Notifications

Clear all

virus Cryptolocker

General (Technical, Procedural, Software, Hardware etc.)

Last Post by jaclaz 10 years ago

6 Posts

6 Users

0 Likes

579 Views

RSS

bombone

(@bombone)

Posts: 62

Trusted Member

Topic starter

Nobody knows how to remove cryptolocker virus?
Thanks

Posted : 17/10/2014 1:23 pm

Novunix

(@novunix)

Posts: 35

Eminent Member

Correct

Posted : 17/10/2014 1:51 pm

DCS1094

(@dcs1094)

Posts: 146

Estimable Member

However https://www.decryptcryptolocker.com

Posted : 17/10/2014 2:01 pm

triran

(@triran)

Posts: 99

Trusted Member

Depends on which version of the virus you have. Pre April can be easily fixed and removed. Post April it can be still removed however more difficult to recover the locked files.

Posted : 17/10/2014 2:01 pm

Anonymous

(@Anonymous)

Posts: 0

Guest

Hi,

Yes, CyptLocker can be dangerous, as it is a ransomware that are designed to block access of system and the hackers force you to pay ransom for decryption and recovering files. Mostly, the system gets infected with these Cryptlocker through attachments with fake emails. When the user opens the attachment, the program starts encrypting the file on your system and hide itself. After that it will ask for the key to decrypt the system, that you need to buy.
There is a solution for the removing Cryptlocker either you pay the ransom, but that will encourage the developer to create more such programs or remove the cryptlocker using from the registry.

The Program will infect some particular files of our system and save its file with random filename to the %AppData% or local AppData% location. You can refer to the following locations in the registry-

HKEY_CURRENT_USER\Microsoft \Windows\Current\CurrentVersion\Run” CrypLocker”

HKEY _CURRENT_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce”*CrypLocker”.

HKEY_CURRENT_USERS\Software\Microsoft\Windows\CurrentVersion\Run”CryptLocker_<”Version_number>”

HKEY_CURRENT_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce”*CryptLocker_<Version number>”

HKEY _CURRENT_USERS\Software\Microsoft\Windows\CurrentVersion\RunOnce

You can refer these locations and remove it manually.
But before this you need to switch to the task manager window to manage running processes. Forthis

Go to the Task Manager Window and Select Processes Tab.
Right click on the malicious program .
Then End Process Tree – As the Key locker creates two processes for infecting the system.It prevents itself from deletion. Using Task manager will terminate both the processes at the same time. This will protect the infected files from deletion.
After this you can use a good antivirus that will clean your system registry and remove all the traces of CryptLocker. You can also remove it, manually referring the above path of registry to remove traces.

——————————
Thanks and Regards
E@v

Posted : 20/10/2014 12:40 pm

jaclaz

(@jaclaz)

Posts: 5133

Illustrious Member

Evamendis,
really ) , you should think a bit before posting incomplete/wrong info.

"Cryptolocker" is NOT "Cryplocker" and NOT "CryptLocker".

The Registry paths/info that you posted seem like LARGELY INACCURATE, see this actually complete/correct resource
http//www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

If a system is infected by the Cryptolocker virus (or any of the same "family") it will encrypt a number of common file types.

There are no issues in removing the virus, the issue is with decrypting the encrypted data.

If you are a victim of the actual Cryptolocker, as DCS1094 posted there is now a way out, that won't however work for all versions, as triran pointed out.

jaclaz

Posted : 21/10/2014 3:39 pm

8 Forums
15.5 K Topics
92 K Posts
16 Online
40.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed