Have you been unable to access the photos, PDF files and / or other documents on your PC for a few days now? Every time you try to do this, a creepy message appears on the Windows desktop asking you for a ransom to be able to view your files again? If the answer is affirmative ... calm and chalk! Surely you are finding yourself having to deal with malware CryptoLocker¹. How do you say? Are you very worried and would like to know how to proceed in order to get rid of the "intruder" and get your files back? Well, don't worry, you can count on me this time too. In fact, in the following lines I will go on to explain everything that is possible to do to succeed remove CryptoLocker from the computer.
Before explaining what steps to take to succeed in the enterprise, however, it is good that you clear your ideas about the cyber threat in question. CryptoLocker is nothing more than a ransomware or a particular type of malware that affects Windows operating systems and which once in action limits access to the files contained in the affected user's computer by encrypting them and then asking for a ransom to make them accessible again. Usually this malware spreads as a seemingly lawful and harmless email attachment that appears to come from legitimate institutions. In other cases, CryptoLocker is instead loaded on a computer that is already part of a botnet. Getting rid of CryptoLocker is not exactly a walk in the park but with the right amount of patience and proceeding step by step everything is possible, do not worry.
Having clarified this, if you are therefore really interested in finding out what needs to be done to remove CryptoLocker from your computer, I invite you to take half an hour or more of free time and concentrate on reading this guide and on carrying out the steps that I am to point you out. I am sure that in the end you will succeed in your intent and that if necessary you will also know how to explain to your friends in need of similar help how to proceed. Ready? Yes? Very well, then let's get started.
Remove CryptoLocker with Malwarebytes Anti-Malware
In order to remove CryptoLocker from your PC I suggest you first resort to the use of Malwarebytes Anti-Malware. It is a free program that can remove trojans, worms, rootkits, dialers, spyware, ransomware and other types of malware from your computer (if you remember I also talked about it in my article on how to eliminate malware).
To start using Malwarebytes Anti-Malware on your computer click here in order to connect to the official website of the program and then click on the green button Free download, presses the button Download now and wait for the download procedure to be started and completed.
When the download is complete, double-click on it and open the file you just downloaded and, in the window that opens, first click on Run and then Yes, OK e forward. Then accept the conditions of use of the software by placing the check mark next to the item I accept the terms of the license agreement click her cousin forward five times in a row and then on Install e end to finish the setup. Also deselect the item Activate Malwarebytes Anti-Malware Pro free trial.
At this point Malwarebytes Anti-Malware should start automatically. If it doesn't, double-click the program icon that has been added to your desktop.
At the first start of Malwarebytes wait for the most recent antimalware definitions to be downloaded from the Internet and if necessary set the Italian language for the program by going to the tab Settings and selecting the voice Italian give menu to tendin Language.
Then click on the tab General placed at the top and then click the button Start Scan. Then wait for the software to complete the check of the entire computer and then make sure that in the list of threats detected there is a check mark next to the item Cryptolocker and click on Apply actions to remove the malware.
If you encounter difficulties in using Malwarebytes Anti-Malware or if the program, despite having identified CryptoLocker, fails to remove the malware, I suggest you start your computer in safe mode by following the instructions in my guide on how to start your PC in safe mode and repeat the procedure again.
Remove CryptoLocker with Norton Power Eraser
As an alternative to Malwarebytes Anti-Malware, you can remove CryptoLocker from your PC by using Norton Power Eraser. It is a free program distributed by Symantec that does not require installation to work. This software is capable of scanning and eliminating viruses that might escape traditional scans.
To start using Norton Power Eraser on your computer click here in order to connect to the official website of the program and then click on the orange button Download and wait for the download procedure to be started and completed.
When the download is complete, open the file you just downloaded by double clicking on it and click on Si. In the window that will open at this point, click first on Accept and then click the yellow button Look for risks which is located on the left. To conclude, press the button Restart.
Then wait for the computer to restart and for the system analysis procedure to be able to identify and remove CryptoLocker is started and completed (I warn you, it may take a while!). At the end of the scan make sure that in the Norton Power Eeraser window that displays on the desktop among the threats found in the list under the heading Scanning completed also include the voice Cryptolocker then presses the button Edit.
Then click the button Restart now and wait for the computer to restart and for the procedure to remove CryptoLocker to be effectively completed. Once the Windows desktop is displayed again, first presses on Si and then on the button end attached to the Norton Power Eraser window and then choose whether to send a complete report of the operation carried out to Symantec or not by pressing, depending on your intentions, on the button Si or about that No.
Even in this case, if you encounter difficulties in using Norton Power Eraser or if the program, despite having identified CryptoLocker, should not be able to remove the malware, I suggest you start your computer in safe mode by following the instructions in the guide that I indicated to you in the previous lines and to repeat the procedure from the beginning.
Recover Encrypted Files
Now that you have finally managed to remove CryptoLocker I'm sorry to tell you but… the files encrypted by the malware are not automatically accessible as they were before the infection! To be able to access your files again you will therefore have to put in place a specific recovery procedure. However, there is no need to be alarmed, the worst is over and what you will have to do now is a fairly simple operation, trust me.
To be able to restore files encrypted by malware, you must first know which documents were actually affected. To do this click on the icon depicting a yellow folder that is attached to the taskbar, double-click on Local disk (C 🙂, then click with the mouse cursor in the search field located in the upper right part of the displayed window and type * .encrypted. Doing this will show you all the files that have been encrypted by CryptoLocker. Then repeat the search operation by typing * .crypt in the field at the top right of the window on the desktop.
Now that you know the files that have been the victim of CryptoLocker click here to connect to the website of ShadowExplorer, the software you will need to use to restore normal access to your documents. It is a free and usable program without installation that allows you to restore files that have been encrypted by malware using the security copies made automatically by Windows.
Once the program's web page is displayed, presses on the item Download located on the left then click on the link Portable present at the top right and wait for the software download to be started and completed.
Then, right-click on the compressed folder that has been saved on your computer, choose the item Extract all ... from the menu that is shown to you and presses on Extract then double click on the folder attached to the window that appeared on the desktop. To conclude, click twice on the file ShadowExplorerPortablepiggy back his Si and wait for the program window to be visible on the screen.
Then select from the drop-down menu located at the top left of the most recent Windows backup among those listed and then move between the various folders and the various files visible in the right part of the program window until you find those to restore. Then click on each element identified with the right mouse button and choose the item Export… from the menu that is shown to you then indicate the location where you intend to save the restored file and accessible again and press on OK.
- For more details about CryptoLocker it is possible to consult the appropriate IT Web page on Wikipedia and accessible by clicking here.