The Critroni virus (also known as the CTB virus) is dangerous malware and a cryptovirus found in the ransomware category of computer infections. Most versions of the Critroni virus use tactics to lock a computer system or internet browser and will claim to have encrypted a computer’s files, in order to scare victims into paying a fine or ransom using Bitcoin or other online services.
The Critroni virus may in fact encrypt a computer’s files and may use a screen or window to display a message that includes unethical instructions to acquire a key (RSA KEY) in order to decrypt files. In some cases there is no way to recover encrypted files locked by this ransomware, aside from performing a backup that was created before the infection.
DO NOT PAY THE FINE, THIS IS A DANGEROUS COMPUTER VIRUS!
A common message displayed by several versions of Critroni ransowmare is detailed below:
All files including videos, photos and documents on your computer are encrypted by Crypto Software. Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a month. After that, nobody and never will be able to restore files. In order to decrypt the files, open your personal page on the site https://rj2bocejarqnpuhm.onion.to/XXX and follow the instructions. If https://rj2bocejarqnpuhm.onion.to/XXX is not opening, please follow the steps below: 1. You must download and install this browser http://www.torproject.org/projects/torbrowser.html.en 2. After installation, run the browser and enter the address: rj2bocejarqnpuhm.onion/XXX 3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.
As you can see, the messages displayed by Critroni malware are meant to scare victims into purchasing Critronis in order to pay the fraudulent fine.
How does Critroni ransomware get onto a computer?
The Critroni cryptovirus infection can be contracted via suspicious downloads including freeware, shareware, codecs, torrents, and more, and is also promoted in malicious advertisements and search results.
The Critroni virus may be present in exploit kits and may gain access via trojan horses hiding on malicious websites.
How to remove Critroni virus
- Critroni removal software (Automatic removal) – Detect and remove Critroni ransomware
- System Restore – Restore PC to date and time before the Critroni malware infection
- For Tech Support – Call 1-888-879-0084 and they will kindly assist you with removing the Critroni computer infection
1. Critroni virus removal software
1. We highly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.
if you need help give us a call
2. Install the free or paid version of Malwarebytes Anti-Malware software.
Latest versions: Malwarebytes Anti-Malware PRO, Malwarebytes Anti-Malware Free
Release date: 2014
3. Once Malwarebytes is installed, open the Anti-Malware program. If you are using the free version of Malwarebytes you will be prompted to update the database, please do so.
4. On the first tab labeled “Scanner” select the Perform full scan option and click the Scan button to perform a full system scan (pictured below).
5. Malwarebytes will automatically detect the malicious Critroni files and third-party malware on your computer. Once the scan is complete, Malwarebytes will prompt a message stating malicious objects were detected. Select (check) the malicious objects in the list and click the Remove Selected button to completely remove the Critroni malware from your computer (The image below shows a file that is NOT selected for removal – ‘Make sure the box is checked in’).
2. System Restore
A System Restore is an easy solution to restore an infected computer to a date and time before it became infected with the Critroni computer virus. To learn more please select a link below:
Critroni virus removal tips:
If the Critroni virus is difficult to remove there are several steps you can use to troubleshoot the removal process:
Ransomware often infects 1 user account on Windows systems at a time. Here are some tips to remove ransomware by using different user accounts.
- Log into an account not affected by malware (with administrative rights) and perform a scan with reputable software to detect and remove malware.
- You can also delete the infected account.
- Other options include creating a new user account to remove malware if only 1 Window’s user account is present on the computer system.
Some variants of ransomware use flash and symptoms of the infection can be halted by denying flash via Macromedia’s real-time options. To learn more and deny flash please visit: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html
Troubleshoot internet/network issues
Safe Mode With Networking can be used to access the Internet for updates, drivers, removal software, or other files if internet and network connectivity is compromised.