What is CTB-Locker?
CTB-Locker is a highly dangerous ransomware which also goes by the name of Critroni. The infection is installed by a Trojan horse which enters your computer from pornography pages or files exchange websites. This Trojan is very sneaky and can remain unnoticed for a long time. Its process is called Adobe Flash Player 10.3 r183 which makes the users assume that it is video watching program. Meanwhile the Trojan makes sure that the CTB-Locker gets situated in your PC and is able to begin malicious activity. You should install a reputable anti-malware which could delete CTB-Locker as well as take care of the Trojan.
What does CTB-Locker do?
As soon as the virus gets in your system, it encrypts a variety of your files. It can affect files with .jpg, .cer, .doc, .mp4, .pem, .db, etc. extensions. CTB-Locker uses a sophisticated encryption manner called elliptical curve cryptography which is very difficult to decrypt. At the same time, the intruder manages to create three files which contain the same message in English and Russian. The file can be named sunlrad.html, AllFilesAreLocked 1716900.bmp or DecryptAllFiles 1716900.txt depending on the infected computer. It notifies the user about the infection and encrypted files and demands payment for the decryption. Unfortunately, we must warn you that even if you pay the money, it is unlikely that the virus will restore your files. Unless you have a backup stored in some other computer, it is possible that your files are lost for good. Your only option seems to be to clean your PC and to remove CTB-Locker.
In the message, cyber criminals who infected your PC with CTB-Locker demand that you pay the ransom in 72 hours through online money transfer system. The required amount is approximately 24 USD which must be paid in bitcoins. The message also states that after paying the ransom you will be presented with the decryption key which is hard to believe bearing in mind that you are dealing with hackers that attacked your system in the first place. We recommend to ignore this message and to concentrate on CTB-Locker removal.
You also must have noticed the black screen of your PC. That happens, because the ransomware erases explorer.exe which is responsible for smooth interplay between you and the interface of your operating system. The good news is that this is only a temporarily situation which changes once you reboot your system. Furthermore, the virus also contacts control and command servers through Tor system which makes it very difficult to track down its source. From these servers the virus can receive instructions or it can distribute your information. You should really hurry to eliminate CTB-Locker before it caused even more damage and spread your personal data to other malicious parties.
How to remove CTB-Locker?
There is no doubt that you must use a powerful anti-malware to delete CTB-Locker from your computer. This is a very dangerous and aggressive virus which cannot be removed manually by the inexperienced computer users. Besides, you must not forget that there is more than one malignant application in your system. The Trojan which is responsible for the installation of this malware also still resides in your system which means that you not only need to uninstall CTB-Locker, but also have to deal with the culprit of this problem. What you should do is to purchase a legitimate security tool and use it to terminate CTB-Locker and the Trojan from your PC.Download Removal Toolto remove CTB-Locker
- Integrates into the web browser via the CTB-Locker browser extension
- CTB-Locker Shows commercial adverts
- Steals or uses your Confidential Data
- Redirect your browser to infected pages.
- Common CTB-Locker behavior and some other text emplaining som info related to behavior
- Distributes itself through pay-per-install or is bundled with third-party software.
- Slows internet connection
CTB-Locker effected Windows OS versions
- Windows 8 26%
- Windows 7 22%
- Windows Vista 11%
- Windows XP 41%
Warning, multiple anti-virus scanners have detected possible malware in CTB-Locker.
|K7 AntiVirus||9.179.12403||Unwanted-Program ( 00454f261 )|
|VIPRE Antivirus||22702||Wajam (fs)|
Remove CTB-Locker from Windows
Remove CTB-Locker from Windows XP:
- Drag mouse cursor to the left of the Task Bar and click Start to open a menu.
- Open the Control Panel and double-click Add or Remove Programs.
- Remove the undesirable application.
Remove CTB-Locker from Windows Vista or Windows 7:
- Click the Start menu icon on the Task Bar and select Control Panel.
- Select Uninstall a program and locate the undesirable application
- Right-click the application you want to delete and select Uninstall.
Remove CTB-Locker from Windows 8:
- Right-click on the Metro UI screen, select All apps and then Control Panel.
- Go to Uninstall a program and right-click the application you want to delete.
- Select Uninstall.
Remove CTB-Locker from Your Browsers
Remove CTB-Locker from Internet Explorer
- Go for Alt+T and click on Internet Options.
- In this section, move to the 'Advanced' tab and then click on the 'Reset' button.
- Navigate to the 'Reset Internet Explorer settings' → then to 'Delete personal settings' and press on 'Reset' option.
- After this, click on 'Close' and go for OK to have modifications saved.
- Click on the tabs Alt+T and go for Manage Add-ons. Move to Toolbars and Extensions and here, get rid of the unwanted extensions.
- Click on Search Providers and set any page as your new search tool.
Delete CTB-Locker from Mozilla Firefox
- As you have your browser opened, type in about:addons in the shown URL field.
- Move through Extensions and Addons list, delete the items having something in common with CTB-Locker (or those which you may find unfamiliar). If the extension is not provided by Mozilla, Google, Microsoft, Oracle or Adobe, you should be almost sure you have to erase it.
- Then, reset Firefox by doing this: move to Firefox ->Help (Help in menu for OSX users) -> Troubleshooting Information. Finally,Reset Firefox.
Terminate CTB-Locker from Chrome
- In the displayed URL field, type in chrome://extensions.
- Take a look at the provided extensions and take care of those which you find unnecessary (those related to CTB-Locker) by deleting it. If you do not know whether one or another must be deleted once and for all, disable some of them temporarily.
- Then, restart Chrome.
- Optionally, you may type in chrome://settings in URL bar, move to Advanced settings, navigate to the bottom and choose Reset browser settings.