Remove Cryptolocker.AB Ransomware Completely - How to, Technology and PC Security Forum | SensorsTechForum.com

Remove Cryptolocker.AB Ransomware Completely

Cryptolocker.AB is a Ransomware Trojan horse of the Cryptolocker family. It searches for files with many different extensions, encrypts them with a “.crinf” extension, then asks for a huge ransom for decryption. It can delete Shadow Volume Copies, disable Windows Startup Repair, and end important system processes.

NameCryptolocker.AB Ransomware
TypeRansomware, Trojan
Short DescriptionThe Cryptolocker.AB Trojan horse locks the user’s important files and demands a payment. From the CryptoLocker Ransomware family
SymptomsFiles are locked in a ‘.crinf’ file format and a ransom message is displayed. Payment instructions are included in a file.
Distribution MethodDistribution method is not yet clear. It can be distributed through browsing unsafe sites, malicious email attachments, drive-by downloads, etc.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by Cryptolocker.AB Ransomware
User ExperienceJoin our forum to discuss the CryptoLocker.AB Ransomware.

Cryptolocker.ab-Cryptolocker-ab-ransomware-encrypt-decrypt-rsa-ransom-message-box-instructions

Cryptolocker.AB Ransomware – How Did I Get It?

There are a number of ways you could get infected with Trojans such as the Cryptolocker.AB Ransomware.

The most common distribution method is known to be through malicious email attachments and spam emails. There are even cases, where an email itself also contains malicious code and upon opening the email, the user infects its computer with it, even if he doesn’t open the attachment inside.

Around social networks and file sharing services there may be similar attachments and files containing the Cryptolocker.AB Ransomware, disguised as something else.

Another common way of getting infected with Ransomware is through exploit kits run from legitimate websites. For exploit kits to run, these websites must have been compromised, to have some sort of a security breach. Also, landing suspicious sites with malicious code on them may just as easily get you infected.

Cryptolocker.AB Ransomware – In Detail

The Cryptolocker.AB Trojan horse is also classified as Ransomware. The known file extensions which the newer variant from the Cryptolocker family seeks to encrypt are:

→.3dm .3ds .3fr .3g2 .3gp .7z .ACCDB .ach .ai .aiff .arw .asf .asx .avi .back .backup .bak .BAY .bin .blend .c .cdr .cer .cpp .cr2 .crt .crw .cs .dat .db .DBF .dcr .dds .DER .des .dit .DNG .doc .docm .DOCX .dtd .dwg .DXF .dxg .edb .eml .eps .ERF .fla .flac .flvv .gif .groups .h .hdd .hpp .html .iif .INDD .java .jpe .JPEG .jpg .jsp .kdc .key .kwm .log .lua .m .m2ts .m4p .m4v .max .mdb .mdf .MEF .mkv .mov .mp3 .mp4 .mpeg .mpg .MRW .msg .nd .ndf .nef .nk2 .nrw .nvram .oab .obj .ODB .odc .odm .ODP .ods .odt .ogg .orf .ost .P12 .p7b .P7C .pab .pas .pct .pdb .PDD .pdf .PEF .pem .pfx .php .pif .pl .png .pps .ppt .PPTM .pptx .prf .ps .PSD .pst .PTX .pwm .py .qba .qbb .qbm .qbr .qbw .qbx .qby .qcow .qcow2 .qed .R3D .raf .RAW .rm .rtf .rvt .rw2 .rwl .safe .sav .sql .SR2 .SRF .srt .srw .stm .svg .swf .tex .tga .thm .tlg .vbox .vdi .vhd .vhdx .vmdk .vmsd .vmx .vmxf .vob .wav .WB2 .wma .wmv .wpd .wps .X3F .XLK .xlr .XLS .xlsb .xlsm .xlsx .yuv

After files with any of the above extensions are found and encrypted, the Ransomware appends a “.crinf” extension, to the back of the name of each file. Afterwards, the Ransomware Trojan deletes all Windows Shadow Volume Copies and disables Windows Startup Repair, preventing restoration of any files that are backed-up in this way.

Then, the Cryptolocker.AB Trojan may end the following processes on the PC:

• msconfig.exe
• cmd.exe
• regedit.exe
• rstrui.exe
• tcpview.exe
• procexp.exe
• procmon.exe
• regmon.exe
• wireshark.exe
• LordPE.exe
• filemon.exe
• procexp64.exe

That is also very dangerous, because that disables many options for the user to do modifications via System editor programs, Startup settings, Registry rules and etc. The user may not be able to gain much information about the malicious program, let alone delete all of its files without that information.

The following remote location is being set, to which the Cryptolocker.AB Trojan connects:

→[http://]qbstdn6k7iivyki2.onion.direct/lending/bot[***]

After all these actions are set and done, while users may not even notice them, the Ransomware makes itself known. It changes the desktop wallpaper on the compromised computer and displays a message box with a ransom note and instructions on how to pay the ransom.

Cryptolocker.ab-Cryptolocker-ab-ransomware-encrypt-decrypt-rsa-ransom-note-ransomnote

The initial price is 500$, and it doubles after only 12 hours. Do NOT pay it in absolutely ANY circumstance! There is no telling if the cyber criminals will even contact you back, let alone give you any decryption key.

All of the actions performed by the Cryptolocker.AB Ransomware are very dangerous as they can allow it to stay as long as possible on your computer and lock as much files as it can. You should remove it immediately, as it may continue to encrypt more files if left on your machine!

Remove Cryptolocker.AB Ransomware Completely

To completely remove the Cryptolocker.AB Ransomware Trojan from your computer, you should have at least minimal experience in removing viruses. It is highly recommended to first to back up all of your personal files that you value, no matter if it is encrypted. Afterwards, carefully follow the instructions provided here:

1. Boot Your PC In Safe Mode to isolate and remove Cryptolocker.AB Ransomware
2. Remove Cryptolocker.AB Ransomware with SpyHunter Anti-Malware Tool
3. Remove Cryptolocker.AB Ransomware with Malwarebytes Anti-Malware.
4. Remove Cryptolocker.AB Ransomware with STOPZilla AntiMalware
5. Back up your data to secure it against infections and file encryptions by Cryptolocker.AB Ransomware in the future
NOTE! Substantial notification about the Cryptolocker.AB Ransomware threat: Manual removal of Cryptolocker.AB Ransomware requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

After its removal, you might try recovering your files, using backups from an external device or cloud if you made such backups in the past. Another option is to try using decryptors that have worked with previous versions of the Cryptolocker Ransomware family, but know that the encryption of this version might be stronger!

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.