Between 14.42 and 15.37 on Wednesday afternoon some 50000 files on my laptop were encrypted with the Torrentlocker. I was actually at a friends house logged onto his wifi when this happened.
I tried the torrentdelocker deransomware, and although it seemed to unlock the file, the 'fixed' file remained unreadable. "can't open this video or photo file. it may be damaged or corrupted"
Obviously the ransomware has wiped out previous versions or system restore, so that isn't an option.
I ran ADWcleaner and that quarantined a lot of dubious items, so I'm not sure if it has been removed. I ran SpyHunter 4, which ran all night long, and found and removed around 500 suspicious items
There was an application file in C/ProgramData called afyryttr with a date and time that corresponds to the time and date my files were locked. I stopped this in msconfig startup, though there are still some registry entries lingering. It looks like the Spyhunter got rid of this file tho.
What can I do now?
Where else can I send a sample of a locked and original. Is there an updated Delocker?
I'm guessing a fix/unlock key will be found, maybe not today or tomorrow, but soon? My laptop is running very slow so until that time comes I might remove the hdd, put it aside, get a new internal drive and install everything from fresh, as I need a running computer for current ongoing jobs, and then go back to this hdd when things look more promising and hopefully retrieve data from the last 5 weeks that I don't have backups of.
Robert from London