can CTB locker be removed and files restored
Page 1 / 1
Hi linoasta and welcome to the community.
I am not an expert on this subject so here is my opinion:
While it may be possible to remove the CTB virus it would be extremely difficult to construct the private key necessary to decrypt the files. You notice I said difficult and not impossible. There is always some ambitious person out there to prove me wrong so “never say never”. I just would not count on it.
At present, your best bet is to restore files and or complete system from the backups you hopefully have created regularly and stored off-line.
There might be a possibility of restoring some files from shadow copies but I have not heard of too much success from that approach.
Regards,
Dave
I am not an expert on this subject so here is my opinion:
While it may be possible to remove the CTB virus it would be extremely difficult to construct the private key necessary to decrypt the files. You notice I said difficult and not impossible. There is always some ambitious person out there to prove me wrong so “never say never”. I just would not count on it.
At present, your best bet is to restore files and or complete system from the backups you hopefully have created regularly and stored off-line.
There might be a possibility of restoring some files from shadow copies but I have not heard of too much success from that approach.
Regards,
Dave
Hello linopasta,
Welcome to the Community Forum,
I would like to add to what Dave has suggested above if I may.
The first thing is not to attempt to reboot your system as I understand it is that each time one does that the malware will copy itself to a new name under the %Temp% folder and then create a new task scheduler job to launch it on login. So rebooting just increase the amount of work required to remove the infection components.
Run a scan with WSA and see if it picks up anything and if it does then let it undertake whatever actions it decides on. If that does not resolve the issue for you or if the scan comes up clean the please Open a Support Ticket ASAP to notify the Support Team so that the professionals can get involved and look to assist.
This service is free of charge to WSA users with a current/valid subscription.
Also, do you have a recent backup of your files or a recent image of your disk? If you do then please make sure that you mention it in the Support Ticket as that will help the Support Team in terms of the options they have for remediation of the issue.
Best Regards,
Sherry
Welcome to the Community Forum,
I would like to add to what Dave has suggested above if I may.
The first thing is not to attempt to reboot your system as I understand it is that each time one does that the malware will copy itself to a new name under the %Temp% folder and then create a new task scheduler job to launch it on login. So rebooting just increase the amount of work required to remove the infection components.
Run a scan with WSA and see if it picks up anything and if it does then let it undertake whatever actions it decides on. If that does not resolve the issue for you or if the scan comes up clean the please Open a Support Ticket ASAP to notify the Support Team so that the professionals can get involved and look to assist.
This service is free of charge to WSA users with a current/valid subscription.
Also, do you have a recent backup of your files or a recent image of your disk? If you do then please make sure that you mention it in the Support Ticket as that will help the Support Team in terms of the options they have for remediation of the issue.
Best Regards,
Sherry
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.