Wednesday, October 16, 2013

Remove CryptoLockerRemove CryptoLocker

Remove CryptoLocker
CryptoLocker is a program that was detected in the beginning of September 2013. CryptoLocker encrypt certain files in computer using RSA and AES encryption. When CryptoLocker has finished encrypting your files, it will display a CryptoLocker payment program that force you to send $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 72 hours, or 3 days, to pay the ransom or CryptoLocker will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted. However, don't believe whatever displayed. All of them is a lie! They just want to cheat your hard-earn money.

CryptoLocker states that Your important files encryption produced on this computer: photos, videos, documents, etc. Here is a complete list of encrypted files, and you can personally verify this. Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files... To obtain the private key for this computer, which will automatically decrypt fiels, you need to pay 300 USD / 300 EUR / similar amount in another currency. Any attempt to remove or damage this software will lead to the immediate destruction fo the private key by server.

CryptoLocker should be removed immediately!


Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CryptoLocker"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "*CryptoLocker"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[Random]"

Remove Folders and Files
%UserProfile%\[random].exe
%UserProfile%\[random]

No comments:

Post a Comment