Danger level:  
  (99/100)

TorrentLocker ransomware virus. How to delete? (Removal tutorial)

removal by Ugnius Kiguolis - - | Type: Ransomware
12

TorrentLocker and everything you need to know about it

By ransomware standards, TorrentLocker virus is a relatively old parasite. It came to the security experts’ attention back in September 2014 and has undergone several updates since then. The virus analysts managed to crack TorrentLocker’s code a year after its release. Unfortunately, last year, the hackers updated the virus once more, leaving another puzzle for the experts to decrypt. Besides, a closer look at the virus has revealed that the new parasite version is a derivative from the infamous ransomware known as CryptoLocker. Due to these relations, the new TorrentLocker has been dubbed simply Crypt0l0cker. In fact, the trend of creating CryptoLocker-based viruses is currently very active, and some experts believe that it might even signal the revival of this virus, though it was thought to be defeated some time ago. So, it would not be surprising if TorrentLocker would actually be one of the new CryptoLocker versions.

Talking about the TorrentLocker specifications in more detail, we should first note that it uses an RSA-2048 encryption algorithm to render victim’s data unreadable. This algorithm is very complex and has even been used for military purposes. Thus its decryption is a highly unlikely option. Sadly, this is exactly what the hackers are looking for. They use this advanced code to encrypt user’s photos, media files, archives and other data so they could ask money from the victims who desperately need to recover it. Extortionists lay down their demands in the DECRYPT_INSTRUCTIONS.html file or How_to_Restore_Files.html and How_to_Restore_Files.txt in the latest Crypt0l0cker variant. Of course, the content of these notes applies a high level of scare tactics and social engineering practices to convince the users into paying the ransom. The victims are put under a time limit and are being threatened that if they don’t follow the demands, they will lose their files forever. Then they order the victim to send 550 USD worth of Bitcoins into their Bitcoin wallet account and promise to give up the decryption key once the transaction is made. Needless to say, any collaboration with the criminals is risky, and none of their promises should be taken for granted. In fact, the safest option is to remove TorrentLocker from the computer using Reimage or similar professional antivirus software.

TorrentLocker and its follow-up versions are controlled over the so-called Command & Control server which means that the virus cannot start encryption unless the computer is connected to the network. This is a flaw that can be used to prevent the virus attack. Unfortunately, practice shows that even with these vulnerabilities, the infection still manages to attack unsuspecting users. For instance, the virus was initially aimed at Australian users but quickly spread to Europe and Asia. This was made possible by a malicious distribution technique which allowed the criminals to exploit names of the famous companies and deliver deceptive spam emails directly to the potential victim’s email inboxes. The victims unknowingly downloaded a malicious file called explorer.exe and ran it on their computers unsuspecting that they are actually activating the virus. If you have gone through this process already, get on with the TorrentLocker removal immediately!

How is Torrent Locker distributed?

As we have already mentioned, Torrent Locker is being circulated mainly via spam emails. The victims targeted by this virus receive emails that indicate they were sent to you from some institution, say telecommunication company such as the Swedish Telia. Such emails will be called something like “Invoice from Telia” and feature a name of the recipient automatically generated at the beginning of the fake email. The scammers will continue by providing a link which leads to an Internet domain that imitates official website of Telia or other company in question. On this site, the victim will be asked to insert a Captcha code, to identify whether you are not a robot. Unfortunately, once you hit the enter button, the virus is automatically downloaded on the computer. Then the virus goes through several procedures, such as indicating your computer’s IP address and registering it through manybigtoys.com server. We can never know where the collected data may be used in the future.

To prevent yourself from such attacks, be smart around the web and don’t trust anything you may be told online. Even if you receive an email from a seemingly legitimate telecommunication companies or governmental institutions, always double check their reliability. The hackers used the names of British Gas, Endesa (Spain), New Zealand Post to draw their victims in. Pay attention: if such emails look at least remotely suspicious, feature typos or similar errors — do NOT open them as they might be infested with Torrent Locker. Do not forget to improve the security of your device and update your antivirus to the latest version.

How to ensure a successful Torrent Locker removal?

In case TorrentLocker virus is already on your computer, don’t wait and launch anti-malware utility immediately. Use reputable software such as Reimage or Malwarebytes Anti Malware for this task. But keep in mind that these malware detection tools have to be updated to the latest version to be fully functional and carry out the TorrentLocker removal successfully. Nevertheless, you should not expect an antivirus tool to decrypt your files as well. You will have to use other techniques to get back access to at least some of your files. Some of them are described at the end of this article. So, remove TorrentLocker and start the recovery!

We might promote some affiliate products. An entire disclosure is provided in our Terms and Conditions. By Downloading any recommended Anti-spyware software to uninstall TorrentLocker ransomware virus you accept our privacy policy and terms and conditions.
try it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Computer security experts recommend using Reimage to uninstall TorrentLocker ransomware virus. Reimage scans the entire computer system and checks whether it is infected with spyware/malware or not. If you want to remove computer threats and secure your computer system, you should consider buying the licensed version of Reimage.

You can find more details about this program in Reimage review.

