War2.ru Slogan
News: There's a new version of War2Observe that fixes the crash issue,
download from the downloads page today!


Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
Welcome to the forums! We're glad to have you here! :) You can register your account here, then feel free to introduce yourself in the Server.War2.ru board & let us know who you are on the server.

CryptoWall Virus 5988  40

Grunt Posts: 89 Karma: +2/-0 ***

[TD]Medivh

  • Grunt
  • ***
  • Posts: 89
    • View Profile
CryptoWall Virus
« on: May 18, 2015, 01:01:33 PM »
Anyone knows anything about that virus?
My father's pc just got infected , and seems like theres no way to remove it or get back the crypted files without paying a ransom of like 800 USD through bitcoin to the virus maker.

Actually ive tried all traditional solutions, ComboFix itself failed.
Looks like 4/5 of italian ppl got infected by that virus.

Is there anyone in this community that can tell me what i can do?
Grunt Posts: 216 Karma: +17/-4 ***

Rit

  • Grunt
  • ***
  • *
  • Posts: 216
    • View Profile
    • Rit's Youtube
*

Rit

Re: CryptoWall Virus
« Reply #1 on: May 18, 2015, 01:23:04 PM »
1. Boot the computer into safe mode with networking.
2. Download, install, and update Malwarebytes.  Run a Threat Scan and remove whatever malware you detect.  Reboot into safe mode with networking again.
3. Download Microsoft Safety Scanner and run a Full Scan.  Remove threats.  Reboot into safe mode with networking again. Link: https://www.microsoft.com/security/scanner/en-us/default.aspx
4. Run a full anti-virus scan.  If he isn't using one already, here is a 90 day BitDefender trial: https://www.facebook.com/bitdefender/app_118554158281905
5. I'm sure the computer is probably riddled with adware too, so it probably wouldn't hurt to run AdwCleaner: https://toolslib.net/downloads/viewdownload/1-adwcleaner/
6. Clean the registry with CCleaner (if you start getting registry errors after the removal): https://www.piriform.com/ccleaner - Usually this will take care of any problems, but sometimes the registry entries will need to be deleted manually.

Keep me updated and I'll assist you to the best of my ability.
(ง︡'-'︠)ง "Bitchin!" ®©℗™ Dragon Posts: 6059 Karma: +135/-70 "It's going to be Legen-(wait for it......)-DARY!" **********

EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • *
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #2 on: May 18, 2015, 01:30:04 PM »

Anyone knows anything about that virus?
My father's pc just got infected , and seems like theres no way to remove it or get back the crypted files without paying a ransom of like 800 USD through bitcoin to the virus maker.

Actually ive tried all traditional solutions, ComboFix itself failed.
Looks like 4/5 of italian ppl got infected by that virus.

Is there anyone in this community that can tell me what i can do?

All that porn huh? Well that's life.

It would probably be best to back up all your important files and just reinstall the OS....instead of downloading this anti virus and that anti spyware.


Sent from my Motorola DynaTAC 8000X using Tapatalk[/td][/tr][/table]
Peon Posts: 8 Karma: +0/-0 **

Howl

  • Peon
  • **
  • Posts: 8
    • View Profile
    • Warcraft2Online
Re: CryptoWall Virus
« Reply #3 on: May 18, 2015, 01:32:36 PM »
Generic advice from Rit is ok but it won't bring your files back.
forums.malwarebytes.org/index.php?/topic/150193-removal-instructions-for-cryptowall/

They use public/private key encryption, meaning you are pretty much fucked (unless there is some kind of bug in the malware, but i think trivial bypasses existed only in the early versions of cryptolocker/ cryptical).

Here are some descriptions that look legit (i checked them out only briefly)

scarybearsoftware.com/news/cryptowall/ (version 2)
deletemalware.blogspot.com/2015/01/how-to-remove-cryptowall-30-virus-and.html ( version 3)

thread about it on stack exchange security.stackexchange.com/questions/80861/cryptowall-3-how-to-prevent-and-how-to-decrypt
Grunt Posts: 216 Karma: +17/-4 ***

Rit

  • Grunt
  • ***
  • *
  • Posts: 216
    • View Profile
    • Rit's Youtube
*

Rit

Re: CryptoWall Virus
« Reply #4 on: May 18, 2015, 01:49:17 PM »
Generic advice from Rit is ok but it won't bring your files back.

