How to get rid of CryptoLocker

Around 2 weeks ago, I wrote about the Gameover Zeus Malware and its sibling CryptoLocker. In this follow up article, I will explain how to get remove CryptoLocker from your computer.

As I mentioned before CryptoLocker which is ransomware, is only triggered if Gameover Zeus does not find any financial information on your computer. When it’s triggered your computer hard drive is encrypted and you will see something similar to the screenshot below.

CryptoLocker-thmb

Turn of your computer and wait 10 seconds before you turn it back on. You are now going to run your computer in Windows Safe Mode. Turn your computer back on and as soon as you see anything on the screen please keep pressing the F8 key on your keyboard. You will soon see the Advanced Boot Options Menu which may look the screenshot below if you are running Windows 7 on your computer.

Advanced_Boot_Options_Win7

Now select Safe Mode with Networking and press Enter. Safe Mode only loads up the minimum programs and services needed for your computer to work, and Safe Mode with Networking allows you to go online. As Ransomware is set to load up automatically when Windows loads up, Safe Mode and Safe Mode with Networking will greatly decrease the chances of this happening,

Now you have access to your computer, you can run antivirus software to get rid of your ransomware. Before you do this you will have to delete all your temporary files as it will speed up the virus scanning, free up disk space, and possibly get rid of any malware that may be on your computer. It can take from a few minutes to 20-30 minutes to delete all the files you selected.

The Disk Cleanup utility program included with Windows will delete your temporary files. If your computer is running Windows XP or 7, to access it click the Start button, then Programs, Accessories, System Tools, Disk Cleanup. The Disk Cleanup utility program can also delete other files too like ones in your Recycle Bin.

If your computer is running Windows 8 you will have to go to the Control Panel. Press the windows button and the E button on your keyboard. This will open Windows explorer.

windows_8_explorer

At the very top of the screen you will see Open Control Panel and you will click on this. Now open Administrative Tools and then click on Disk Cleanup.

Once you have deleted your temporary files you can now run antivirus software on your computer. Any antivirus software that you have on your computer will be of no use to you now as it never stopped your computer getting infected and any Malware and Ransomware on your computer may block it from working.

I highly recommend running a cloud based antivirus software like Trend Housecalls. Since the software is not stored on your computer no Malware or Ransomware can stop it doing its job, and if you try to install Antivirus software on your computer it might be blocked from installing.

Once it has run its scan and got rid of any Malware and Ransomwear, your computer is fully in your control again.

If you can’t get into Safe Mode with Networking you can do a system restore which allows you to go back to the last known safe version of Windows that was running safely on your computer. System Restore will keep all your current personal files like pictures or office files and will restore windows back to the last known safe version of windows on your computer.

Turn your computer on and as soon as you see something on your screen keep pressing F8. You will then see the Advanced Boot Options menu, select Repair Your Computer and press Enter. Now you’ll have to log on as a user so please select your Windows account name and only enter in your password if you have one. You will now see System Recovery Options.

system_recovery_options

Select System Restore and your computer will load up fine. Once this is done make sure that you have antivirus software installed on your computer and that it is kept up to date along with the latest patches for the version of windows that is on your computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

+ 23 = 26