how to remove Crytolocker

I have a user who has a cryto locker ransom virus on their personal laptop. My son says there is a good fix now to undue the damage? I see many tools in Google but my question is, is there truly a fix and where without getting something as bad or malware can this fix be had?
LVL 1
Dennis MillerAsked:
Who is Participating?
 
Thomas Zucker-ScharffSystems AnalystCommented:
0
 
Michael FowlerSolutions ConsultantCommented:
0
 
dbruntonCommented:
This really depends on which version of Cryptolocker has hit the computer.

If it is the early version then the links supplied by Michael74 may work.

However see Bleeping Computer (for the old version) http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information and (for the newer version) http://www.bleepingcomputer.com/forums/t/549016/torrentlocker-support-and-discussion-thread-cryptolocker-copycat/

The newer version has no decryption possible at present.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
David Johnson, CD, MVPOwnerCommented:
Cryptowall is only one of many variants on this malware encryption craze.  Since it is so lucrative for the creators a new version seems to pop up weekly.  The only cure is not to get infected by using safe browsing techniques, always run as a standard user except for when admin privileges are needed (usually only needed for installations) and having current backups.  Do NOT keep your backup device on-line except for creating / restoring from a backup as the malware will search and encrypt ANY files it finds..  Backup, Backup, Backup.. 3 copies on 2 different media, 1 being off-site.

once the damage is done.. the only real recourse is re-install the operating system (recent backup??) and restore the files from backup.  Don't try and cheat by just removing the malware. Why not. you ask? The simple answer is that once a machine is compromised you can never trust that machine again. If I was a malware author, I'd add a scheduled task for sometime in the future to re-aquire and install the malware at a later date.
0
 
Dennis MillerAuthor Commented:
David after seeing how some other virus issues I have had to try to fix and none as bad as this, I would tend to agree. It seems no matter what you clean and how it says it is clean, the laptop ends up coming back to me again. I have yet to really get any laptop cleaned if a virus (not malware) hits. The easiest way is to just re-install but I would like to at least get this guys music and pictures off. I will try one of the above and then after I get the music or whatever he has to have off, I will just re-install the image. Thanks. I will let you guys all know how the fix works.
0
 
Dennis MillerAuthor Commented:
I just talked to one of the techs and he went to bleeping computers which always seems to have a fix and downloaded rkill and says it did clean the laptop but I also again agree that a re-image is just the safest way. I will run the rkil tonight and see what happens and also run the download that shows what has been decrypted and this was off the site David had. It is also nice that I have someone else's laptop to test it on since he thinks it is dead anyway. I love testing on another laptop that is not mine.
0
 
Oleksiy GaydaCommented:
You need to make sure it really is CryptoLocker - that particular strain of malware was taken down last year and, while it's been trying to make a comeback, a lot of fake ransomware strains have been making use of the name (without actually encrypting the files). Unfortunately, a strain called CryptoWall has filled in the niche lately and comprises the wast majority of recent crypto ransomware outbreaks. I say "unfortunately", because there are no known means of decrypting CryptoWall infected machines (and the recent payloads also started to include a credential stealing spyware module). See an earlier question about CryptoWall 3.0 ramifications here.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
Ransomware,  if it is such,  can be easily determined.  Check a single file by uploading to the crypto server. and see my article.
0
 
David Johnson, CD, MVPOwnerCommented:
if the files have been encrypted they are gone just a like a catastrophic disk error, format the disk.. if the files are not now encrypted then add the drive to another machine and copy the files over.  Belt and suspenders route is to use a different o/s host machine like linux to copy the files.
0
 
Dennis MillerAuthor Commented:
Thanks to all that helped. Bleeping computers had a ton of great info. The virus trashed the MBR so I had to re-format. It had been on there too long. I ended up wiping the drive and re-imaged. His music was not able to be had any longer. Thanks for all the help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.