Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoLocker virus removal


  • This topic is locked This topic is locked
4 replies to this topic

#1 Sel Appo

Sel Appo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 16 September 2014 - 02:08 AM

I have not used this forum before and I am urgently seeking some assistance to remove the CryptoLocker virus which has frozen all my documents and photos.

 

I am a retiree from Queensland, Australia and use my computer on a daily basis for emails etc.

 

Yesterday (15/09/14) I opened an email delivery notice from Australia Post and halfway through downloading the information a Warning Notice from CryptoLocker appeared informing me that it had encrypted my document files and photos.

 

Is there a suitable program to remove this virus and retrieve my files?

 

 

Regards,

 

 

Sel


Edited by hamluis, 20 September 2014 - 06:27 AM.
Moved from MRL to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 gavinseabrook

gavinseabrook

  • Members
  • 773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:El Paso
  • Local time:09:11 PM

Posted 21 September 2014 - 02:57 AM

No. There is no way to retrieve the files. You can remove the virus with most antivirus, but the only way to recover the files is if you have a backup or you pay the extortionist. They use AES-256 encryption to lock your files and it would take 1000 computers 100 years to break that combination. I wish you luck on your decisions, but you are limited. 

 

Some words of advice to protect you in the future, never download attachments unless its someone you know. These people love sending attachments from "The Post Office" or "Your <insert program/companyname> invoice".

 

If one of these companies wants to contact you, they will call you or write you a letter.


Gavin Seabrook

 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:11 PM

Posted 21 September 2014 - 12:10 PM

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoLocker Ransomware does and provide information for how to deal with it...including prevention, and possibly recover your files. Please note that the guide was updated 08/06/14 to include the following information.

FireEye and Fox-IT have released a method of possibly retrieving your private decryption key and a decrypter to use to decrypt your files...To try and retrieve your key, please visit their site http://www.decryptcryptolocker.com/ and enter your email and upload a copy of one of your CryptoLocker encrypted files. The service will then try attempt to decrypt that file using all of the known encryption keys. If they are able to successfully decrypt your file, they will then email you the decryption key with instructions on how to use it.

* FireEye and Fox-IT have partnered to provide free keys designed to unlock systems infected by CryptoLocker
* CryptoUnlocker GUI
* CryptoUnlocker has been updated to utilize the CryptoLocker Database in the registry

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack Program.
 

I want to make something very clear to any users just now getting to this thread because they were infected by "CryptoLocker"! The real Cryptolocker has been down, and has not returned for awhile now! This means that what ever infection you have, is a new one / Fake one! Before EVER considering paying for the ransom you should always make it first priority to ask on the thread first or PM any member to ask for help! Things that will help us identify your infection is Screenshots of any windows, The Ransom Note, and the EXE if you have it. I cannot stress this enough, you may not have to pay a DIME to get your files back if you take a few moments to ask before paying...

Nathan (DecrypterFixer), Security Colleague Post #3223

Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Sel Appo

Sel Appo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 22 September 2014 - 05:48 AM


I have been reading comments and articles on the Crypolocker virus and have become quite confused. Some say that it is not possible to retrieve my files while others suggest there are ways.

Regards,

Sel Appo

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:11 PM

Posted 22 September 2014 - 01:29 PM

As I said, there is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack Program...rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users