The best way to deal with computer viruses is to avoid getting them in the first place. Even though you might not be able to prevent that from happening all the time, you can certainly greatly reduce the chances you do get one (which is certainly preferable to getting the virus and attempting to remove it).
Here are the steps to take to protect yourself from CryptoLocker:
1. The best thing you can do is avoid running executable files from any unknown sources.
2. If people use your computer who don’t know how to identify these files, then you should use the Windows Group or Local Policy Editor to create Software Restriction Policies. These policies prevent executable files from running when they happen to be located in certain areas on your computer.
These are the following paths used by the CryptoLocker virus:
- C:Users<User>AppDataLocal<random>.exe (Vista/7/8)
C:Documents and Settings<User>Application Data<random>.exe (XP)
C:Documents and Settings<User>Local Application Data<random>.exe (XP)
- 3. If you don’t know how to do this manually (it’s kind of a pain to do), then you can download a tool from Foolish IT, LLC, that does it automatically by visiting:
How Do you Know if You have CryptoLocker?
Somewhat on the bright side, it’s very obvious when you do get it (not all virus infections are obvious).
CryptoLocker is a “ransomware” program that affects all common versions of Windows – XP, Vista, 7, and 8. It encrypts your PC’s files with RSA and AES encryption, and when that’s finished you get a big popup window.
That window tells you that you must pay $100 – $300 to have your files decrypted, and that you have 4 days to pay the ransom or the encryption key will be deleted and you will lose access to your files forever.
Interestingly, paying the ransom does decrypt your files, but some users do report that at least some of their files do not get decrypted.
If You Do Get this Virus…Do This
First, disconnect your computer from its network. That way, CryptoLocker won’t be able to further encrypt more files.
Decrypting the files it encrypts doesn’t work because it takes way too much time to break the encryption key.
You can do one of three things:
- Restore your files from a backup (make sure you have multiple backups available, including both your entire system image and a basic file backup)
- Pay the ransom (but why help out the bad guys?)
- Quickly contact a PC repair professional to help you
Yeah, it’s a terrifying virus, but fortunately you’re not helpless to protect yourself from it.