TorrentLocker virus Removal Guide
Description of TorrentLocker ransomware virus
TorrentLocker and everything you need to know about it
By ransomware standards, TorrentLocker virus is a relatively old parasite. It came to the security experts’ attention back in September 2014 and has undergone several updates since then. The virus analysts managed to crack TorrentLocker’s code a year after its release. Unfortunately, last year, the hackers updated the virus once more, leaving another puzzle for the experts to decrypt. Besides, a closer look at the virus has revealed that the new parasite version is a derivative from the infamous ransomware known as CryptoLocker. Due to these relations, the new TorrentLocker has been dubbed simply Crypt0l0cker. In fact, the trend of creating CryptoLocker-based viruses is currently very active, and some experts believe that it might even signal the revival of this virus, though it was thought to be defeated some time ago. So, it would not be surprising if TorrentLocker would actually be one of the new CryptoLocker versions.
Talking about the TorrentLocker specifications in more detail, we should first note that it uses an RSA-2048 encryption algorithm to render victim’s data unreadable. This algorithm is very complex and has even been used for military purposes. Thus its decryption is a highly unlikely option. Sadly, this is exactly what the hackers are looking for. They use this advanced code to encrypt user’s photos, media files, archives and other data so they could ask money from the victims who desperately need to recover it. Extortionists lay down their demands in the DECRYPT_INSTRUCTIONS.html file or How_to_Restore_Files.html and How_to_Restore_Files.txt in the latest Crypt0l0cker variant. Of course, the content of these notes applies a high level of scare tactics and social engineering practices to convince the users into paying the ransom. The victims are put under a time limit and are being threatened that if they don’t follow the demands, they will lose their files forever. Then they order the victim to send 550 USD worth of Bitcoins into their Bitcoin wallet account and promise to give up the decryption key once the transaction is made. Needless to say, any collaboration with the criminals is risky, and none of their promises should be taken for granted. In fact, the safest option is to remove TorrentLocker from the computer using ReimageIntego or similar professional antivirus software.
TorrentLocker and its follow-up versions are controlled over the so-called Command & Control server which means that the virus cannot start encryption unless the computer is connected to the network. This is a flaw that can be used to prevent the virus attack. Unfortunately, practice shows that even with these vulnerabilities, the infection still manages to attack unsuspecting users. For instance, the virus was initially aimed at Australian users but quickly spread to Europe and Asia. This was made possible by a malicious distribution technique which allowed the criminals to exploit names of the famous companies and deliver deceptive spam emails directly to the potential victim’s email inboxes. The victims unknowingly downloaded a malicious file called explorer.exe and ran it on their computers unsuspecting that they are actually activating the virus. If you have gone through this process already, get on with the TorrentLocker removal immediately!
How is Torrent Locker distributed?
As we have already mentioned, Torrent Locker is being circulated mainly via spam emails. The victims targeted by this virus receive emails that indicate they were sent to you from some institution, say telecommunication company such as the Swedish Telia. Such emails will be called something like “Invoice from Telia” and feature a name of the recipient automatically generated at the beginning of the fake email. The scammers will continue by providing a link which leads to an Internet domain that imitates official website of Telia or other company in question. On this site, the victim will be asked to insert a Captcha code, to identify whether you are not a robot. Unfortunately, once you hit the enter button, the virus is automatically downloaded on the computer. Then the virus goes through several procedures, such as indicating your computer’s IP address and registering it through manybigtoys.com server. We can never know where the collected data may be used in the future.
To prevent yourself from such attacks, be smart around the web and don’t trust anything you may be told online. Even if you receive an email from a seemingly legitimate telecommunication companies or governmental institutions, always double check their reliability. The hackers used the names of British Gas, Endesa (Spain), New Zealand Post to draw their victims in. Pay attention: if such emails look at least remotely suspicious, feature typos or similar errors — do NOT open them as they might be infested with Torrent Locker. Do not forget to improve the security of your device and update your antivirus to the latest version.
How to ensure a successful Torrent Locker removal?
In case TorrentLocker virus is already on your computer, don’t wait and launch anti-malware utility immediately. Use reputable software such as ReimageIntego or Malwarebytes for this task. But keep in mind that these malware detection tools have to be updated to the latest version to be fully functional and carry out the TorrentLocker removal successfully. Nevertheless, you should not expect an antivirus tool to decrypt your files as well. You will have to use other techniques to get back access to at least some of your files. Some of them are described at the end of this article. So, remove TorrentLocker and start the recovery!
Getting rid of TorrentLocker virus. Follow these steps
In-depth guide for the TorrentLocker elimination
TorrentLocker is a type of parasite which will try to prevent its removal, by blocking your antivirus or not allowing you to obtain one in the first place. In such a case, you should restart your computer and run it in the Safe Mode like explained below:
The elimination guide can appear too difficult if you are not tech-savvy. It requires some knowledge of computer processes since it includes system changes that need to be performed correctly. You need to take steps carefully and follow the guide avoiding any issues created due to improper setting changes. Automatic methods might suit you better if you find the guide too difficult.
Step 1. Launch Safe Mode with Networking
Safe Mode environment offers better results of manual virus removal
Windows 7 / Vista / XP
- Go to Start.
