"Your personal files are encrypted by CTB-Locker."
How do I get rid of CTB-Locker ???
Hi Itann2848
Welcome to the Community Forums.
Sorry to hear that you have fallen foul of this particularly nasty malware.
These infections are extremely difficult to resolve/reverse due to the level of encryption that is used, which mkaes in in most cases virtually impossible to restore the files without a decryption key.
Now whilst WSA very often intercepts/blocks the malware before it can do its damage, it is the case that new variants are released all of the time and like anything being able to keep up or ahead of them is not always possible, which unfortunately means that new variants are able to infect a number of customers before the Webroot Threat Researchers can create detection rules for them.
These infections are extremely difficult to remediate due to the NSA-level encryption that is used. This makes it virtually impossible to restore the files without a decryption key. If the damage has already been done, the best advice we can give firstly try to limit the number of reboots that you do as some variants are known to multiple the places infected, so as to make it difficlut for removal/cleanup, if and when it can take place.
The second thing to do is to Open a Support Ticket ASAP, to notify the SupportTeam so that they can see if there is any assistance they can provide. WSA will, if a file or app is detected as executing and it cannot determine whether it is 'good' or 'bad', switch on monitoring of that file/app. This means that WSA will journal all that app/file activities unitl such time as a determination is made.
If 'good' then the journalling stops. If 'bad' WSA will try to roll back the actions of the file/app on your system based on what it has journalled. I do not know the circumstances or where yo are in the cycle but contacting Support will aloow them to check on this and if journalling is occuring them may (and I stress the 'may') also be able to initiate a rollback manually. This is not a given and needs to be checked out with them so please open the support ticket ASAP.
Hope that helps?
Regards, Baldrick
Welcome to the Community Forums.
Sorry to hear that you have fallen foul of this particularly nasty malware.
These infections are extremely difficult to resolve/reverse due to the level of encryption that is used, which mkaes in in most cases virtually impossible to restore the files without a decryption key.
Now whilst WSA very often intercepts/blocks the malware before it can do its damage, it is the case that new variants are released all of the time and like anything being able to keep up or ahead of them is not always possible, which unfortunately means that new variants are able to infect a number of customers before the Webroot Threat Researchers can create detection rules for them.
These infections are extremely difficult to remediate due to the NSA-level encryption that is used. This makes it virtually impossible to restore the files without a decryption key. If the damage has already been done, the best advice we can give firstly try to limit the number of reboots that you do as some variants are known to multiple the places infected, so as to make it difficlut for removal/cleanup, if and when it can take place.
The second thing to do is to Open a Support Ticket ASAP, to notify the SupportTeam so that they can see if there is any assistance they can provide. WSA will, if a file or app is detected as executing and it cannot determine whether it is 'good' or 'bad', switch on monitoring of that file/app. This means that WSA will journal all that app/file activities unitl such time as a determination is made.
If 'good' then the journalling stops. If 'bad' WSA will try to roll back the actions of the file/app on your system based on what it has journalled. I do not know the circumstances or where yo are in the cycle but contacting Support will aloow them to check on this and if journalling is occuring them may (and I stress the 'may') also be able to initiate a rollback manually. This is not a given and needs to be checked out with them so please open the support ticket ASAP.
Hope that helps?
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.