Remove CryptoLocker Virus

By | Posted on September 9, 2013 | Last updated on June 5, 2014

CryptoLocker is a virus, Trojan, or malware on one code that attempts to seek money from computer users. This kind or computer infection can be considered as ransomware. However, it will not lock the computer and demands for payment to obtain the unlock code. CryptoLocker encrypts entire files on the infected computer and requires user to get the private key that is needed for decryption. What also differentiates CryptoLocker from other ransom virus is its time-based destruction of key. Failure to pay the private key on specified time will destroy the key from the server. It simply means, there is no way that you can unlock all affected files on the computer.

CryptoLocker message states the following:

“Your personal files are encrypted! 

Your important files encryption produces on this computer: photos, videos, documents, etc. Here is a complete list of encrypted files, and you can personally verify this.

Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files, you need to obtain the private key.

The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files…

To obtain the private key for this computer, which will automatically decrypt files, you need to pay 100 USB / 100EUR / similar amount in another currency.
Click Next to select the method of payment and the currency.

Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server.”


As you can see, author of CryptoLocker virus intends to collect money by locking files on the infected computer. Whether or not the content of the window is true, we still do not encourage paying for the private key to be able to resolve the issue. First you need to remove CryptoLocker from the computer. Then, decrypt all files with valid tools.

Other Detections:

Different anti-virus and anti-malware programs may name this threat according to their patterns. Here are some detection names: Trojan.Cryptolocker.F

How to Remove CryptoLocker Ransomware

Stage 1: Scan the Computer with ESET Rogue Application Remover (ERAR)

1. Download the free scanner called ESET Rogue Application Remover.
Download Link for ERAR (this will open a new window)

2. Choose appropriate version for your Windows System. Save the file to a convenient location, preferably on Desktop.

3. After downloading the file, Windows will prompt that download has completed. Click Run to start the program. Another option is to browse the location folder and double click on the file ERARemover_.exe.


4. On ESET Rogue Application Remover SOFTWARE LICENSE TERMS, click Accept to continue.

5. The tool will start scanning the computer. It will prompt when it finds CryptoLocker and other malicious entities. Follow the prompt to proceed with the removal.


Stage 2: Double-check for CryptoLocker’s leftover with Microsoft’s Malicious Software Removal Tool

1. Download the free scanner called Malicious Software Removal Tool.
Malicious Software Removal Tool Download Link (this will open a new window)


2. The tool automatically checks the operating system and suggest appropriate download version. Click on Download button to begin. Save the file to a convenient location, preferably on Desktop.

3. After downloading the file, Windows will prompt that download has completed. Click Run to start scanning for CryptoLocker. Another option is to browse the location folder and double click on the file to run.


4. The tool will display Welcome screen, click Next. Please note the message “This tool is not a replacement for an antivirus product.” You must understand that this program is made specifically to find and remove malware, viruses, Trojans, and other harmful elements on the computer. It was not designed to protect the computer.


5. Next, you will see Scan Type. Please choose Full Scan to ensure that all CryptoLocker entities and other harmful files left on the computer will be found and removed. For advanced computer user, you can opt for Customized Scan, if there are other drives or folders you wanted to include in this scan.


6. Full scan may take a while, please wait for Malicious Software Removal Tool to complete the tasks. However, you may cancel the scan anytime by clicking on the Cancel button.


7. After scanning, the tool will reveal all identified threats. There may be other threats that our first scan fails to detect. Please remove/delete all detected items.

8. When removal procedure is complete, you may now close Malicious Software Removal Tool. We hope that CryptoLocker have been completely deleted from the computer. Please restart Windows to proceed with the normal operation.

Stage 3 : Unlocking files that were encrypted by CryptoLocker

1. Download the program Panda Ransomware Decrypt.
pandaunransom.exe Download Link (this will open on a new window)

2. Save the file to your hard drive, Desktop, or any location.
3. Once the download completed, double-click on the file pandaunransom.exe to run it.
4. You will see Panda Ransomware Decrypt program. Please refer to the image below.


5. Next, use Windows Explorer or My Computer to make a folder “PandaTest” and copy some of the encrypted files into this folder.

6. Go back to Panda Ransomware Decrypt program and click on Select Folder button. Select the newly created folder PandaTest.

7. Click on START button to begin. Process may take a while, please wait until it is completed.

8. If you were able to decrypt contents of the PandaTest folder, you may run the tool on all the affected files and folders on the computer.