you can turn your comp back on and run it in secured mode to run a virus scan. If you don't have an anti-virus program, I would seriously invest in one or get a free one after you do a scan.

it can be several days ago you got the virus

Oh no, you got this lovely CryptoLocker virus that's currently doing the rounds.

As Moreau Jr has stated, you can't remove the virus just by "normal" usage.

First, I'd recommend you Google for CryptoLocker solutions specifically, but generally, you need to download MalwareBytes and CCleaner for good measure.

Once you've done that and installed them, start your PC in Safe mode (normally by hitting F8 while it boots up). Then run them both, preferably MalwareBytes first.

Once they've done their thing, they'll normally restart the system where you can carry on as normal. However, this CryptoLocker nasty is pretty intensive so I wouldn't be surprised if this is useless - so I emphasise Googling for precise help.

Oh and by the way, it DIDN'T come through Steam. CryptoLocker by nature will sit dormant for some time, probably days before activating - is it so surprising they've been activating over Christmas?

Thank you for all your replies. I have MSE on the infected system and right now I'm doing a scan in Safe Mode. I did search for the behaviour prior to restarting the computer but all the results are for those virus that pretend to be law enforcement agencies taking action on copyright issues. The one I have is much simpler so those solutions may not apply to my case. Anyway I'll try them after the scan. Good to know Steam is still secure.

Ursprünglich geschrieben von Beef Goulash:

Thank you for all your replies. I have MSE on the infected system and right now I'm doing a scan in Safe Mode. I did search for the behaviour prior to restarting the computer but all the results are for those virus that pretend to be law enforcement agencies taking action on copyright issues. The one I have is much simpler so those solutions may not apply to my case. Anyway I'll try them after the scan. Good to know Steam is still secure.

As I said Google specifically for CryptoLocker - it was verified on the BBC News website a few days ago that millions have been affected in recent days with this.

You're doing the right procedure, but I will repeat that one of the reasons this is so notable in the news is because it's affected so many and because it hooks into some Microsoft established code, making it a real bastard to get rid of, so you might need some unusually specific procedure to go through.

Ok what sites have you been visiting lately? cause im gonna stay away from those :P

crunchyfrog, thank you for your advice. I do remember reading the news from BBC's website back in like November.
And for whoever might be interested, I took another look at that irritating window and it says the following:
"Your computer is LOCKED. All files with extensions *.exe, *.doc, *.xml, *.docx, *.rar, *.zip are ENCRYPTED. Trying to bypass this will make them unRECOVERABLE!
To UNLOCK your computer and decrypt files you must do SURVEY.
Tip: SMS Surveys unlock faster."
Below there's a hyperlink says "Open Survey" and below that is a input box with a "Unlock" button to its right. This window doesn't appear until the desktop and taskbar etc. are loaded. Then it hides everything but I could still open web browser by pressing the physical button on the keyboard. I was also able to open the Ctrl-Alt-Del screen (Windows 7 SP1) but the malware disabled the task manager button in the registry table. While in Safe Mode, I located and deleted this file called svhost .exe in User/AppData… I also deleted the corresponding entry in registry table. However, when I boot up back in normal mode, the malware was able to recover itself. Previously I did a full scan in Safe Mode with MSE and it detected no threat. I haven't been able to find an exactly matched profile for this malware on the Internet, obviously it's not as popular.
I visited nfscars.net before, since someone asked.

