I would wait until Crypto Locker is GONE.
Does you script identify if Crypto Locker is still running? Would be a great tool to see how well you did.
what it does (while cryptolocker is still showing "live" on your desktop), it will open up a dialog-box that will automaticly open in your %appdatadir%...you just need to find the cryptolocker "exe" ( as each .exe has a different name)...double click on it, and the script will try and kill the processes asociated with it (usualy there are 2 identical prosesses). When finished, just double check in your "process dialog box" and make sure its gone. Also, your cryptolocker pop-up screen will disapear when its "temporaly" killed...Matter of caution...you use it at your own risk...but it DID work for me...just be carefull (you can even create a .docx file and save it to your DOCUMENTS folder...open it...and see if you can still read the Contents). If you CAN read the contents after re-opening the docx file, you know its killed...
Just disable your antivirus when running this...as it might detect this proggie as a virus seeing i have compiled it via AutoIt...
PS: BARE IN MIND IT WILL COME BACK AFTER A COMPUTER-RESTART!
tHIS ALSO DOESNT delete THE FILE ITSELF...only THE PROCESSES! The reason for this is, that "some" folks wants to pay the RANSOM...if i DELETE the file...chances are they wont be able to pay the ransom without the original still on your pc...
Another thing (sorry for me just adding on here) is, if you CANT find the file...DISABLe your "hidden" attributes via FOLDER OPTIONS--VIEW--then UNHIDE (remove tick) from "Hide Protected System Files"...and tick SHOW HIDDEN FILES AND FOLDERS
just beware...this is a dangerous "move" youre attempting...and NEVER leave your backups "connected"...while Cryptolocker is still running!!!
DONT ATTATCH ANYTHING TO YOUR PC...UNLESS YOURE SURE THE PROCESSES ARE GONE!
Cryptlocker Process Killer ---> http://mariuscomputers.co.za/killCrypt.exe
Edited by RobinHoodSnr, 31 October 2013 - 02:13 AM.
...We all know something...but we will NEVER know everything
Cryptlocker "Process" remover...will NOT delete Cryptolocker, only the processes...( a "safety precaution" I took for those who still want to "try" paying the ransom to get their files back. DON'T FORGET TO MONITOR YOUR TIME LEFT BEFORE PAYMENT! )
("KillCrypt" will automaticly open %appdatadir%...just guide this to Cryptolocker-Virus and double-click on it. Remember...if you "restart" your system, the processes will be back...use this only for emergencies if you want to create a quick document. While this processes is killed, your docs wont get infected, but WILL be encrypted (unusable) when you restart the PC/Laptop OR clicking on the Virus again!!!)