What is Crowti virus?
Crowti virus is a seriously dangerous ransomware, which is very similar to such well known ransomware threats as CryptoDefense or CryptoWall. As soon as it gets inside the PC system, it checks what is kept on it and blocks all files that have such extensions: 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx. You may ask 'why?'. The answer is very simple – this virus seeks to make its victims pay a predetermined ransom for unblocking blocked files. Unfortunately but there is no guarantee that making this payment will help you recover connection to your affected files. That's why we highly recommend people, enterprise and home users, to make sure that they have made alternate copies of their important files. They can use Cloud storage technologies, Dropbox, Flash Drive or even CDs for that. In addition, you should always keep your anti-spyware up-to-date in order to prevent infiltration of this virus. If Crowti virus has already started showing you a warning that is filled with specific instructions explaining how you can unlock your files (it usually requires making a payment of $100, $200 or even $500 in bitcoins), you should waste no time and scan your computer with updated anti-spyware. It will help you to remove this and other cyber threats from the system.
How can Crowti virus infect my computer?
Just like any other ransomware threat, Crowti virus is spread using several misleading techniques. You can easily fall into downloading this virus to your computer by clicking on fake pop-up notification offering you to update your Flash Player, Java, download manager or similar program. In addition, spam campaigns have also been actively used when spreading this virus around. So, you should be very careful with every email that looks suspicious and actively asks you to download its attachment. According to our PC security experts, you should stay away from such and similar attachments: VOICEXXXX.scr, IncomingFaxXXXX.exe, info_XXXX.pdf.exe, etc. If you have already been tricked into downloading any of these attachments to your computer, you should waste no time and scan it with the reputable anti-spyware. It will help you to remove all malwares and viruses, including Crowti virus. Otherwise, it will block your files and then will ask you to pay a ransom for unblocking them. It usually presents itself as CryptoDefense or CryptoWall that have already mentioned in the first paragraph. If you have already received a warning asking you to pay for decrypting your blocked files, you shouldn't pay the ransom because you may be left with nothing. Instead of that, follow these steps and remove this threat.
How to remove Crowti virus?
In order to prevent appearance of Crowti virus, you should ignore all suspiciously-looking mails and ignore every ad that offers you to update your Flash, Java and similar programs. In addition, make sure you scan your PC with a reputable anti-spyware if your PC is already affected by this ransomware. For that you can use Reimage or Malwarebytes MalwarebytesCombo Cleaner. If you can't launch any of these programs, follow these steps:
- Reboot you infected PC to 'Safe mode with command prompt' to disable virus (this should be working with all versions of this threat)
- Run Regedit
- Search for WinLogon Entries and write down all the files that are not explorer.exe or blank. Replace them with explorer.exe.
- Search the registry for these files you have written down and delete the registry keys referencing the files.
- Reboot and run a full system scan with updated anti-spyware.
However, if this fails to work for you, there is a huge possibility that you won't be capable to recover your files…
We highly recommend thinking about the prevention of such infections. For that you can use previously mentioned programs. Besides, don't forget to think about the immunity of your files and backup. For that you can use USB external hard drives, CDs, DVDs, or simply rely on online backups, such as Google Drive, Dropbox, Flickr and other solutions.
Finally, read this post and know more details how to avoid Crowti virus and other ransomware viruses: