|Short Description||May encrypt important files and give decryption keys upon paying ransom which is usually financial compensation.|
|Symptoms||Appearing of different objects in various user folders or the Desktop or on startup. Files encoded with unfamiliar extensions|
|Distribution Method||Spam mails. MiTM attacks, malicious redirects.|
|Detection tool||Download SpyHunter, to See If Your System Has Been Affected By Trojan.Cryptolocker|
Trojan.Cryptolocker also named Trojan.Gpcoder.H, CryptLocker.B, Trojan:Win32/Crilock.A, TROJ_CRILOCK.NS, Trojan.Ransomcrypt.F is an extremely devastating trojan horse that is reported to encrypt user files to extort them for money in return for a decryption key. This vicious threat may infect user PCs in several different ways, and IT security experts recommend to disconnect immediately your computer if you see any messages, saying your files have been encrypted.
This particular trojan horse has many different variants, some of which are .E, .N, .F, .P, .W, .U, .R, .V. They are all very similar to each other, mainly in the sense that they encrypt user files. In one particular case of variant .P, the current objects associated with this trojan were found:
The ‘PacMan.exe’ file is probably the one that was used to initiate the infection. It is most likely sent directly to the user via email, messengers or straight inserted with a USB stick on the computer. It may also feature a crypter patch with countermeasures against detection of the app by some antivirus programs. Once opened, pacman.exe may have scripts (pre-programmed actions) that move it after its opening and hide it from the user. One moment you click on it and in the other – poof and it’s gone. More so some of the actions it is programmed to do is create other files that may be scheduled to scan the computer every hour for new files and encrypt them. This is why it is recommended to remove this program from your computer by using an advanced anti-malware program fast.
How Did I Become Infected?
There are several means of distribution for this Trojan. Some of them are mainly connected with the direct execution of the file by another individual on the PC. Another method is a redirect by an adware PUP (Potentially Unwanted Program) on your computer. Such PUP programs are notorious for bringing up annoying pop-ups, with flashy messages along with pictures, saying ‘Play Now’, ‘Your computer has been infected’ or any other scamming attempts to make you click on their links. There was one particular redirect that said ‘Your Java needs an update’ and with only one ‘Ok’ button on it, which after clicked on, begun downloading malware on the computer.
Either way experts advise if you see this threat to disconnect immediately your computer from the web and download an anti-malware program from a safe device to install it on the affected PC.
How To Remove Trojan.Cryptolocker?
There are many methods for the removal of this Trojan, but an expert advice is to do it in a safe offline mode or to boot live OS USB or CD. It is a standalone operating system that does not allow Trojan.Lockscreen to operate and isolates the threat. Regarding the files, it is recommended to do a backup first. Always use an external memory carrier and always make more than one copy of your important files in case something happens. For best results, you should follow the removal manual below and download a particular anti-malware program that will scan and remove anything out of the ordinary.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Trojan.Cryptolocker – How To Protect Your Files?
In case you have seen ransomware attacks, you might want to back up your data. To perform this action, you should guide yourself by the after mentioned manual.
Security engineers recommend that you back up your files immediately, preferably on an external memory carrier in order to be able to restore them. In order to protect yourself from Trojan.Cryptolocker (For Windows Users) please follow these simple instructions:
For Windows 7 and earlier:
1-Click on Windows Start Menu
2-Type Backup And Restore
3-Open it and click on Set Up Backup
4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.
5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.
6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by Trojan.Cryptolocker.
For Windows 8, 8.1 and 10:
1-Press Windows button + R
2-In the window type ‘filehistory’ and press Enter
3-A File History window will appear. Click on ‘Configure file history settings’
4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.
5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from Trojan.Cryptolocker.
Enabling Windows Defense Feature:
1- Press Windows button + R keys.
2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.
3- A System Properties windows should appear. In it choose System Protection.
5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from Trojan.Cryptolocker is on.
Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.
2-Click on the Previous Versions tab and then mark the last version of the file.
3-Click on Apply and Ok and the file encrypted by Trojan.Cryptolocker