Ursprünglich geschrieben von Beef Goulash:

crunchyfrog, thank you for your advice. I do remember reading the news from BBC's website back in like November.
And for whoever might be interested, I took another look at that irritating window and it says the following:
"Your computer is LOCKED. All files with extensions *.exe, *.doc, *.xml, *.docx, *.rar, *.zip are ENCRYPTED. Trying to bypass this will make them unRECOVERABLE!
To UNLOCK your computer and decrypt files you must do SURVEY.
Tip: SMS Surveys unlock faster."
Below there's a hyperlink says "Open Survey" and below that is a input box with a "Unlock" button to its right. This window doesn't appear until the desktop and taskbar etc. are loaded. Then it hides everything but I could still open web browser by pressing the physical button on the keyboard. I was also able to open the Ctrl-Alt-Del screen (Windows 7 SP1) but the malware disabled the task manager button in the registry table. While in Safe Mode, I located and deleted this file called svhost .exe in User/AppData… I also deleted the corresponding entry in registry table. However, when I boot up back in normal mode, the malware was able to recover itself. Previously I did a full scan in Safe Mode with MSE and it detected no threat. I haven't been able to find an exactly matched profile for this malware on the Internet, obviously it's not as popular.
I visited nfscars.net before, since someone asked.

It could possibly be a variant of CryptoLocker - that's the problem with these bloody viruses. Plenty of arseholes out there to modify them.

The only other thing I would do is have a good look through the usual antivirus people's sites (mcAfee, Avira, MS, Norton et al) and see what the latest is.

Sorry I can't be of more specific help.

I hope for you it is not Cryptolocker. There is no solution for this virus other than formatting your drive, as you will not be able to recover your encrypted files. The virus uses sophisticated encryption algorithms which make recovery virtually impossible.

Ursprünglich geschrieben von Pvt_Booger:

I hope for you it is not Cryptolocker. There is no solution for this virus other than formatting your drive, as you will not be able to recover your encrypted files. The virus uses sophisticated encryption algorithms which make recovery virtually impossible. :devilskiss:

That's not strictly true.

It is possible to remove the majority (if not all) of it. However, some files can remain encrypted, and it is indeed a real bastard.

That's precisely why I've adived to keep a close eye on the security professionals for data.

Although I would also add, as you say, it might be better all-round to reformat/reinstall.

As I understand it there's no evidence to show that anything's being stolen, just the ransom seems to be the point. However, if this has crept in, then it's highly likely other stuff may have.
I know what option I'd go for, personally - reformat.

Ursprünglich geschrieben von crunchyfrog:

That's not strictly true.

It is possible to remove the majority (if not all) of it. However, some files can remain encrypted, and it is indeed a real bastard.

That's precisely why I've adived to keep a close eye on the security professionals for data.

Although I would also add, as you say, it might be better all-round to reformat/reinstall.

As I understand it there's no evidence to show that anything's being stolen, just the ransom seems to be the point. However, if this has crept in, then it's highly likely other stuff may have.
I know what option I'd go for, personally - reformat.

The virus itself is easy to remove but, as far as I am aware, the files are impossible to retrieve other than by paying. This is simply because the algorithm is unique to the infected machine, and the passkey generated is also unique. This is only stored server-side and it is non-retrievable (other than by paying, as indicated).

I suppose it could technically be possible to decrypt the files but it would require a brilliant mind and a lot of patience.

If you are aware of anything new though do share, as to my knowledge this is one of the most destructive viruses in the last few years.

Sorry, I should have added "Assuming the OP is infected with Trojan.Cryptolocker"

Ursprünglich geschrieben von Pvt_Booger:

Sorry, I should have added "Assuming the OP is infected with Trojan.Cryptolocker"

I don't disagree with you at all.

I was just trying to fully explain the situation (to avoid the usual scaremongering). As far as anything new, no I have nothing to share, but it does depend on what's going on - the version of Crypt Locker, and more importantly what stage it's all at.

I certainly agree and emphasise that once those files are encrypted, they're as good as gone. It is a pure bastard.

This is why I emphasised the keeping an eye on the professional's sites - they're always the best source of info, and what (and if) it does get cracked, that's the way you're going to find out first.

However, I will reiterate that in the long run the OP should do two things:
(1) Reformat and reinstall. Give up the ghost.
(2) Review their browsing habits and check their security setups. It got in somehow, and there's no record of it coming from anywhere "reputable".