Jump to content

CTB Locker with Anti-Ransomware Beta


Recommended Posts

Hi, @Hercule8:
Welcome. :)
The behavior you describe sounds like a known bug that was reported with the first beta version (the ransomware is stopped, but the user still sees the "pop-ups" and dialog windows).
It's possible that it has not yet been fixed.
Alas, the original sticky topic about it appears to have been removed, so I cannot confirm that.
We'll need to wait for one of the staff members.
Having said that, if you really were infected with ransomware, you might want to get a bit of free, expert help cleaning up the system.

Such work is conducted in a separate forum area reserved for that work, or at the help desk.

If you'd like to proceed, I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue - the helper will guide you through scanning, cleanup and repair.


Link to post
Share on other sites

Hello Hercule8 and :welcome:

Please create the following files for developer analysis:

Create a ZIP file of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another ZIP file of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped files to your next reply.


Additionally, if the system has not been updated with MBARW (beta4), please manually download/install.

Thank you for beta testing MBARW and your feedback.

Link to post
Share on other sites

  • Staff

Hi Hercule8. Thanks for your report.

Please see what Nathan posted earlier about the ransomware notes.


I think it did quite well for beta 2 :) It stopped the 2 most popular ransomwares completely, and only allowed the last one to encrypt 2 files before it was found.
As for the ransomware notes, these will be dealt with later on, but the most important thing in this beta was protecting our users files.

Link to post
Share on other sites

  • Staff

Hi Hercule8. As daledoc1 mentioned, you may want to follow the steps outlined here and have one of the malware removal folks take a look.
Available Assistance For Possibly Infected Computers.
That being said, it might just be something as simple as changing your desktop background.
Right click on your desktop, select Personalize. Change to a theme you want to keep. The CTB-Locker theme file in use can be located anywhere, but it might be in your Documents folder.
If you click on the "Desktop Background" link on the lower part of the Personalization screen, it should show you the location of the CTB-Locker theme being used.

It should have a name something like this:

Decrypt All Files xxxxxxx.bmp where xxxxxxx are random letters.


As far as updating the program goes, have you tried downloading the latest Beta 5 posted in this topic and installing over the top of your current install?


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.