CTB-Locker Virus

Toggle sidebar Toggle sidebar
Anomaly1964

Anomaly1964

Platinum Member
Nov 21, 2010
2,465
8
81
HOW DID I GET THIS???

This is the worst virus I have ever gotten, it has encrypted all my JPEG family photos on my computer!!!

HELP!!!!!!!!!!!!!!!!!!!!
 
master_shake_

master_shake_

Diamond Member
May 22, 2012
6,425
292
121
did you really turn system restore off?

what the hell for? fun?

i guess you're going to pay then aren't you.
 
Anomaly1964

Anomaly1964

Platinum Member
Nov 21, 2010
2,465
8
81
master_shake_ said:
No idea.

How much do they want?
Click to expand...

Im afraid to even go to the site...

Honestly I have NO idea why system restore is not on...

I've been reading that the trojan recreates your file and encrypts it, deletes the old one so I am running RECUVA to see if that works...
 
sbpromania

sbpromania

Senior member
Mar 3, 2015
265
1
16
www.sbp-romania.com
Unfortunately you can't recover them, unless:

1. you have a backup
2. you have a system restore in place
3. you pay the ransom (I don't advice you to do that)

What OS do you have?
 
M

matricks

Member
Nov 19, 2014
194
0
0
What is System Restore
System Restore helps you restore your computer's system files to an earlier point in time. It's a way to undo system changes to your computer without affecting your personal files, such as e‑mail, documents, or photos.

[...]

System Restore isn't intended for backing up personal files, so it cannot help you recover a personal file that has been deleted or damaged. You should regularly back up your personal files and important data using a backup program. For more information about backing up personal files, see Back up your files.
Click to expand...

Unless this malware converts each file to an unencrypted executable and lets System Restore make a copy of it prior to encryption, how is System Restore supposed to solve anything?

Don't worry about your restore points, OP. Only proper backups would have easily saved you. Key databases to some of these *Locker malwares have been published by security researchers, you might want to do further research on the variant you have been hit with.
 
M

MustISO

Lifer
Oct 9, 1999
11,927
12
81
Some of these encryption viruses have been cracked or the keys have been released. Google before anything else. Like others said without a backup there's typically nothing you can do. I know two people who paid a few years ago and sure enough they got everything back. I would use a disposable card or close the account right after if you do it.
 
Anomaly1964

Anomaly1964

Platinum Member
Nov 21, 2010
2,465
8
81
I still have NO IDEA where this came from. What IS weird is that this happened RIGHT after I finished playing CRYSIS (I had just recently started playing again thru Origin)...

Is it possible the CTB-Locker virus could come from THAT?
 
B

bononos

Diamond Member
Aug 21, 2011
3,928
186
106
Anomaly1964 said:
I still have NO IDEA where this came from. What IS weird is that this happened RIGHT after I finished playing CRYSIS (I had just recently started playing again thru Origin)...

Is it possible the CTB-Locker virus could come from THAT?
Click to expand...

Not if its an original copy. Pirated games/software is one source so its not a good idea to share the pc.
Use a firewall/HIPS like comodo and disable windows remote desktop connection.
 
Anomaly1964

Anomaly1964

Platinum Member
Nov 21, 2010
2,465
8
81
bononos said:
Not if its an original copy. Pirated games/software is one source so its not a good idea to share the pc.
Use a firewall/HIPS like comodo and disable windows remote desktop connection.
Click to expand...

Looking into comodo firewall now...thanks...

How can I be sure the virus is gone?

Do I need to reinstall windows 7?
 
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
BTW, I have seen more people get these kinds of malware from Flash exploits.
Which means, people should disable flash and/or use a ad blocker.
 
Anomaly1964

Anomaly1964

Platinum Member
Nov 21, 2010
2,465
8
81
So I have an SSD C drive and a regular E drive. For my clean install should I format the E drive first then reinstall Windows to C?
 
N

Nashemon

Senior member
Jun 14, 2012
889
86
91
It is indeed the worst virus I'm aware of. Never had it myself, but seen it on a few customer's computers. MustISO is correct; Some of the encryptions have been cracked. It's worth check if the one you have is.

https://www.decryptcryptolocker.com/

Other than that, though, nothing you can do, other than proactively NOT pay the ransom. You would literally be funding terrorism and keeping these people that created the virus in business, for no guarantee that they will unlock your data. Once they have your money, they will likely ask for more.
 
Elixer

Elixer

Lifer
May 7, 2002
10,371
762
126
Anomaly1964 said:
What is secure erase?

Thanks!
Click to expand...
Secure erase basically sets the SSD back to original state.
Nothing on it at all, all encrypted content wiped (if the SSD has encryption, and a new key is generated).
The maker's site of the SSD usually has a utility that will do this, or you can use a linux boot CD/DVD/flash drive to do it.
 
Anomaly1964

Anomaly1964

Platinum Member
Nov 21, 2010
2,465
8
81
Elixer said:
Secure erase basically sets the SSD back to original state.
Nothing on it at all, all encrypted content wiped (if the SSD has encryption, and a new key is generated).
The maker's site of the SSD usually has a utility that will do this, or you can use a linux boot CD/DVD/flash drive to do it.
Click to expand...

Mine is an OCZ Vertex2 - you can download a toolbox that has secure erase...

I can't do it from the same drive the toolbox is on can I?

http://ocz.com/consumer/download/firmware/OCZ_Toolbox_User_Guide_v4.9.0.pdf

Page 8
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom