CryptoLocker is a new ransomware which is doing the rounds. What is basically does is once it has infected your computer it encrypts all of your files and shows a message demanding you to pay up. Detailed information is here http://tweakbytes.com/Thread-Crypto-Locker In this guide we will try to focus on removing this malware. After doing some research of my own I have found out that CryptoLocker uses a custom encryption to encrypt files and has a one time decryption key. It is very difficult to crack or brute force it due to the complexity of the algorithm and the time it would take. Removal:- Removal can be done easily by either using Malwarebytes Anti-malware with a combination of R-Kill tool to do it. But this is not the main concern as even once this virus is removed it is not possible to decrypt your files. Retrieval of files:- Retrieving the files will be a bit of a job to tackle. If you have a full working backup it is going to be very easy to do so and get back all the files. This again ellcudiates the importance of backing up your data. Now, if you do not have a backup you can take one of the two options. 1- System Restore:- System restoring back to a time before virus intrusion is a good idea and should be done. This can be easily done from safe-mode but will not decrypt or return to original state most of your files. 2- Shadow copy:- By default Windows Vista+ Oses keep a copy of a file called shadow copy. This can be found and restored from the file properties dialog box but for a multitude of files it is going to be highly difficult. To ease the process we will use a tool called Shadow-Explorer to do so. You can download it from here http://www.shadowexplorer.com/downloads.html This will enable to access the shadow cache and get the files out of them. If you are lucky enough you should have shadow-copies of most files and should get the job done. Most guides on the internet are just copies of some thoughts and do not give the shadow defender pathway. Please do not do a restore or refresh before. This may wipe out the shadow files. If none of these works, you have lost it and there is nothing that can be done. If you are stuck in such a situation you may have to end up paying to them. It has been confirmed that it does decrypt the files. Please make use of a disposable card to do so and do not give any other of your financial details. I may be the first one urging to pay but if your data is very valuable and you have no backups this might be the time do it and not waste it. Also remember to install a proper security software. If possible purchase a good one or use a tight freeware combo. If you had Comodo with Defense+, which is a free software of course this ransom virus would have been thwarted. For detailed instructions and recommendations for security software please make a thread here http://tweakbytes.com/Forum-Security-Configurator The next step would be to do a complete re-install formatting all your hard-disk partitions. I would recommend using a linux live CD for this purpose.