- Choose Shutdown, then Restart, and OK.
- When your computer boots, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) a few times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click the Start button and choose Settings.
- Scroll down to find Update & Security.
- On the left, pick Recovery.
- Scroll to find Advanced Startup section.
- Click Restart now.
- Choose Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Choose 5) Enable Safe Mode with Networking.
Step 2. End questionable processes
You can rely on Windows Task Manager that finds all the random processes in the background. When the intruder is triggering any processes, you can shut them down:
- Press Ctrl + Shift + Esc keys to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes.
- Look for anything suspicious.
- Right-click and select Open file location.
- Go back to the Process tab, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check the program in Startup
- Press Ctrl + Shift + Esc on your keyboard again.
- Go to the Startup tab.
- Right-click on the suspicious app and pick Disable.
Step 4. Find and eliminate virus files
Data related to the infection can be hidden in various places. Follow the steps and you can find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive (C: is your main drive by default and is likely to be the one that has malicious files in) you want to clean.
- Scroll through the Files to delete and select the following:
Temporary Internet Files
- Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
After you are finished, reboot the PC in normal mode.
Eliminate TorrentLocker using System Restore
If running the system in Safe Mode did not help decontaminate the virus, you can try System Restore method. Step-by-step guide of this techniques is presented here:
Step 1: Restart your computer in Safe Mode with Command Prompt
Windows 7 / Vista / XP
- Go to Start → Shutdown → Restart → OK.
- As soon as your computer starts, start pressing F8 key repeatedly before the Windows logo shows up.
- Choose Command Prompt from the list
Windows 10 / Windows 8
- Click on the Power button at the Windows login screen, and then press and hold Shift key on your keyboard. Then click Restart.
- Then select Troubleshoot → Advanced options → Startup Settings and click Restart.
- Once your computer starts, select Enable Safe Mode with Command Prompt from the list of options in Startup Settings.
Step 2: Perform a system restore to recover files and settings
- When the Command Prompt window appears, type in cd restore and press Enter.
- Then type rstrui.exe and hit Enter..
- In a new window that shows up, click the Next button and choose a restore point that was created before the infiltration of TorrentLocker and then click on the Next button again.
- To start system restore, click Yes.
Bonus: Restore your filesUsing the tutorial provided above you should be able to eliminate TorrentLocker from the infected device. novirus.uk team has also prepared an in-depth data recovery guide which you will also find above.
There are a couple of methods you can apply to recover data encrypted by TorrentLocker:
How can you use Data Recovery Pro tool to roll back the files encrypted by TorrentLocker?
Data Recovery Pro is an automatic and speedy tool that helps to restore missing and corrupted files. It has been updated to deal with encrypted files as well. Though there are never guarantees that alternative methods will be effective, you have nothing else to lose, thus why not give it a try?
- Download Data Recovery Pro;
- Install Data Recovery on your computer following the steps indicated in the software’s Setup;
- Run the program to scan your device for the data encrypted by TorrentLocker ransomware;
- Recover the data.
ShadowExplorer and its benefits for unlocking files encrypted by TorrentLocker ransomware
The primary benefit of ShadowExplorer is that it is able to use Volume Shadow Copies of your Windows operating system to restore files. If the files get accidentally deleted, or, in this case, locked by TorrentLocker, you can try to recover them using ShadowExplorer like shown below:
- Download Shadow Explorer (http://shadowexplorer.com/);
- Install Shadow Explorer on your computer following the instructions in the software’s Setup Wizard;
- Run the program. Navigate to the menu on the top-left corner and select a disk containing your encrypted files. Look through the available folders;
- When you find the folder you want to recover, right-click it and select “Export”. Also, choose where the recovered data will be stored.
Currently, you cannot obtain a free TorrentLocker virus decrypter
It is strongly recommended to take precautions and secure your computer from malware attacks. To protect your PC from TorrentLocker and other dangerous viruses, you should install and keep a powerful malware removal tool, for instance, ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes.
How to prevent from getting ransomware
A proper web browser and VPN tool can guarantee better safety
As online spying becomes an increasing problem, people are becoming more interested in how to protect their privacy. One way to increase your online security is to choose the most secure and private web browser. But if you want complete anonymity and security when surfing the web, you need Private Internet Access VPN service. This tool successfully reroutes traffic across different servers, so your IP address and location remain protected. It is also important that this tool is based on a strict no-log policy, so no data is collected and cannot be leaked or made available to first or third parties. If you want to feel safe on the internet, a combination of a secure web browser and a Private Internet Access VPN will help you.
Reduce the threat of viruses by backing up your data
Due to their own careless behavior, computer users can suffer various losses caused by cyber infections. Viruses can affect the functionality of the software or directly corrupt data on your system by encrypting it. These problems can disrupt the system and cause you to lose personal data permanently. There is no such threat if you have the latest backups, as you can easily recover lost data and get back to work.
It is recommended to update the backups in parallel each time the system is modified. This way, you will be able to access the latest saved data after an unexpected virus attack or system failure. By having the latest copies of important documents and projects, you will avoid serious inconveniences. File backups are especially useful if malware attacks your system unexpectedly. We recommend using the Data Recovery Pro program to restore the system.