Sunday, September 8, 2013

Useful Guide of Removing CryptoLocker Ransomware Safely

Waking up this morning, I found all my MS office files, picture etc are locked by the thing called CryptoLocker, and I have tried every methods I can to remove it but none of it seems work. Those files are fairly significant for me, and I really need them back. For this issue, I think I can help you with that. Please follow this post.

Introduction of CryptoLocker:

CryptoLocker is a ransomware created by cyber hacker aim to scams money by encrypting those significant office files, Pic etc in your computer. Once trying to open those encrypted files, this CryptoLocker will show up asking for you to pay about 100 euro to fix it. Some innocent computer users may so worried about their files and just pay the money to fix this problem to hacker. However, this problem cannot be completely solved for which its related files can still hide deeply in your computer. So, it can come back to your computer again and again. Only if you delete all its related files, can you fix this problem permanently.
Normally, this ransomware can sneak into your computer by bundling with a “freeware”, and if you install the “freeware” into your computer, this ransomware will come after which is just like a disaster for your computer. 

What CryptoLocker Will do to Your Computer:

It can encrypt your MS office file, picture etc;
It can change the default settings of your computer;
It is able to steal your personal information;
It sneaks into your computer and do everything in your computer without your permission;
It can be bundled on some of your system file which makes you cannot


Step by Step Guide of Removing CryptoLocker:

Step 1: Boot up the infected computer, press F8 at the very beginning, choose “Safe Mode with Networking” and press Enter to get in safe mode with networking.

Step 2: Press Ctrl+Alt+Del keys together and stop  CryptoLocker processes in the Windows Task Manager.


Step 3: Open Control Panel from Start menu and search for Folder Options. When Folder Options window opens, click on its View tab, tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then press OK.

Step 4: Search for all infected files and registry entries and remove them from your computer as follows:

%Temp%\[RANDOM CHARACTERS].exe
C:\Documents and Settings\<Current User>
C:\Users\<Current User>\AppData\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\random

Suggestions about How to Avoid CryptoLocker in The Future:

Don't visit those unsafe websites on the Internet;
Don't install any unknown "freeware" program into your computer;
Don't open the attachment from a spam e-mail;
Don;t insert infected USB flash drive into your computer.

You can also handle with CryptoLocker by using Spyhunter antivirus program. 

1. download Spyhunter into your computer;
2. Once it been installed in your computer, you should run a full scan with it to find out any threat in your computer. 

3. Click select all, then remove those threats from your computer completely.

Video Guide:


Notes: This tricky virus just uses random file names in same system directories or even its mutating versions will use different directories to escape various security tools' detection and add more difficulty to manual removal.Download Spyhunter and remove CryptoLocker virus from your computer.