Encryption of personal files with CTB-Locker

Page 1 of 2 12 LastLast

  1. Posts : 399
    Windows 10 X64
       #1

    Encryption of personal files with CTB-Locker


    https://www.pcrisk.com/removal-guide...ncrypted-virus

    So my friend has this problem and i would like to give him good advice.

    Anyone here that had this problem before?

    My friend is on Windows 10.

    Thanks

    jeff
      My Computer


  2. Posts : 5,478
    2004
       #2

    Looks like your link is good advice. Remove the virus and restore your files from backup. If you haven't any backup you have to decide whether to risk paying the ransom or not as you can't decrypt the files. I wouldn't pay for sure.
      My Computer


  3. Posts : 399
    Windows 10 X64
    Thread Starter
       #3

    Well Halasz,

    He did take B-U's on another computer which is infected too.......

    He also bought already another drive where everything has to be put on again, except his photo's of his children, which are gone.

    Does not want to take the risk, that even formatting the drive would not erase everything.

    Even System Restore did not work.

    Jeff
      My Computer


  4. Posts : 5,478
    2004
       #4

    That is really unfortunate. System restore wouldn't work, no - restore points only hold OS data - not backups of personal files. I'm afraid that there isn't really a solution. You wouldn't want your name on their list of people who pay ransoms I don't think.
      My Computer


  5. Posts : 399
    Windows 10 X64
    Thread Starter
       #5

    Well Halasz,

    i have enough back-ups taken everyday to avoid that.

    But my friend did only take one....

    It was a long shot to ask it , since he already had taken his pc to a store and they could not help him either.

    But thanks

    Jeff
      My Computer


  6. Posts : 16,325
    W10Prox64
       #6

    jeffrys said:
    https://www.pcrisk.com/removal-guide...ncrypted-virus

    So my friend has this problem and i would like to give him good advice.

    Anyone here that had this problem before?

    My friend is on Windows 10.

    Thanks

    jeff
    Hi.
    Here are instructions for removing CTB Locker.

    Please be absolutely sure this is what you have, and not some other encryption software, because some of them have been cracked, and people have been able to get their files back without paying.

    I would not pay any ransom. There is a good chance that you will just lose the money.

    Please have your friend backup his encrypted files/photos to a spare drive and store it away, in case something breaks in the future. Find the threads at BleepingComputer which address his particular infection, read them thoroughly, and subscribe to them for future updates.

    Install CryptoPrevent to help thwart these encryption infections in the future, in addition to your normal anti-virus.
      My Computer


  7. Posts : 16,325
    W10Prox64
       #7

    It appears that when CTB Locker encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you can may be able to use a file recovery software such as R-Studio or Photorec to recover some of your original files. It is important to note that the more you use your computer after the files are encrypted the more difficult it will be for file recovery programs to recover the deleted un-encrypted files.
      My Computer


  8. Posts : 399
    Windows 10 X64
    Thread Starter
       #8

    Thanks Simrick,

    yes i told him to use an external USB drive AND a USB-stick. He can plug in the stick, take the B-U, remove the stick.

    So then he has 2 B-U's. He can let the B-U program run, to put his photo's and so one on the server he has. This as an extra.

    No he is not going to pay and he showed me the problem.
    It is the CBT Locker.


    They should put them in jail for that.

    Jeff
      My Computer


  9. Posts : 16,325
    W10Prox64
       #9

    jeffrys said:
    Thanks Simrick,

    yes i told him to use an external USB drive AND a USB-stick. He can plug in the stick, take the B-U, remove the stick.

    So then he has 2 B-U's. He can let the B-U program run, to put his photo's and so one on the server he has. This as an extra.

    No he is not going to pay and he showed me the problem.
    It is the CBT Locker.


    They should put them in jail for that.

    Jeff
    Hi Jeff,
    Did you see the info in my post #7 above? He may be able to run a file recovery program to get some of his deleted files back. It's worth a shot.

    Yeah, these rats should be in jail!
      My Computer


  10. Posts : 39,789
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       #10

    Not that it helps now, but in the future consider making a system image on a regular basis & keep it on an external drive that is not always connected to the PC/Laptop. Locker viruses are widespread now & the a system image is a good safeguard. Keep 3 or 4 prior backups in case you inadvertently make one with a virus.

    System Image - Create in Windows 10 - Windows 10 Forums

    Even if you do pay the ransom, there is no guarantee you will get the decryption key.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:52.
Find Us




Windows 10 Forums