Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with CTB-Locker


  • This topic is locked This topic is locked
3 replies to this topic

#1 df123

df123

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 21 September 2014 - 10:17 AM

Hi,
My computer recently was infected with CTB-Locker and I am unsure on how to remove the virus. Can someone please help me?
I have a windows 8 computer. 
Thanks


Mod Edit: Moved to General Security ~~ boopme

Edited by boopme, 21 September 2014 - 11:45 AM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:31 PM

Posted 21 September 2014 - 12:09 PM


A repository of all current knowledge regarding CTB Locker and Critroni Ransomware is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CTB Locker (Critroni) does and provide information for how to deal with it. Also see New Critroni variant offers free test decryption and now uses CTB2 extension. Unfortunately, there is still no known method of decrypting your files without paying the ransom.

There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 df123

df123
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 21 September 2014 - 12:36 PM

Thank you for your response, I ran Norton Antivirus, but the virus appears to be still on my computer. I have over 80,000 files in the temp directory. I suspect these are all from the virus as the dates are very recent. There is one application called "jeceaii" (which is an application) and the rest of the files are temp files and folders. At this point I know that the encrypted files are gone, but I would like to get rid of the virus. I tried deleting jeceaii and a few of the temp files just to see what it would do. The temp files deleted, but not jeceaii because it is claims it is running another application (even though I have nothing up). 
 

How would I find the hidden file?

If it is this jeceaii application that is the hidden file, how do I delete it? 



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,581 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:31 PM

Posted 21 September 2014 - 04:17 PM

....There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users