Cryptolocker Virus (Decrypt and Removal for Ransomware)


This page aims to help you with the removal of the Cryptolocker Virus. A method to decrypt Cryptolocker Ransomware exists, but it is in no way a sure thing.

Important! Read this!

Cryptolocker Virus is computer virus of the most feared and despised variety – Ransomware. It is easily distinguishable by the strange extension it places on your files, basically rendering them unreadable and also by the message it would post on your desktop. This message demands an amount of money as ransom, as well as the payment details required to get a decryption key.

In this article we are going to do our best to shed some light on Cryptolocker Virus and explain why it is a bad idea to pay the ransom. Of course, extensive removal instructions are included, as well as a possible path to recovering your files.

Cryptolocker Virus (Decrypt and Removal for Ransomware)

Cryptolocker Virus Removal


Name Cryptolocker Virus
Type  Ransomware
Danger Level High
Symptoms Your files are locked away and the key is hidden away.
Distribution Method Look out for a possible Trojan horse after you have dealt with the Ransomware threat.
Detection Tool


If the removal guide helps you, remember: a thank you in the comments goes a long way to warm our hearts!
1: Enter Safe Mode.
2: Remove Cryptolocker Virus from your system.
3: Permanently delete Cryptolocker Virus from Task Manager’s processes.
4: Uninstall the virus from Regedit and Msconfig.

What you will be dealing with:

In fact there are very distinct similarities between the two main branches of Ransomware and not many people know about them or make the actual distinction. This is an important point to make and for our readers to remember, so read carefully.

  • Some time ago most of what was considered Ransomware was more on the pretentious side than on the real encrypting side. Relying more on scaring the affected user than anything else, these types of ransomware applications would lock a user’s desktop screen with embarrassing pornographic or some other type of compromising pictures or messages. Counting on the panic that would inevitably creep in while the incensed users is feverishly trying to find out how to unlock their screens, the criminals would demand that a SMS message be send to a specific number. This in return would grant the sender a reply with instructions on how to fix their problem. Of course, that number would surely be with premium rate taxing, so you could realistically be spending a lot of money to get rid of something that could relatively easily be dealt with.
  • Unfortunately Cryptolocker Virus belongs to the second major type of Ransomware software – the one that really encrypts your files. Once found its way inside your computer, this beast of a malware will comply a list of your most often accessed personal files and will start encrypting them. When finished your only hope of getting them back appears to be paying the ransom demanded – or waiting for a someone to crack open Cryptolocker Virus’s code and find a solution. Fortunately, there’s also a third option that we are advocating, as it will be the most likely successful solution to your problem.

Are there alternatives?

To paying the Ransom? Sure, there are. Yet we will in no way pretend like it is not a tough decision to make. Nor would we say that you should never ever pay the ransom. This is strictly depending on the individual’s case and we hate to generalize. Yet we will state this – it is our opinion that you should only pay as a last possible solution. We strongly condemn the ransomware blackmail scheme and urge you not to support it by paying money that would better serve you otherwise.

Ransomware is disturbingly blooming into quite the industry, with millions of dollars in revenue. The only way for you to combat this notorious criminal activity is by refusing to cave to their demands.

Having stated that we would like to be very clear – there is no guarantee that the method we are going to describe will work for all affected users. In fact that depends a lot on how much time has passes since Cryptolocker Virus infiltrated your system. We can ensure you though that regardless of what you may have heard or read, this method will not endanger or otherwise compromise your files an you’ll always have the option to pay as a last resort.

Remove Cryptolocker Virus

Cryptolocker Virus (Decrypt and Removal for Ransomware)

Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.

Cryptolocker Virus (Decrypt and Removal for Ransomware)

The first thing you absolutely must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Cryptolocker Virus may have hidden some of its files and you need to see them.

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Cryptolocker Virus (Decrypt and Removal for Ransomware)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the Start Menu, type “Control Panel” in the search box —> Enter. Network and Internet —> Network and Sharing Center —> Change Adapter Settings. Right-click your Internet connection —> Properties.

In Networking, left click Internet Protocol Version 4 —> Properties. If everything is normal, your window will look like this:

Cryptolocker Virus (Decrypt and Removal for Ransomware)

If it’s not, click on the two “automatic” choices. NOTE: If you are in a domain network, contact your Domain Administrator so he can make these settings, or this may break your Internet Connection.

Cryptolocker Virus (Decrypt and Removal for Ransomware)


Dear reader, the next section of our removal instructions should be considered especially tricky, absolutely necessary, and somewhat dangerous if not executed properly. You will need to complete the next few steps to ensure the complete and full removal of Cryptolocker Virus. Yet you will need to navigate through and alter important operating system files. Any mistake while doing that, even if seeming small one, might lead to considerable and even disastrous consequences for your computer.

For that reason we urge you to think long and hard before continuing with our manual removal instructions. If you don’t feel ready to try this on your own, it is probably better to consider an alternative solution. That solution might be downloading and using a professional anti-malware scanner and remover, which would also ensure you have protection from future threats as well.


Cryptolocker Virus (Decrypt and Removal for Ransomware)

Right click on each of the virus processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.

Cryptolocker Virus (Decrypt and Removal for Ransomware)

Type msconfig in the search field and hit enter. A window will pop-up:

Cryptolocker Virus (Decrypt and Removal for Ransomware)

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.

    1. Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.
    2. Type %temp% in the Windows Search Field and delete all the files in the folder you are transported to.

Remember to leave us a comment if you run into any trouble!

Cryptolocker Virus (Decrypt and Removal for Ransomware)

How to Decrypt files infected with Cryptolocker Virus

NOTE! Please pay attention that we do not in any case guarantee this will work. You will find that older versions of the virus were tackled and eventually beaten (there were decryptors for a time), but every time the virus came back stronger. There is no way to find out which version is on your PC, and we want to make clear that the decryption method is purely theoretical – it may, or may not work.

There is only one known way to remove this virus successfully – reversing your files to a time when they were not infected. There are two options you have for this:

The first is a full system restore. To do this type System Restore in the windows search field and choose a restore point. Click Next until done.

Cryptolocker Virus (Decrypt and Removal for Ransomware)

Your second option is a program called Recuva

Go to the official site for Recuva and download it from there – the free version has everything you currently need.

When you start the program select the files types you want to recover. You probably want all files.

Next select the location. You probably want Recuva to scan all locations.

Now click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish – maybe even several hours if your HDD is really big, so be patient and take a break if necessary.

You will now get a long list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Found an alternative solution? Share your feedback with us so we can help other people in need!


About the author


Bert L. Jackson

Bert L. Jackson has more then 13 years in the Cyber Security Industry consulting and collaborating. Distinguished for an entrepreneurial mindset, creative problem solving, cross-functional teams and a bottom-line orientation.

Leave a Comment