Solved

CBT Virus

Posted on 2015-02-04
5
316 Views
Last Modified: 2015-02-18
1 of my customers did pick up a virus CBT virus which encrypt all her files and they want some money to encrypt the files

I did remove the CBT from the pc but the files are still encrypted ,is there anyway I can decrypt these files.

Thanks
SD
0
Comment
Question by:Dirkie Laubscher
5 Comments
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40588472
Is this the one where there is a text file advising that if you pay XXX bit coins they will provide the decrypt key?

I have a client with that last year and its restore the last full backup they had. Following an complete review and subsequent lock down of their LAN.

You can try https://www.decryptcryptolocker.com/ and see if your client can use that program to get their files unlocked.
0
 

Author Comment

by:Dirkie Laubscher
ID: 40588504
Hi I did try the site but says my file doesn't need to be decrypted ,seems she is screwed and she doesn't have backups
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40588514
Oohhh, no backups? Not a great start. Is it much data?
0
 
LVL 11

Expert Comment

by:Wilder1626
ID: 40588521
Hi

Have you scan you PC with MalwareBite? Might be a good thing

https://www.malwarebytes.org/

You may also want to look at this link:
Malware troubleshooting: recover your files damaged by CTB Locker Virus.

System Restore of Windows may help in resolving some issues, but not all the time.  You can give it a try also.
0
 
LVL 16

Accepted Solution

by:
Ivan earned 500 total points
ID: 40588595
Hi,

there is no decrypting system for CBT-Locker. There is a site http://www.shadowexplorer.com/ that will allow you to see data created by Shadow Copy in Windows, if you have set that up. This may save you some data. Other then that, there is no known system.

For older Cryptolocker, there is a website https://www.decryptcryptolocker.com/  which may decrypt some data.

Regards,
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question