price can be bigger as well. According to the warning message, which is typically displayed by this threat, people have only a certain amount of time to pay a ransom and recover the connection to their files. The virus leaves the so-called ransom note, which showcases such information:

CryptoLocker virus removal guide:


Please, do NOT pay a fine because this doesn't guarantee that you will receive a key required for files' decryption. In order to remove CryptoLocker virus from the system, you need to scan your computer with Reimage or Plumbytes. If your anti-spyware or anti-malware tool does not start because the ransomware is blocking it, you need to follow CryptoLocker removal instructions that are provided at the end of this post. You can also find informative data recovery instructions down below.

Method 1. Remove CryptoLocker using Safe Mode with Networking


Step 1: Reboot your computer to Safe Mode with Networking

Windows 7 / Vista / XP
  • Click Start → Shutdown → Restart → OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options
  • Select Safe Mode with Networking from the list
Windows 10 / Windows 8

  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings
Step 2: Remove CryptoLocker

Log in to your infected account and start the browser. Download Anti-spyware program(Reimage) or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete CryptoLocker removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Method 2. Remove CryptoLocker using System Restore

Step 1: Reboot your computer to Safe Mode with Command Prompt

Windows 7 / Vista / XP
  • Click Start → Shutdown → Restart → OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options
  • Select Command Prompt from the list



Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter.
  • Now type exe and press Enter again..
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of CryptoLocker. After doing that, click Next.
  • Now click Yes to start system restore.



Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that CryptoLocker removal is performed successfully.

1 comment: