CBT Virus

1 of my customers did pick up a virus CBT virus which encrypt all her files and they want some money to encrypt the files

I did remove the CBT from the pc but the files are still encrypted ,is there anyway I can decrypt these files.

Dirkie LaubscherNetwork adminAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

IvanConnect With a Mentor System EngineerCommented:

there is no decrypting system for CBT-Locker. There is a site http://www.shadowexplorer.com/ that will allow you to see data created by Shadow Copy in Windows, if you have set that up. This may save you some data. Other then that, there is no known system.

For older Cryptolocker, there is a website https://www.decryptcryptolocker.com/  which may decrypt some data.

Mark GalvinManaging Director / Principal ConsultantCommented:
Is this the one where there is a text file advising that if you pay XXX bit coins they will provide the decrypt key?

I have a client with that last year and its restore the last full backup they had. Following an complete review and subsequent lock down of their LAN.

You can try https://www.decryptcryptolocker.com/ and see if your client can use that program to get their files unlocked.
Dirkie LaubscherNetwork adminAuthor Commented:
Hi I did try the site but says my file doesn't need to be decrypted ,seems she is screwed and she doesn't have backups
Mark GalvinManaging Director / Principal ConsultantCommented:
Oohhh, no backups? Not a great start. Is it much data?

Have you scan you PC with MalwareBite? Might be a good thing


You may also want to look at this link:
Malware troubleshooting: recover your files damaged by CTB Locker Virus.

System Restore of Windows may help in resolving some issues, but not all the time.  You can give it a try also.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.