How to Prevent All Your Files Was Encrypted With Cryptolocker

all your files was encrypted with cryptolocker

If you are seeing “All Your Files Was Encrypted With Cryptolocker” message – you are infected with a serious virus!

If some day you turn your PC on and discover that you cannot start your browser or any other program, you can be certain that a ransomware infection has sneaked into your system. This will also be confirmed by a large message that will appear on your desktop saying that all your files have been encrypted. The same will happen if you get infected with CryptoLocker. You will be offered to buy a decryption key and will be given three days time to do it. In case you do not, you will lose all your files.

How did I get infected with?

CryptoLocker may infiltrate your system after you download free applications from compromised file sharing websites. The infection may travel bundled with such applications and will get installed on your PC along with them. This will happen silently, so you will not realize your system is infected until your screen is locked and your programs are blocked. It is also possible for CryptoLocker to enter the PC attached to a spam email. When you open the attachment, you allow the infection to get installed automatically. Please note that it depends on your online behavior and the way you maintain your system to prevent the appearance of severe infections like CryptoLocker.

Why is this Dangerous?

Ransomware infections are very nasty and create a lot of problems for users. The main and most bothersome one remains data loss. The only way you can make sure none of your files are lost is to do regular back-up. Otherwise, even if you buy the offered decryption key, there is no guarantee that you will regain access to your files. And buying that key is something you should not do because it not only means wasting your money, but also putting essential information about your bank account in the hands of cyber criminals. It will not be easy for you to deal with CryptoLocker, especially if you have no experience with computer infections. Still, you should not give in to the manipulations of malicious parties who are after your money.

How to Remove CryptoLocker?

from Windows 7 (Win 8 instructions are further below)

  • Make sure you do not have any floppy disks, CDs, and DVDs inserted in your infected computer
  • Restart the computer
  • When you see a table, start tapping the F8 key every second until you enter the Advanced Boot Options

kbd F8

  • in the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.

safe-mode-with-networking

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

  • type “inetcpl.cpl” command in the field

inetcpl

  • Click on the connections TAB
  • Then on LAN SETTINGS
  • Uncheck the box labeled “Use a proxy server for your LAN”
  • Press OK
  • Now, press again, simultaneously the Windows Logo Button and the R key.
  • In the dialog box type iexplore www.virusresearch.org/download-en

scanner2

  • your Internet Explorer will open and a professional scanner will start downloading
  • Follow the instruction and use the professional malware removal tool to detect the files of the virus.
  • After performing a full scan you will be asked to register the software. You can do that or perform a manual removal as shown in step 2

from Windows 8

Start Your Computer into Safe Mode with Networking

  • Make sure you do not have any floppy disks, CDs, and DVDs inserted in your computer
  • Move the mouse to the upper right corner until the windows 8 charm menu appears
  • Click on the magnifying glass

win-8-advanced-settings

  • select Settings
  • in the search box type Advanced
  • On the left the following should appear

advanced-startup-options-win-8

  • Click on Advanced Startup Options
  • Scroll down a little bit and click on Restart Now

advanced-startup-restart

  • Click on Troubleshoot

troubleshoot

  • Then Advanced options

advanced-options

  • Then Startup settings

startup-settings

  • Then Restart

restart-win-8

  • When you see this screen press F5 – Enable Safe Mode with Networking

f4-win-8

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

  • A dialog box should open. Type iexplore www.virusresearch.org/download-en

scanner

  • Internet Explorer will open and a professional scanner will start downloading
  • Follow the instruction and use the professional malware removal tool to detect the files of the virus.
  • After performing a full scan you will be asked to register the software. You can do that or perform a manual removal.
  • To perform Manual removal you need to follow the steps below.

STEP 2: Locate the virus start-up point

while in safe mode, simultaneously press the Windows Logo Button and then “R” to open the Run Command

Run_command

Type “services.msc” carefully review all services disable if you see a suspicious one.

Open your Windows Registry Editor

navigate and delete the following registry keys:

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|iraripam, C:\ProgramData\adhwiqum.exe

SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|iraripam, C:\ProgramData\adhwiqum.exe

delete all your files was encrypted with cryptolocker

Please, note, that the file names are random and yours might be different.

Leave a Comment