How to remove Cryptolocker ransomware and decrypt .encrypted files

What is Cryptolocker?

CryptoLocker is the name of a ransomware posing a great menace to computers as it compels users to pay money for retrieving the encrypted files. Just after the decryption CryptoLocker finishes the ciphering, it displays a note saying that your data will remain unavailable until you purchase a key. However it does not warrant decryption, the cybercriminals may intentionally send you a wrong code. This will reduce the time left and inflict more panic, and for the second key cyber criminals will demand more money. The note will show a countdown with a period of 72 or 96, an amount of ransom and detailed instructions, which often include transferring money through Ukash, BitCoin, MoneyPak or other payment methods guaranteeing anonymity to the receiver.

cryptolocker ransomware

How Cryptolocker got installed on your computer

Commonly, CryptoLocker invades a computer via spam emails that look like letters with beneficial offers or like notifications from government. The text of these messages doesn’t matter, as they have an attached malicious file camouflaged as a zip archive. Once it is opened, the installation of the ransomware begins.


Versions and copycats of CryptoLocker

Crypt0L0cker. Crypt0L0cker is a ransomware based on original CryptoLocker, that is spread via email messages. Usually these have general topics that are able to draw people’s attention, like parcel tracking, unpaid taxes, etc. The ransomware can be identified by the extension it adds to encrypted files – .encrypted.
crypt0l0cker

Cryptographic virus. Yet another ransomware that hijacks the computer and the data in it and then demands money. This malware can be distinguished by the changed desktop wallpaper with CryptoLocker sign on it.
cryptographic locker

CryptoTorLocker2015.
CryptoTorLocker2015 is noticeable due to the fact that it is able to infiltrate mobile devices using Android OS. Since many people hold valuable information on phones and tablets, the ransomware poses a big danger. Luckily, uninstalling the infected application cures the problem.
cryptotorlocker2015

Symptoms of Cryptolocker infection

It’s difficult not to notice ransomware, since it often has one of the processes responsible for displaying a notification message. This window blocks the screen leaving the user minimum alternatives. Besides, some files will be inaccessible, as in many cases ransomware encrypts them to exasperate the scaring effect.


How to remove Cryptolocker?

To make sure that the threat won’t appear again, you need to delete Cryptolocker completely. For this you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to automatic removal tool.

Download Norton

Performing an antimalware scan with Norton would automatically search out and delete all elements related to Cryptolocker Ransomware. It is not only the easiest way to eliminate Cryptolocker Ransomware, but also the safest and the most assuring one.


Steps of Cryptolocker manual removal

Restart Windows in Safe Mode

For Windows 7, 8, XP and Vista:

  1. Restart the system
  2. While computer is rebooting press F8 several times
  3. In the appeared list of options choose Safe Mode

For Windows 10:

  1. In the Start menu click on the power button
  2. Hold Shift and choose Restart
  3. Choose Troubleshoot
  4. In the Advanced Options choose Startup Settings
  5. Click Restart
  6. Select Enter Safe Mode

Delete files and registry entries added by Cryptolocker

Now you will be able to reach the needed functions and files. For eliminating the ransomware activity, you need to find all of the following items and delete them.

Remove Cryptolocker files and folders:

%APPDATA%\WinXdd\winxddwp.jpg
%APPDATA%\WinXdd\winxdd.exe
%PUBLIC%\WinTmt\wintmt.exe
%WINDIR%\icagubuz.exe
%SystemDrive%\8d57c76f\8d57c76f.exe
%WINDIR%\iqosaqop.exe
%WINDIR%\ufegapoj.exe
%APPDATA%\uixjlub.exe
%WINDIR%\ykyrixgd.exe
%UserProfile%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe
%UserProfile%\[RANDOM CHARACTERS].exe

Remove Cryptolocker registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "*CryptoLocker"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CryptoLocker"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Restore the files encrypted by Cryptolocker

Use the decrypting tool

Unfortunately, currently the tool able to decrypt the files infected by Cryptolocker ransomware is not released yet. You may try applying to the methods described below, however, they might not work with the latest versions of Cryptolocker.

Restore the system

  1. Initiate the search for ‘system restore’
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Leave a Reply

Your email address will not be published. Required fields are marked *