Avatar of Bruce Corson
Bruce Corson
Flag for United States of America asked on

CTB-Locker on Dropbox

CTB-Locker has encrypted many, not all, files on our Dropbox account. Once I get rid of the infected files (I am assuming they are the ones with the 6 or7 character file extensions), how can I use the Dropbox account again? If I delete everything, is it safe?

Help? Thank you.
EncryptionAnti-Virus AppsStorageMicrosoft Legacy OS

Avatar of undefined
Last Comment
David Johnson, CD

8/22/2022 - Mon
David Johnson, CD

find the compromised machine and restore from a backup to before you were infected or do a clean install.  There will be others that say just clean the machine using various tools and you will be fine.. The nagging question will always be did I get it all.. Once a machine is compromised the best rule of thumb is to not trust it again unless you follow my suggestion - re-install from a known good backup or a format and reinstall from scratch. delete the encrypted files from dropbox and you should be good to go afterwards.. but first before you re-enable dropbox client that your machine is good.
ASKER CERTIFIED SOLUTION
Thomas Zucker-Scharff

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
dbrunton

>>  CTB-Locker has encrypted many, not all, files on our Dropbox account.

Have you identified the source of the virus?  Is it your machine or is another computer with access to the Dropbox account?
Bruce Corson

ASKER
dbrunton...source of virus I BELIEVE is on the main laptop. It is the most heavily infected. Looks like DB was just in the process of deleting files and replacing with encrypted files.

David Johnson...thank you, that's what we're doing for the computer. It's the Dropbox over which I was most puzzled. And, this one account, which belongs to a large non-profit, had shares going out to many people.

Thomas Zucker-Scharff, thank you, exactly what I was looking for.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
David Johnson, CD

It's the Dropbox over which I was most puzzled. And, this one account, which belongs to a large non-profit, had shares going out to many people. Glad you found the source otherwise it would be near impossible to locate it as any computer that can access it could encrypt the files. Unfortunate that you can't finger point elsewhere..