You can find more details about this program in Reimage review.
Press mentions on Reimage
Press mentions on Reimage

Manual TorrentLocker Virus Removal Instructions:

Eliminate TorrentLocker using Safe Mode with Networking

You can detect malware using Reimage.
You need to purchase a licensed version of it to remove threats.
More details about Reimage.

TorrentLocker is a type of parasite which will try to prevent its removal, by blocking your antivirus or not allowing you to obtain one in the first place. In such a case, you should restart your computer and run it in the Safe Mode like explained below:

  • Step 1: Restart your computer in Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Go to Start Shutdown Restart OK.
    2. As soon as your computer starts, start pressing F8 key repeatedly before the Windows logo shows up.
    3. Choose Safe Mode with Networking from the list Choose 'Safe Mode with Networking' option

    Windows 10 / Windows 8
    1. Click on the Power button at the Windows login screen, and then press and hold Shift key on your keyboard. Then click Restart.
    2. Then select Troubleshoot Advanced options Startup Settings and click Restart.
    3. Once your computer starts, select Enable Safe Mode with Networking from the list of options in Startup Settings. Choose 'Enable Safe Mode with Networking' option
  • Step 2: Remove TorrentLocker

    Sign in to your account and launch any Internet browser. Download a legitimate anti-malware software, for instance, Reimage. Make sure you update it to the latest version and then run a full system scan with it to detect and eliminate all malicious components of the ransomware to remove TorrentLocker completely.

If your ransomware does not allow you to access Safe Mode with Networking, please follow the instructions provided below.

Eliminate TorrentLocker using System Restore

You can detect malware using Reimage.
You need to purchase a licensed version of it to remove threats.
More details about Reimage.

If running the system in Safe Mode did not help decontaminate the virus, you can try System Restore method. Step-by-step guide of this techniques is presented here:

  • Step 1: Restart your computer in Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Go to Start Shutdown Restart OK.
    2. As soon as your computer starts, start pressing F8 key repeatedly before the Windows logo shows up.
    3. Choose Command Prompt from the list Choose 'Safe Mode with Command Prompt' option

    Windows 10 / Windows 8
    1. Click on the Power button at the Windows login screen, and then press and hold Shift key on your keyboard. Then click Restart.
    2. Then select Troubleshoot Advanced options Startup Settings and click Restart.
    3. Once your computer starts, select Enable Safe Mode with Command Prompt from the list of options in Startup Settings. Choose 'Enable Safe Mode with Command Prompt' option
  • Step 2: Perform a system restore to recover files and settings
    1. When the Command Prompt window appears, type in cd restore and press Enter. Type 'cd restore' without quotes and hit 'Enter'
    2. Then type rstrui.exe and hit Enter.. Type 'rstrui.exe' without quotes and hit 'Enter'
    3. In a new window that shows up, click the Next button and choose a restore point that was created before the infiltration of TorrentLocker and then click on the Next button again. When 'System Restore' wizard comes up, click 'Next'. Choose a preferable restore point and click 'Next'
    4. To start system restore, click Yes. Hit 'Yes' and start system restore
    After restoring the computer system to an antecedent date, install and check your computer with Reimage to uncover any remains of TorrentLocker.

Bonus: Restore your files

Using the tutorial provided above you should be able to eliminate TorrentLocker from the infected device. novirus.uk team has also prepared an in-depth data recovery guide which you will also find above.

There are a couple of methods you can apply to recover data encrypted by TorrentLocker:

How can you use Data Recovery Pro tool to roll back the files encrypted by TorrentLocker?

Data Recovery Pro is an automatic and speedy tool that helps to restore missing and corrupted files. It has been updated to deal with encrypted files as well. Though there are never guarantees that alternative methods will be effective, you have nothing else to lose, thus why not give it a try?

  • Download Data Recovery Pro (https://novirus.uk/download/data-recovery-pro-setup.exe);
  • Install Data Recovery on your computer following the steps indicated in the software’s Setup;
  • Run the program to scan your device for the data encrypted by TorrentLocker ransomware;
  • Recover the data.

ShadowExplorer and its benefits for unlocking files encrypted by TorrentLocker ransomware

The primary benefit of ShadowExplorer is that it is able to use Volume Shadow Copies of your Windows operating system to restore files. If the files get accidentally deleted, or, in this case, locked by TorrentLocker, you can try to recover them using ShadowExplorer like shown below:

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Install Shadow Explorer on your computer following the instructions in the software’s Setup Wizard;
  • Run the program. Navigate to the menu on the top-left corner and select a disk containing your encrypted files. Look through the available folders;
  • When you find the folder you want to recover, right-click it and select “Export”. Also, choose where the recovered data will be stored.

Currently, you cannot obtain a free TorrentLocker virus decrypter

It is strongly recommended to take precautions and secure your computer from malware attacks. To protect your PC from TorrentLocker and other dangerous viruses, you should install and keep a powerful malware removal tool, for instance, Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.

About the author

Ugnius Kiguolis
Ugnius Kiguolis

If you found this free removal tutorial helpful, please consider making a donation to support us. Even the smallest amount will be appreciated and will help to keep this service alive.

Contact Ugnius Kiguolis
About the company Esolutions

Source: https://www.2-spyware.com/remove-torrentlocker-virus.html

Uninstall guides in different languages