Cryptolocker – Infection removal

Jay HineSecurity

What is CryptoLocker?

CryptoLocker is what is known as ‘ransomeware’. Basically this means that it infects a computer and restricts access to it in someway. They often also constantly harasses the user with annoyances such as popups. The aim of the software is to make the user pay a ransom to the operators of the malware to remove the restrictions.

CryptoLocker is spread via infected email attachments or by computers that are already infected acting as a ‘botnet’.

How do I know I’m infected?

Usually the sign of infection will be messages asking you to pay money (usually in the region of 400 USD or Euros) to an anonymous pre-paid cash voucher (there are many of these services and it varies from infection to infection). There is often a time limit on these payments, typically between 72 and 100 hours.

What should I do?

The first rule is to never ever pay the ransom. There is no guarantee that it will solve the issue and you have no idea where you are sending the money and to whom. Instead follow the guide below to rid your computer of CryptoLocker.

Step 1 – Download CryptoPrevent from the website here. This is a FREE program. Once you’ve downloaded it open the file CryptoPreventSetup.exe and click next as shown below.


Image

Step 2 – Accept the Licence Agreement


Image

Step 3 – Click next

Step 4 – Click install

Step 5 – Click finish (with Launch CryptoPrevent ticked)

Step 6 – It will then ask you if you purchased a Product Key for automatic Updates? – Click No.

Step 7 – It will then ask you are you interested in learning more about automatic updates, or to purchase a product key. – Click No.

Step 8 – Finally, click OK.

Step 9 – You will be presented with the screen below. Keep the ‘Default’ Protection and click Apply.


Image

Step 10 – Click no to whitelist all items in known blocked locations.

Step 11 – You must then restart your machine. You can do this now or later.