Jump to content

Post CBT Locker

xXDeltaXx
By xXDeltaXx
in Troubleshooting
 Share
Go to solution Solved by TDP_Equinox,

Yeah, he doesn't know how he got it - thinks maybe something from Alibaba.com... not sure if he fully understands how it will have been triggered.

Thanks for the help / confirming what I thought the situation is.

Don't forget to mark the topic as solved!

Posted

I guess this is the best place to ask...(?) Or, can someone be kind and move it to the best place ;)

 

I've got a work mate's laptop which has been infected with CTB Locker... any suggestions?

 

I had a read around before turning it on, and have killed any exe I could find from safemode with command prompt, then have installed a few anti malware / anti spyware programs & it seems that the infection is now gone. However, obviously, there's still a load of encrypted files.

 

I know that the OS is probably shot and will need a reinstall (Windows 8...), but I had hoped to try and get anything back that I could before wiping. Some files are not encrypted, so I'd hope that they are OK. I had heard (wrongly, it appears) that the encryption needed to create a duplicate which was encrypted, and then delete the old one - so a recovery program (Recuva for example) may be able to get said files back. Either Recuva isn't good enough, or that is not true in this case.

 

In short, can anything be salvaged? Can anything that has been encrypted be recovered? The files are ".bqfzddk" if that contributes anything useful... Yes, I am going to wipe and start a fresh.

 Thanks

 

Apple, Piss Off! ~ Linus 2014

No, you're not hallucinating, or maybe you are... either way, I'm back. ~ Linus 2015

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

This may help. CBT's are notorious for their difficulty to remove.

 

 

If no luck then boot through a linux live CD and delete the CTB locker files.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

My question is how do you even get CTB locker.

Very carefully my friend, very carefully. 

(Usually through different exploitations in websites, and clicking on really sketchy links)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

If they are actually encrypted, forget about it. They are gone. 

If they are just hidden, then you can easily get them back with a live linux distro. 

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

My question is how do you even get CTB locker.

By clicking without reading. So much freeware comes with stuff like this and people see free and just click click click without reading. 

 

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Yeah, he doesn't know how he got it - thinks maybe something from Alibaba.com... not sure if he fully understands how it will have been triggered.

Thanks for the help / confirming what I thought the situation is.

Apple, Piss Off! ~ Linus 2014

No, you're not hallucinating, or maybe you are... either way, I'm back. ~ Linus 2015

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

Yeah, he doesn't know how he got it - thinks maybe something from Alibaba.com... not sure if he fully understands how it will have been triggered.

Thanks for the help / confirming what I thought the situation is.

Don't forget to mark the topic as solved!

 

Spoiler

I7 4790K @4.5 Ghz 1.294V

VALIDATION, MSI Z97 Gaming 7, 24GB DDR3 1600, Asus Strix 1070 8GB OC@ 2.2Ghz, Corsair graphite series 760T (Black), Cooler master V850, NH-D15 w/LNA ,1TB Samsung 850 Evo,  480GB Sandisk Ultra II SSD, 3TB Seagate Barracuda x 3, 1 TB WD Passport (Backup drive), 2 TB WD Passport (Backup Drive 2),  Windows 10 Pro x64 (uhg), Logitech G900 Chaos (Main), Steelseries Rival (FADE) (Courtesy of Edzel Yago, Thanks Ed), Steelsieres Rival 300 Hyperbeast Special Edition, Coolermaster Quickfire TKL (MX Blue), Razer Blackwidow Tournament edition (Greens).  Audio: Sennheiser HD598 SE, Edifier S1000DB, AudioEngine D1 DAC; Yamaha MG06X Mixer & AudioTechnica AT2020.

 

Phones; Daily drivers: Nexus 6P 64GB/iPhone 6 (Music), Apple Watch, Apple AirPods.

Laptop: 2015 Macbook Pro 13, 8GB of RAM, 2.7Ghz i5, 240GB Apple SSD. 

 

Spoiler

Plex Server: i7 3770, Gigabyte Board, 16GB DDR3 1600, Asus Strix GTX 1050ti 4GB, 120GB SSD Boot Drive, 8 x 3TB Seagate Barracuda, Rosewill RSV-R4000 With 2 Rosewill Hot Swap 4x Backplane Bays, 1050 Watt Corsair HX Series PSU,Hyper T2, Windows 10 Pro 

 

I also do Youtube, check me out!

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×