What is Critoni virus?
Critoni virus is a dangerous ransomware, which acts just like CTB Locker virus, Cryptowall virus, CryptoLocker virus and many other cyber threats that belong to this category. You can't miss the moment of infiltration of this virus because it encrypts specific files and then displays a warning that asks to pay a ransom for their decryption as soon as it infects the system. Unfortunately, the code that can be used for decrypting those encrypted files is kept on servers that belong to Critoni owners, so the only way to get it is to pay a ransom. However, we still do NOT recommend doing this because this ransom will support bad guys and their dirty business. In order to save your files, you should start paying more attention to your PC's security. We highly recommend installing Reimage which will help you to avoid infiltration of this ransomware and other cyber infections.
How can Critoni virus infect my computer?
Critoni virus is spread using infected websites, fake pop-ups, unlicensed programs and spam. In fact, spam is the main method, which is used for distributing this serious cyber infection. According to the latest news, scammers have recently started a new spam campaign, which uses the name of bank of America. Please ignore all emails that ask you to download AccountDocuments.zip because it might be infected with Critoni virus. If it manages to enter computer, it scans the system and selects files for encryption. Typically, this virus locks specific files that mostly have these extensions: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx. After encrypting them, this threat starts displaying a huge notification that informs the victim that his/hers personal files were encrypted and that he/she should pay a ransom of $350 to decrypt them.
How to remove Critoni virus?
The saddest thing is that you can't decrypt your files without paying a ransom. That is why you should always think about a reliable anti-spyware program that could easily help you to avoid this and similar infections in the future. In this case, we recommend using Reimage, Malwarebytes Malwarebytes or Plumbytes Anti-MalwareNorton Internet Security. In addition, make sure you transfer your files to USB external hard drives, CDs, DVDs, or simply rely on online backups, such as Google Drive, Dropbox, Flickr and other solutions.
In order to remove Critoni virus from the system, you should use Reimage. Note that his virus may block your anti-spyware in order to prevent its removal. If that is the case, follow these steps and try again:
- Reboot you infected PC to 'Safe mode with command prompt' to disable virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated anti-spyware.