Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
2 replies to this topic

#1 Michael Mayers

Michael Mayers

  • Members
  • 1 posts
  • Local time:03:54 PM

Posted 17 May 2015 - 02:08 AM

I have Windows XP. Yesterday I found that all my files in My Documents have been encrypted by Cryptolocker which I understand to be one of the Ransomwares. They are demanding GBP330 to de-encrypt my files, which i will certainly not give them. Can anyone help me get rid of Cryptolocker from my files.


Kind regards to you all,


Michael Mayers

Edited by hamluis, 17 May 2015 - 08:50 AM.
Moved from XP to Gen Security - Hamluis.

BC AdBot (Login to Remove)



#2 Sintharius


    Bleepin' Sniper

  • Members
  • 5,639 posts
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:54 PM

Posted 17 May 2015 - 02:48 AM

Hi there,

As the original CryptoLocker is dead, you probably have been hit with a copycat of it.

Please run this tool to check which ransomware it is.

IDToolbyNathan.png Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
  • Enter the IDTool directory, right-click on IDToolbyNathan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • IDTool needs Microsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
  • Wait patiently until the cool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.
Please include that in your next reply.


#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,735 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:54 AM

Posted 17 May 2015 - 04:05 PM

Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .CTBL, .CTB2, .XTBL, .encrypted, .vault, .HA3 or 6-7 length extension consisting of random characters?

Did you find any ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a random named .html, .txt, .png, .bmp, .url file.

These are some examples.

These are common locations malicious executables may be found:
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users