Linda from New York asks,
I have been receiving Steve’s tips for about 15 years and I am sure this has been addressed but I don’t know when. I have a ctb-locker virus and I would like to know how you would handle it.
Hi Linda, thanks for being such a loyal reader!
CTB locker is a nasty form of malware in the form of ransomware. Infections by this malware are currently on the rise. This is most often sent in spam emails with attachments, similar to the one below. It’s also shown up on false messages appearing to warn you that Google Chrome is out of date. This is where we once again give the advice to NEVER click on attachments from emails you don’t recognize.
The malware will encrypt your files and won’t let you into those files unless you pay the ransom. It will copy itself into the %temp% folder with a random, 7 character name, as well as set up a scheduled task to execute itself at system startup. Once files are encrypted, you’ll get a pop up that gives you a countdown and demands a ransom in bit coins. It seems the ransoms are for 2-3 bitcoins, which is equal to up to $750 US dollars! The malware also changes your background image to show the same ransom warning.
The issue is that this is not a joke or a scam, and the files are truly encrypted. Once encrypted, there is not a lot that you can do to recover the files. We certainly don’t advise to pay the ransom, as that will just finance further operations by the creators, and doesn’t even guarantee your files will be decrypted. After all, you are relying on the trustworthiness of the creators of a major form of malware!
First things first, you need to run a malware scanner and antivirus scanner if you find yourself infected. Make sure to remove any infected items it finds. However, even after the infection is removed, the files are still encrypted. There are a few methods you can try to get your files back.
First, and best, restore from a recent backup. Hopefully, you keep a regular backup of all your files. In the case of this infection, this is the best, and possibly only, way to recover your files.
You may also find success with a system restore, if this is set up on your computer. Remember, this will restore to a previous state, so if you’d made some major changes before this restore point, you may lose some of your data. You may also find some success with previous versions of files. But keep in mind, ctb locker will attempt to erase these files as well, so you may not be able to do this with all your files.
Of course, prevention is the key to avoiding all this headache. Here are some tips to avoid infection:
- Avoid unsolicited links or attachments in emails.
- Use caution when dealing with unfamiliar files and websites.
- Only download software from official websites.
- Keep operating systems, antivirus, and antimalware software up to date.
- Perform regular back ups of your files and system.
~ Audra
Can’t these forms of malware be removed by hand? Also, is the procedure the same for adware that pops up at a certain time every day? To be specific, I get a pop up page every 12 hours telling me that my video player/adobe player/reader, is out of date and that I should upgrade. Sometimes it is invitations to online games. Often, the only way to close the page is to force a shut-down on my pc and it is very frustrating to say the least. I hope you can help me.
Jose,
Ransomware is different than adware. The infection itself can be removed with a scan using an antimalware program. The problem is removing the infection doesn’t help in any way with your files.
In your case, I’d suggest downloading a free malware scanner, such as Malwarebytes, to see if there are any infections. If it’s popping up that adobe player needs updating, that may be a valid request to update if it is that regular, they do roll out updates regularly. You can check if you have the latest version by going to this website: http://www.adobe.com/software/flash/about/
You say to try System Restore. This may remove the infection by going back to before it entered your system, but System Restore will not bring back data files, nor will it clean out the infection residing within your data files. So what is gained?
Mike,
You are correct that it will not restore your files, but restoring will clean out the infection in your system files as it will restore them to a previous state. That way it will not affect the computer on a restart.
I am sorry Audra but have to disagree with your advice in this case. The need to restore your files and the likelihood of not get all of the infection makes a wipe and rebuild the best option in a case like this, in my opinion.
For someone with little technical knowledge, this would be a daunting task. I agree, it is probably the best way, provided you have good back ups and knowledge of how to do it. But lots of people would not feel comfortable starting from scratch, nor would be willing to pay someone to do so. This gives them the option of attempting to solve it themselves. Thank you, though, for the input!