Home / Spyware Help / Cryptorium Ransomware Removal Guide

Cryptorium Ransomware Removal Guide

by 0 Comments

Do you know what Cryptorium Ransomware is?

According to our malware analysts, Cryptorium Ransomware is a semi-functional ransomware-type computer infection that claims to encrypt your files, but all it can do is change their file extension so that you would be unable to open them. Therefore, you should not purchase the decryption tool that this program offers because you can change the file format manually. Furthermore, this program does not leave any email address and does not explain how to purchase the so-called "GBO KEY." You should remove this malicious application from your PC as soon as you can. Please read this article to find out more about this ransomware.

Evidently, this malicious program was created by cyber criminals that seek to infect your computer by stealth. Our malware researchers have concluded that this program is distributed via a pirated version of the video game FIFA 17. However, that does not mean that all pirated copies of this game feature this ransomware. The cyber criminals bundled this ransomware with FIFA 17 in December of 2016. The pirated version of this game is known to be distributed on various torrent websites worldwide, re-enable the pirated game you can get.

Our cyber security experts have looked into this situation and found that Cryptorium Ransomware’s executable can be named VirtualUIpro.exe, but the name can vary. They say that this executable is most likely included in the Crack folder and you have to launch it manually for this program to start doing something. It gives the impression of a seriously dangerous malware, but that is not the case because it cannot encrypt files as it claims.Cryptorium Ransomware Removal GuideCryptorium Ransomware screenshot
Scroll down for full removal instructions

Our malware analysts have tested Cryptorium Ransomware and found that it does not feature an encryption algorithm. Instead, it modifies the file extensions of the targeted files and changes them to .ENC. Changing the extension back to its original is enough to make the file accessible again. So, for example, if this ransomware changes the file extension of Chrome.exe to Chrome.ENC you can right-click the file, select Rename and replace .ENC with .exe as it is supposed to be and that is it. However, you will have to do that for all of the files that this ransomware has modified.

Paying the ransom is not an option if you want it to fix all of your files automatically because Cryptorium Ransomware does not provide instructions on how to purchase the GBO KEY to decrypt the allegedly encrypted files. Furthermore, it is worth mentioning that the cyber criminals threaten to delete your files if you do not pay within 32 hours. However, this is unlikely to happen, but you should get rid of this ransomware as soon as possible to not find out if it can actually do that. Nevertheless, we know for sure that this malicious application will terminate Task Manager’s process and prevent it from running. So Cryptorium Ransomware can inflict lasting consequences on your computer, and you have to get rid of it and override the modifications it has imposed on your PC.

In conclusion, Cryptorium Ransomware is one malicious application, but thankfully it cannot encrypt your files as it can only change their file extensions. However, it can disable Task Manager, and you have to re-enable it manually. If you want to do that manually, we invite you to make use of the removal guide provided below. You can also use SpyHunter, an anti-malware program that will delete this ransomware and re-enable Task Manager for you.

Reenable Task Manager

  1. Press Windows+R keys.
  2. Type Gpedit.msc and click OK.
  3. Click User Configuration and select Administrative Templates.
  4. Then, select System and select Ctrl+Alt+Del Options.
  5. Double-click Remove Task Manager.
  6. Set Disable or Not Configured.
  7. Close Gpedit.msc.
  8. Then, press Windows+R again.
  9. Type gpupdate /force in the box and click OK.

How to remove this ransomware (option 1)

  1. Locate VirtualUIpro.exe.
  2. Right-click it and click Delete.
  3. Empty the Recycle Bin.

How to remove this ransomware (option 2)

  1. Go to http://www.spyware-techie.com/download-sph
  2. Download the installer and run it.
  3. Follow the installation instructions.
  4. Run the program.
  5. Select Scan Computer Now!
  6. Once the scan is complete, hold down Windows+E keys.
  7. Enter the file path of the malicious file in the File Explorer’s address box and press Enter.
  8. Right-click the malicious file and click Delete.
  9. Empty the Recycle Bin.

In non-techie terms:

Our malware analyst have concluded that Cryptorium Ransomware is semi-functional malware that does not encrypt any files but changes the file extensions to make it seem like they were encrypted because you cannot access them. Furthermore, it disables Task Manager so that you could not remove this ransomware’s executable. Please consult the guide below or use SpyHunter to get rid of this infection and the consequences that come with it.