Jump to content

CTB2 infection help please

Recommended Posts


Dont realy know how and when, but alot of my .txt and .jpg files where corrupted by virus or something, which added .ctb2 extension and renaming them back doesnt help.

I scaned my pc with antivirus and MBAM and didnt find anything exept registry key:


which was put to quarantine


but the bigest problem now is that i have hundreds of corrupted files.

Please help



Link to post
Share on other sites


Looks like we have some new variant of ransomware here... Can you please zip some of your files and attach them to your next post? Or upload it to dropbox and provide me a link?

I'm currently doscussing it with a developer to find a possible solution.

Link to post
Share on other sites

Yes, its a Ransomware, i found some txt files with instructions to decryptor

but i am trying to recover files using data recovery software, wich is helping, but dont realy know how much because it doesnt recover original filenames and so far recovered 15k files and most of them were not corrupted and are fine, but so far i did find some that were corruped and deleted so theres hope.

here are 2 files of both corrupted and original versions





Link to post
Share on other sites

Your documents, photos, databases and other important files have been encrypted
with strongest encryption and unique key, generated for this computer.

Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.

If you see the main locker window, follow the instructions on the locker.
Overwise, it's seems that you or your antivirus deleted the locker program.
Now you have the last chance to decrypt your files.

1. Type the address http://torproject.org in your Internet browser.
   It opens the Tor site.

2. Press 'Download Tor', then press 'DOWNLOAD Tor Browser Bundle',
   install and run it.\

3. Now you have Tor Browser. In the Tor Browser open the http://5ibpimzptwzjgbny.onion
   Note that this server is available via Tor Browser only.
   Retry in 1 hour if site is not reachable.

4. Copy and paste the following public key in the input form on server. Avoid missprints.
5. Follow the instructions on the server.


Link to post
Share on other sites

there wasnt any screen-locker, maybe because i stoped it. i downloaded this virus and executed myself, its was a setup.exe in a game, and there was a process which used lots of recourses so i ended it after few mins and only later realised what happened

Link to post
Share on other sites

Well, I guess so. Maybe this will teach you not to download any games from torrents... As you see, they may contain some small surprises. If I will know anything about decrypter, I'll let you know.


For now on, the only one thing I can propose is to check your current system state in search for malware. 

Link to post
Share on other sites

Hi Nostromo.
Unfortunately you got hit by a new Critroni variant, as described here:
At this moment the decrypter for the files is unknown. Developers will work, but it would take a lot of time.
Some methods to try may be found here: http://www.bleepingcomputer.com/virus-removal/ctb-locker-ransomware-information
but I doubt if they will be very helpful.
Sorry, nothing more I can offer at this moment.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.