Jump to content

Removal of Torrentlocker (calling itself Crypt0l0cker)


Muskar
 Share

Recommended Posts

Hey.

My grandfather managed to get himself a torrentlocker through the website postdanmark-portal.com.

I managed to get to him and disallow admin rights to the malware application, so it couldn't destroy shadow copy files. Thus I could just use Shadow Explorer to recover all important files (since he hasn't done any backups or anything).

But I'm having some difficulty removing the virus itself. I tried using Malwarebytes free version, but I don't think it found it, because it still launches on startup (I wasn't there to see the finished scan result, so I'm not 100% sure).

I found an article on this exact virus (although in Danish, but you can probably google-translate it):
https://www.csis.dk/da/csis/news/4726/
https://translate.google.com/translate?hl=en&sl=da&tl=en&u=https%3A%2F%2Fwww.csis.dk%2Fda%2Fcsis%2Fnews%2F4726%2F

I'm going to try and find the registry keys for the virus. Especially this, if it's there:
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsCurrent\Version\Run *random name*
 

That will hopefully lead me to the location and name of the executable, so I can remove it.

If this works, do you have any advice on what I should do to remove the rest of the virus, or if it matters? And if it doesn't work, what else can I try?

For anti-virus he has AVG Free on his computer btw.

Link to post
Share on other sites

I found the program in HKEY_CURRENT_USER instead of HKEY_LOCAL_MACHINE but I removed it, and the program it linked to. After rebooting, there was no sign of it, so at least the computer is usable again. I suspect that there's still minor files or regedit leftovers from the malware.

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.