Home » Blog » Cybersecurity » How to remove CTB Locker Ransomware (Virus Removal)
ctb locker virus

How to remove CTB Locker Ransomware (Virus Removal)

CTB Locker virus

The CTB Locker virus (Curve-Tor-Bitcoin Locker virus) is dangerous malware and a cryptovirus found in the ransomware category of computer infections, similar to the FBI virus. Most versions of the CTB Locker virus use tactics to lock a computer system or internet browser and will claim to have encrypted a computer’s files, in order to scare victims into paying a fine or ransom using Bitcoin or other online services.

ctb locker virus

The CTB Locker virus may in fact encrypt a computer’s files and may use a screen or window to display a message that includes unethical instructions to acquire a key (RSA KEY) in order to decrypt files. In some cases there is no way to recover encrypted files locked by this ransomware, aside from performing a backup that was created before the infection.


A common message displayed by several versions of CTB Locker ransowmare is detailed below:

All files including videos, photos and documents on your computer are encrypted by Crypto Software.

Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.

The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; 
the server will destroy the key after a month. After that, nobody and never will be able to restore files.

In order to decrypt the files, open your personal page on the site https://rj2bocejarqnpuhm.onion.to/XXX and follow the instructions.

If https://rj2bocejarqnpuhm.onion.to/XXX is not opening, please follow the steps below:

1. You must download and install this browser http://www.torproject.org/projects/torbrowser.html.en
2. After installation, run the browser and enter the address: rj2bocejarqnpuhm.onion/XXX
3. Follow the instructions on the web-site. We remind you that the sooner you do, the more chances are left to recover the files.

As you can see, the messages displayed by CTB Locker malware are meant to scare victims into purchasing CTB Lockers in order to pay the fraudulent fine.

How does CTB Locker ransomware get onto a computer?

The CTB Locker cryptovirus infection can be contracted via suspicious downloads including freeware, shareware, codecs, torrents, and more, and is also promoted in malicious advertisements and search results.

The CTB Locker virus may be present in exploit kits and may gain access via trojan horses hiding on malicious websites.

How to remove CTB Locker

  1. CTB Locker removal Software and Tools – Detect and remove CTB Locker ransomware
  2. System Restore/Reset – Restore PC to date and time before the CTB Locker malware infection
  3. Tech Support – Call 1-888-986-8411 and they will kindly assist you with removing the CTB Locker computer infection

1. CTB Locker removal Software and Tools

1. We highly recommend writing down the toll free number below in case you run into any issues or problems while following the instructions. Our techs will kindly assist you with any problems.

if you need help give us a call

2. Install the free or paid version of Malwarebytes Anti-Malware.

download buy now

3. Once Malwarebytes is installed, run the program. *Malwarebytes may automatically begin to update and scan your computer at this point.


4. Once the Malwarebytes program has been open, if a scan has not initiated, please click the large Scan Now button or visit the “Scan” tab to initiate a scan. Before the scan is started Malwarebytes may ask to update the software, make sure to do so if prompted to.

malwarebytes anti-malware

5. Once the scan is complete, click the Quarantine All button to remove the files.

malwarebytes quarantine log

6. You may also chose to visit the History tab and click Delete All to remove these files from the Quarantine log, although these files no longer prove a threat.

If you are still having issues with malware it is recommended to download and install a second opinion scanner such as HitmanPro by Surfright to eradicate existing malicious files.

2. System Restore/Reset
System Restore/Reset is an easy solution to restore an infected computer to a date and time before it became infected with the CTB Locker computer virus. To learn more please select a link below:

Windows Recommended Restore And Choose A Restore Point

CTB Locker virus removal tips:

If the CTB Locker virus is difficult to remove there are several steps you can use to troubleshoot the removal process:

User accounts

Ransomware often infects 1 user account on Windows systems at a time. Here are some tips to remove ransomware by using different user accounts.

  • Log into an account not affected by malware (with administrative rights) and perform a scan with reputable software to detect and remove malware.
  • You can also delete the infected account.

Denying flash

Some variants of ransomware use flash and symptoms of the infection can be halted by denying flash via Macromedia’s real-time options. To learn more and deny flash please visit: http://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html

Troubleshoot internet/network issues

Safe Mode With Networking can be used to access the Internet for updates, drivers, removal software, or other files if internet and network connectivity is compromised.

Lead Editor

Jared Harrison is an accomplished tech author and entrepreneur, bringing forth over 20 years of extensive expertise in cybersecurity, privacy, malware, Google Analytics, online marketing, and various other tech domains. He has made significant contributions to the industry and has been featured in multiple esteemed publications. Jared is widely recognized for his keen intellect and innovative insights, earning him a reputation as a respected figure in the tech community.

More Reading

Post navigation


  • Hi, my computer have infected by this ransomware virus and my question is,
    can i recover back all my data that locked my the virus after i perform the step as your site mentioned ?


  • The CTB Locker virus (Curve-Tor-Bitcoin Locker virus) is dangerous malware and a cryptovirus found in the ransomware category of computer infections. Most versions of the CTB Locker virus use tactics to lock a computer system or internet browser and will claim to have encrypted a computer’s files, in order to scare victims into paying a fine or ransom using Bitcoin or other online services.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How to remove .wcry ransomware and decrypt files

How to remove MicroCop virus (Removal Guide)

How to remove crptrgr virus