How to remove CTB Locker or Critroni Ransomware and learn to restore your files

CTB Locker or Critroni is a file-encrypting ransom, which was published on July, 2014. Recently, the malware is active and catching again. It has made users troublesome to deal with the problem. Many users complain that they even hardly can work normally with the locked files. This essay will introduce some basic knowledge about CTB Locker or Critroni ransom and how to restore your important files usually.

Introduce to CTB Locker or Critroni Ransomware

CTB Locker or Critroni is a notorious ransom aiming to deceive customers’ money through encrypting the files. Unlike adware, this type of ransom malware poses a huge threat on our life. It makes locked files useless. What it worse, there is no way to recover the files encrypted unless you pay for the cybercriminal. This forcing behavior is illegal and has negative effect on our daily life. As the features of CTB Locker or Critroni, personally, precaution is much more significant than finding a way to recover the locked files after removing the virus.



CTB Locker or Critroni targets all versions of Windows system. It uses new encrypting technologies, such as elliptical curve cryptography, which has few opportunities to decrypt. Furthermore, the malicious ransom can communicate with the Command and Control server over TOR, which is anonymity online used by cybercriminals. When your computer is infected, the malware will perform its program automatically and scan your full disk before encrypting your files. Each time you restart the machine and it will create a new file name under the %temp% folder and continue a next task. In the certain situation, a pop-up box linked to the domain of remote attacker is onto your screen, which promotes you to pay for the decrypting keys. The capital required is about $120 and I do not think it is accepted by most of victims.

Against CTB Locker or Critroni Ransomware from its spread approaches

CTB Locker or Critroni ransomware often infects computer through spam emails or some freebies downloaded from third-party platforms. So I suggest that the computer users should not open suspected email or open downloading files without antivirus scan. In addition to the two ways, CTB Locker or Critroni Ransomware can hide itself in some advertisements whose hyperlinks connect to malware’s domain. Please be careful about informal ads.

Restore your files by using native Windows features

To restore the files usually is an effective way to prevent the malware. In general, there are two convenient methods to operate. One is by using mobile HDD (hard disk drive). The other is by using native Windows features. At the following steps, I have emphasis on the second method.

Right-click on the file→go into Properties→select the Previous Versions tab. This tab displays all copies of the file that have been stored and the date they were backed up as shown in the image below.

Then select the file you want to restore and the files restore to the previous version.

Remove CTB Locker or Critroni ransom manually

Step 1: reboot your computer into safe mode.

And then, please wait the loading until the system enters into safe mode.

Step 2: click on ‘start’ and input ‘regedit’

Step 3: find HKEY_MACHINE, enter it and select the two files like the screenshot and delete them.

Step 4: return to the desktop, delete the remnants.

Step 5: input ‘%temp%’ in the search box under the ‘start’ menu.

Step 6: select all items in the box and remove them.

Step 7: finally, restart your computer into normal mode.

How to remove CTB Locker or Critroni ransom with SpyHunter?

Step 1: Please click this download icon below to install SpyHunter.

Step 2: Now, I will help you install SpyHunter step by step.
After you finish downloading, perform the file and click ‘Run’ icon.

Then accept the license agreement and click on ‘Next’.

Next, the setup process will perform automatically until it finishes.

 

Finally, you should start the antivirus and scan your computer completely.

 

If you find threats below, delete them.

 

Besides the elimination of infected files and virus, sweep away registries is also significant, which can prevent the virus from recovering. Aiming at this point, you could select Recgure Pro, Recgure Pro can optimize your RAM and clear useless registry entries in order to ensure your computer in a safe situation.

Step 1: click the hyperlink below to down load Recgure Pro.

Step 2: install the Recgure Pro.
After you finish down loading, click ‘Run’ button, press ‘Next’ button and accept agreement. Next, the installation will perform automatically.

When you accomplish installation, run scan with the software and delete the threats listed.

Final tips:

I will give you more information about the CTB Locker or Critroni ransom which is helpful to delete the malware manually.

Associated CTB Locker Files:

%Temp%\.exe
%MyDocuments%\AllFilesAreLocked .bmp
%MyDocuments%\DecryptAllFiles .txt
%MyDocuments%\.html
%WinDir%\Tasks\.job

File Location Notes:

%Windir% refers to the Windows installation folder. By default, this is C:\Windows for Windows 95/98/ME/XP/Vista/7/8 or C:\Winnt for Windows NT/2000.

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\\AppData\Local\Temp in Windows Vista, Windows 7, and Windows 8.

%MyDocuments% refers to the Documents folder for your user profile. By default, this is C:\Documents and Settings\\My Documents\ in Windows 2000/XP. For Windows Vista, Windows 7, and Windows 8 it is C:\Users\\Documents\.

Associated CTB Locker Windows Registry Information:

HKEY_CURRENT_USER\Control Panel\Desktop "Wallpaper" = "%MyDocuments%\AllFilesAreLocked .bmp" 

If you cannot resolve the problem yet, leave a message to me or download the SpyHunter and Recgure Pro, which can help you as soon as possible.