How to remove and prevent CTB Locker Virus
09:34:00 | 09-04-2015

Question:

Recently, I find there is a virus type named CTB Locker that is rapidly spreading on Internet. Please explain about this virus and how to prevent and remove it?

Answer:

Data-encrypting Ransomware CTB Locker is a new variant of CrytoLocker malware type, its method is to send spam emails with attached .zip file to users. After opening files, users' computers are controlled, data files (Word, Exel, PDF etc…) are encrypted and cannot open. At the same time, notifications appear on the computer screen of victims and demand a ransom to decrypt these files.

CTB-locker

Notification for ransom to decrypt the affected files

According to Bkav's statistics, encrypted data cannot be restored because hackers use the public encryption algorithm and the secret key for decryption only stored on the server of hackers.

                Remove and prevent CTB Locker with Bkav Pro

To remove and prevent CTB Locker, users need to register and install the licensed Bkav IS antivirus software. Only Bkav IS automatically protects users' computers with the smart detection function of Anti Ransomware

CTB_locker_2

Warning of CTB Locker via Anti Ransomware technology of Bkav IS

Anti Ransomware technology of Bkav IS has ability to protect users against data-encrypting Ransomware types without the need of identification samples. The technology monitors most changes of data files and promptly prevents abnormal behaviors such as file rename, data encryption. Anti Ransomware technology will prevent damages of malware spreading recently such as CryptoLocker or CTB Locker.

Besides, Bkav recommends "Users do not absolutely open attached files from unknown emails. In case, it must be open to see the content, users can open files in the isolated environment of Safe Run"

                Remove CTB Locker with Bkav Ransomware Scan tool

If users' computers have not been installed Bkav IS antivirus software on computers, Bkav also updates the method to remove CTB Locker into its tool named Bkav Ransomware Scan. This tool can run to scan and remove CTB Locker without the installation.

To remove CTB Locker on computers with Bkav Ransomware Scan, please take steps below:

Step 1: Download Bkav Ransomware Scan from the link: http://www.bkav.com.vn/download/BkavRS.exe

Step 2: Run the downloaded BkavRS.exe file and select the folder to scan.

Step 3: Select Scan

CTB_locker_3

Step 4: To restore data encrypted by CTB Locker, users can use ShadowExplore tool. Firstly, download this tool from the link: http://www.shadowexplorer.com/uploads/ShadowExplorer-0.9-portable.zip

With ShadowExplore, users can restore old data that Windows created copies but cannot restore new data file that have been repaired. ShadowExplore runs based on System Restore feature of Windows. Windows operating system always defaults to turn on System Restore on Windows driver disk (often Disk C), and with other disks if users do not turn on this feature, it cannot be restored.

Step 5: After downloading, extracting and running this tool, please select the disk and the time to restore.

CTB_locker_4

Step 6: Please right click the folder or file to restore and select "Export"

CTB_locker_5

In addition, to protect data automatically on computers, users should install licensed Bkav IS.

Bkav