Solved CryptoLocker Virus / Malware

February 3, 2014 at 17:22:35
Specs: Windows XP
I have a family member who's computer just got infected with the CryptoLocker virus. The computer has been disconnected from the internet, turned off, and had all external drives unplugged. What would be my best course of action?

See More: CryptoLocker Virus / Malware

Report •

February 3, 2014 at 17:55:39
✔ Best Answer
If you know exactly where the virus is stored/what the virus has infected, you could boot Windows in Safe Mode and delete any files that you think might contain the virus.

Another option would be to download Malwarebytes or another AV program onto a flash drive (through a non-infected virus), put the flash drive in the infected computer, and run a full scan.

Other than that, there really isn't much you could do, besides wiping the HD and reinstalling Windows.

Just make sure you scan all other computers/external drives too just to be safe.

message edited by NT56erbx

Report •

February 3, 2014 at 19:20:43
CryptoLocker Ransomware Information Guide and FAQ

Make sure if you reinstall, you delete ALL partitions & format to NTFS.

XP - D to Delete the selected partition

Here are some examples of why you delete all partitions.

Report •

February 4, 2014 at 12:32:02
I boot to safe mode with command prompt. At a command prompt I type:
net user administrator /active:yes

If it returns command completed successfully, then I restart the computer and when it comes up to the login screen I pick the now unhidden admin account, which in most cases is not blocked out like the normal account. If this gives me access, then I run combo fix, and malwarebytes to remove the virus, restart, log back in under normal user and run some scans to make sure I have got rid of it, then rehide the admin account. cmd to bring up a command prompt: net user administrator /active:no

To err is human but to really screw things up, you need a computer!

Report •

Related Solutions

February 6, 2014 at 08:39:57
Re #1
"delete any files that you think might contain the virus"
Not sure how you would know, and if you delete the wrong ones you might be heading for Windows re-install anyway.

Always pop back and let us know the outcome - thanks

message edited by Derek

Report •

Ask Question