Jump to content
Posted 03 March 2015 - 03:26 AM
Posted 03 March 2015 - 04:12 AM
Hi johnfrank88, I just did a Google search on XTBL but most of the results look like they're in Russian. Once place did say that it looked like it could be another new ransomware, but not one I've come across before.
I'd suggest backing those files up in case a decrypter can be built for it - don't just delete them.
Did a ransom note come up, do you know? Or did he reformat Windows while he detected the trojan but without identifying or removing it?
Are there other photos on his drive which are still in .jpg format?
Quite possibly your friend reformatted Windows while the trojan was still active, but hadn't got to the point of popping the ransom note up yet?
Prognosis currently not looking good.
But this one is in Turkish by the looks of things.
Edited by Angoid, 03 March 2015 - 04:13 AM.
Helping a loved one through a mental health issue? Remember ALGEE...
Posted 03 March 2015 - 04:45 AM
Posted 03 March 2015 - 06:27 AM
Posted 03 March 2015 - 06:31 AM
Posted 03 March 2015 - 06:52 AM
Posted 25 March 2015 - 11:49 PM
I did the same problem with this. I thougt the virus just convert the jpeg and video files. but then I realized the virus attack almost all of my file. So re-installed my windows from windows 7 to windows 8. I want to ask:
1. If I re-install my windows, did the virus gone?
2. Is the virus that convert file to XTBL and CTBL are the same one?
Posted 26 March 2015 - 04:46 AM
Please repost any questions and comments in the discussion topic link I provided above. CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion
The BC Staff
0 members, 0 guests, 0 anonymous users