Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


torrentlocker - whats the latest?

  • This topic is locked This topic is locked
1 reply to this topic

#1 robertch


  • Members
  • 18 posts
  • Local time:08:28 PM

Posted 21 November 2014 - 08:58 PM

Between 14.42 and 15.37 on Wednesday afternoon some 50000 files on my laptop were encrypted with the Torrentlocker. I was actually at a friends house logged onto his wifi when this happened.
I tried the torrentdelocker deransomware, and although it seemed to unlock the file, the 'fixed' file remained unreadable. "can't open this video or photo file. it may be damaged or corrupted"
Obviously the ransomware has wiped out previous versions or system restore, so that isn't an option.
I ran ADWcleaner and that quarantined a lot of dubious items, so I'm not sure if it has been removed. I ran SpyHunter 4, which ran all night long, and found and removed around 500 suspicious items

There was an application file in C/ProgramData called afyryttr with a date and time that corresponds to the time and date my files were locked. I stopped this in msconfig startup, though there are still some registry entries lingering. It looks like the Spyhunter got rid of this file tho.  

What can I do now? 
Where else can I send a sample of a locked and original. Is there an updated Delocker?


I'm guessing a fix/unlock key will be found, maybe not today or tomorrow, but soon? My laptop is running very slow so until that time comes I might remove the hdd, put it aside, get a new internal drive and install everything from fresh, as I need a running computer for current ongoing jobs, and then go back to this hdd when things look more promising and hopefully retrieve data from the last 5 weeks that I don't have backups of.
Kind regards,
Robert from London



BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,907 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:28 PM

Posted 21 November 2014 - 09:02 PM

Analysis of TorrentLocker A New Strain of Ransomware Using Components of CryptoLocker and CryptoWall
Cryptolocker variant Torrentlocker making new victims in NL

...TorrentLocker ...uses a AES encryption scheme to encrypt files, and wipes restore points...
This infection claims to be CryptoWall / CryptoLocker, but it is neither...For a complete SandBox analysis for the techy's on here, click below:

Nathan (DecrypterFixer), Security Colleague Post #3166

There is a lengthy ongoing discussion in this topic: TorrentLocker Support and Discussion Thread (CryptoLocker copycat).

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users