Tip & How-To about Internet Security Systems Computers & Internet

Protect Your PC From The Worst Virus Ever

What Is Cryptolocker Virus? How Did I Get Infected With The Ransomware Malware?
So how exactly does Cryptolocker virus work, and how did you manage to become infected with the malware? Basically, CryptoLocker is a ransomware program that encrypts certain files on your computer using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display the Crypto Locker payment program information (red screen). How did you manage to get Cryptolocker virus on your copter to begin with? There's a pretty good chance if you became infected with the Crypto locker ransomware, it came to you in the form of a phishing email. Basically, one of these emails is a message that looks somewhat official and with it is some kind of attachment. It may be a .pdf or look like a scanned document of some kind. Once the attachment is opened, Cryptolocker virus begins its dirty work.

Once Cryptolocker virus has made it's way to your computer, it begins to targets files with the following extensions:
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c
For those who don't know much about computers, files like .doc or .docx would be your word documents, while .jpg and .img target your photos, just to name a few of the files which are being attacked. When Cryptolocker ransomware finds files with these extensions, it encrypts them using a public key and then makes a record of the file in the Windows registry under HKEY_CURRENT_USERSoftwareCryptoLockerFiles.
After all the encryption competes, you then get the dreaded red screen demanding themalware removal ransom. Although payment will result in decryption of your files, many professionals are suggesting you not pay the fines right away as there are other free ways to remove the virus and restore your files. Here's how.

Cryptolocker Virus Removal: What To Do Once You Realize You Are Infected
1) If your computer has been infected by CryptoLocker, disconnect from your wireless or wired network right away to prevent further file encryption.
2) Decide if you want to pay the ransom and have files decrypted or try to restore the files yourself.
3) If you choose to pay the ransom, do it BEFORE removing the virus. Once the ransom is paid, your files will all become decrypted over the course of 3-4 days.
4) After paying the ransom you may go ahead and remove the malware either using the freeMalwarebytes program featured in the video below or using a paid antivirus program on your computer
5) If you choose to try to restore your files instead DO NOT attempt to remove the malware yet! Go to the next section on restoring files infected by Crypto locker.

How to Decrypt / Restore Files Encrypted By The Ransomware
1) You will need to do a System Restore of sorts on your files via something called Shadow copies.
2) To restore the previous version of a document or file, just right-click the file in question and choose Properties.
3) If System Restore is you should be able to see the Previous Versions tab in the Properties window. This will list all of the versions on record of the file.
4) Choose a version before the Cryptolocker infection and click either Copy or Restore
5) Want to quickly see all the shadow copies on your system? Read the next section
How to Decrypt Multiple Files Encrypted By Cryptolocker Virus At Once
1) Download ShadowExplorer - a free tool for exploring available shadow copies on your system. This tool will allow you to restore multiple files at once, which have been affected by Cryptlocker, decrypting them as they were before the infection.
2) When you install and run the tool, select the drive and the shadow copy date and time from the drop-down menu. Then, choose the folder and file you want.
3) Right-click and select Export. Choose where to restore the file.

If you have files, photos, music and email you cant risk loosing, I highly recommend Carbonite to backup your PC on a regular basis. You can get a free trial here:

Carbonite CJ 15 Day Trial

Posted by on

Computers & Internet Logo

Related Topics:

Related Questions:

1 Answer

When on facebook and click on a picture it flickers back and forth from the picture to desktop version. Is it a virus? How do i fix the problem?

Go here, download the Free version, execute, update and RUN. Delete everything it finds. What you have is malware.

Malwarebytes ' Free Cyber Security & Anti-Malware Software

  1. Cached
Malwarebytes protects you against malware, ransomware, and other advanced online threats that have made antivirus obsolete and ineffective.Malwarebytes Anti-Malware · ‎Malwarebytes Free Download · ‎Products · ‎Support

Dec 31, 2016 | Facebook Computers & Internet

2 Answers

how do i take off the fbi virus if hard reset doesnt work ,cant put it in safe mode and the only thing i can do is bring up the keyboard on the fbi virus release codeon th web page?

The FBI "virus" is one of the most malicios malwares around, because it actually encrypts tour data files to blackmail you and they say, you may never get the decryption code, even if you pay.
Actually there are several version of this scam procedure and you should try to identify which one got in your computer, to neutralize and if possible, to get rid of it's effects.
Read some of these tutorials and may find more information doing a google search fror
Remove FBI virus..

3 Easy Ways to remove the FBI MoneyPak virus

Removing FBI Moneypak Interpol Mandiant Cyber Security virus from your...

How to remove FBI virus Removal Guide Malware Removal Software Tutorials

Remove FBI Fine Moneypak Virus Ransomware In 3 Easy Steps Narrated...

Aug 06, 2015 | Acer Aspire 5733-6607 Intel Core I3-370M...

1 Answer


well leave it alone and dont bother as the guardia civil are getting hot on roadblocks looking for hands free phones and issueing big fines if its on ,and head phones like i pods and the like ,even a car radio if it can be heard outside the vehicle .200euro fines on the spot or vehicle towed and impounded

Mar 05, 2012 | Cars & Trucks

1 Answer

can a 1987 mercedes 260 or 300 be flat towed behind a motorhome?

Wow what you towing it with a scania truck ??? if a manualo gearbox then no problem but a auto then the answer is no ,also its illegal to tow with a A frame in europe so its either the front up or a trailor here out local guardia civil would have a field day here in spain with something like this thats for sure

Jun 27, 2011 | 1990 Mercedes-Benz 300 Diesel

1 Answer

Where can I find the engine no. on my 1995 Ford Mustang engine block?

the engine number is the four numbers of the chassis number that i do know but if you find out then let me know as i imported one for a customer into spain and not even the inspection station could find it so i stamped it onto the head cover for ease but if its stopped by the guardia civil-------??? Still i did get the paperwork done so its legal but ???

Jun 18, 2011 | 1995 Ford Mustang

Not finding what you are looking for?

725 people viewed this tip

Ask a Question

Usually answered in minutes!

Top Internet Security Systems Computers & Internet Experts

Les Dickinson
Les Dickinson

Level 3 Expert

18424 Answers

Doctor PC
Doctor PC

Level 3 Expert

7733 Answers

David Payne
David Payne

Level 3 Expert

14162 Answers

Are you an Internet Security Systems Computer and Internet Expert? Answer questions, earn points and help others

Answer questions