Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

Watch Out For This Ransomware!

Saturday, February 14th, 2015 by | Filed Under: Security Help

Linda from New York asks,

I have been receiving Steve’s tips for about 15 years and I am sure this has been addressed but I don’t know when. I have a ctb-locker virus and I would like to know how you would handle it.

Hi Linda, thanks for being such a loyal reader!

CTB locker is a nasty form of malware in the form of ransomware. Infections by this malware are currently on the rise. This is most often sent in spam emails with attachments, similar to the one below. It’s also shown up on false messages appearing to warn you that Google Chrome is out of date. This is where we once again give the advice to NEVER click on attachments from emails you don’t recognize.


The malware will encrypt your files and won’t let you into those files unless you pay the ransom. It will copy itself into the %temp% folder with a random, 7 character name, as well as set up a scheduled task to execute itself at system startup.  Once files are encrypted, you’ll get a pop up that gives you a countdown and demands a ransom in bit coins. It seems the ransoms are for 2-3 bitcoins, which is equal to up to $750 US dollars! The malware also changes your background image to show the same ransom warning.


The issue is that this is not a joke or a scam, and the files are truly encrypted. Once encrypted, there is not a lot that you can do to recover the files. We certainly don’t advise to pay the ransom, as that will just finance further operations by the creators, and doesn’t even guarantee your files will be decrypted. After all, you are relying on the trustworthiness of the creators of a major form of malware!

First things first, you need to run a malware scanner and antivirus scanner if you find yourself infected. Make sure to remove any infected items it finds. However, even after the infection is removed, the files are still encrypted. There are a few methods you can try to get your files back.

First, and best, restore from a recent backup. Hopefully, you keep a regular backup of all your files. In the case of this infection, this is the best, and possibly only, way to recover your files.

You may also find success with a system restore, if this is set up on your computer. Remember, this will restore to a previous state, so if you’d made some major changes before this restore point, you may lose some of your data. You may also find some success with previous versions of files. But keep in mind, ctb locker will attempt to erase these files as well, so you may not be able to do this with all your files.

Of course, prevention is the key to avoiding all this headache. Here are some tips to avoid infection:

  • Avoid unsolicited links or attachments in emails.
  • Use caution when dealing with unfamiliar files and websites.
  • Only download software from official websites.
  • Keep operating systems, antivirus, and antimalware software up to date.
  • Perform regular back ups of your files and system.

~ Audra


Tags: , , ,

7 Responses to “Watch Out For This Ransomware!”

  1. Jose Caceres says:

    Can’t these forms of malware be removed by hand? Also, is the procedure the same for adware that pops up at a certain time every day? To be specific, I get a pop up page every 12 hours telling me that my video player/adobe player/reader, is out of date and that I should upgrade. Sometimes it is invitations to online games. Often, the only way to close the page is to force a shut-down on my pc and it is very frustrating to say the least. I hope you can help me.

    • audra says:


      Ransomware is different than adware. The infection itself can be removed with a scan using an antimalware program. The problem is removing the infection doesn’t help in any way with your files.

      In your case, I’d suggest downloading a free malware scanner, such as Malwarebytes, to see if there are any infections. If it’s popping up that adobe player needs updating, that may be a valid request to update if it is that regular, they do roll out updates regularly. You can check if you have the latest version by going to this website:

  2. Mike says:

    You say to try System Restore. This may remove the infection by going back to before it entered your system, but System Restore will not bring back data files, nor will it clean out the infection residing within your data files. So what is gained?

    • audra says:


      You are correct that it will not restore your files, but restoring will clean out the infection in your system files as it will restore them to a previous state. That way it will not affect the computer on a restart.

  3. markj says:

    I am sorry Audra but have to disagree with your advice in this case. The need to restore your files and the likelihood of not get all of the infection makes a wipe and rebuild the best option in a case like this, in my opinion.

    • audra says:

      For someone with little technical knowledge, this would be a daunting task. I agree, it is probably the best way, provided you have good back ups and knowledge of how to do it. But lots of people would not feel comfortable starting from scratch, nor would be willing to pay someone to do so. This gives them the option of attempting to solve it themselves. Thank you, though, for the input!

  4. […] There’s a lot of stuff going on right now that you need to look out for. Recently a co-worker of my husband’s fell victim to the dreaded CryptoLocker ransomware. […]

Leave a Reply

Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.

Enter Email Address:


Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup

Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive