Hello all,
I got this virus (Crypto Locker) on one of my laptops on Christmas night when I logged on. The laptop is used exclusively for Everquest and only EQ related sites when on the internet.
The virus is nasty in that it encrypts certain files ..it loves digital pictures,wallpaper images,word documents and many images and personal files stored on the computer and demands you pay US $ 300 via Bitcoins and a few other methods for them to give you a key to unlock your files. They threaten to destroy the key to fix the encrypted files if not payed within 72 hours iirc.The virus penetrated all safe mode options. But, despite the virus being active in safe mode you still have control over the desktop and ui..
I solved my problem by scanning via Malwarebytes (free) in safe-mode with networking which isolated the virus in its quarantine then deleted the files which showed up as: "Trojan.Ransom" in their virus vault. However, there are other methods.
Then after having removed the virus I did a system restore to a point a couple weeks back and my problem was solved..
I was lucky that my infected laptop had zero personal files and pictures, etc...
But if your computer had a lot of personal files,word docs,family pictures etc, only a safe "back up" would save you from losing priceless files and items.
I would never pay that ransom... though I have read that many do if they have a lot of files that have been encrypted.
To see which files have been encrypted, you can check via RUN then type "regedit" (BEFORE you remove the virus) and look in the subsection "Hkey_Current user" ..then.. "software" to see if Cryptolocker is in the list below. If it is there then under the subsection "files" it will show which files it has encrypted.
In my case, there were few encrypted files and none of importance so they could be sacrificed for good once I removed the virus - even after a system restore, some encrypted files and documents may not be retrieved successfully.
Good luck and beware of this nasty malware.
Edited, Dec 31st 2013 7:44am by hexeez