Indeed.  I'm unfamiliar with this virus. 
Death Knight Posts: 2819 Karma: +116/-97 *********

Equinox

  • Death Knight
  • *********
  • *
  • Posts: 2819
    • View Profile
Re: CryptoWall Virus
« Reply #5 on: May 18, 2015, 02:09:17 PM »
Terror-Gorefiend said you have to paid them Lol
(ง︡'-'︠)ง "Bitchin!" ®©℗™ Dragon Posts: 6059 Karma: +135/-70 "It's going to be Legen-(wait for it......)-DARY!" **********

EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • *
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #6 on: May 18, 2015, 02:12:07 PM »
Are you still able to move your files out?


Sent from my Motorola DynaTAC 8000X using Tapatalk
Peon Posts: 8 Karma: +0/-0 **

Howl

  • Peon
  • **
  • Posts: 8
    • View Profile
    • Warcraft2Online
Re: CryptoWall Virus
« Reply #7 on: May 18, 2015, 02:20:05 PM »
the original files were removed and only encrypted copies are left (useless without the key).

I would strongly advise against moving any files to another computer with important data on it (if you don't know what you're doing), cause by accident you may infect other one as well.
(ง︡'-'︠)ง "Bitchin!" ®©℗™ Dragon Posts: 6059 Karma: +135/-70 "It's going to be Legen-(wait for it......)-DARY!" **********

EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • *
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #8 on: May 18, 2015, 02:31:50 PM »

the original files were removed and only encrypted copies are left (useless without the key).

I would strongly advise against moving any files to another computer with important data on it (if you don't know what you're doing), cause by accident you may infect other one as well.


Only way to guarantee 100% that you are rid of the virus is to reformat and reinstall OS...what OS are you currently running?


Sent from my Motorola DynaTAC 8000X using Tapatalk
Grunt Posts: 89 Karma: +2/-0 ***

[TD]Medivh

  • Grunt
  • ***
  • Posts: 89
    • View Profile
Re: CryptoWall Virus
« Reply #9 on: May 19, 2015, 12:12:03 PM »
Actually i have Windows 7 installed , i cant move files to anywhere , since if i plug in a USB it istantly gets infected , by now all my USB pens are infected , same thing for DVD's and CD's, ive never seen something like this.
I Cannot even run the backup program since this virus deleted all old images of the system , shadow images included. I didnt create any restore point with dvd's or anything.
Seems like the only way to get back my files is to pay the fucker, i won't do it tho.
(ง︡'-'︠)ง "Bitchin!" ®©℗™ Dragon Posts: 6059 Karma: +135/-70 "It's going to be Legen-(wait for it......)-DARY!" **********

EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • *
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #10 on: May 19, 2015, 01:02:04 PM »

Actually i have Windows 7 installed , i cant move files to anywhere , since if i plug in a USB it istantly gets infected , by now all my USB pens are infected , same thing for DVD's and CD's, ive never seen something like this.
I Cannot even run the backup program since this virus deleted all old images of the system , shadow images included. I didnt create any restore point with dvd's or anything.
Seems like the only way to get back my files is to pay the fucker, i won't do it tho.

Just reformat.


Sent from my Motorola DynaTAC 8000X using Tapatalk[/td][/tr][/table]
Grunt Posts: 89 Karma: +2/-0 ***

[TD]Medivh

  • Grunt
  • ***
  • Posts: 89
    • View Profile
Re: CryptoWall Virus
« Reply #11 on: May 19, 2015, 03:06:25 PM »
Ya , i think its the only solution ,but what about the files?
Lost forever?
Ogre Mage Posts: 2345 Karma: +123/-179 ********

I hate naggers

  • Ogre Mage
  • ********
  • *
  • Posts: 2345
    • View Profile
Re: CryptoWall Virus
« Reply #12 on: May 19, 2015, 03:40:18 PM »
Ya , i think its the only solution ,but what about the files?
Lost forever?
have you even read howl's post dummy[/td][/tr][/table]
"The Architect" Global Moderator Dragon Posts: 5093 Karma: +204/-111 *****

Certified MENSA Genius Brain (smart)

  • "The Architect"
  • Global Moderator
  • Dragon
  • *****
  • *
  • Posts: 5093
    • View Profile
Re: CryptoWall Virus
« Reply #13 on: May 19, 2015, 04:58:17 PM »
This virus sounds badass.
(ง︡'-'︠)ง "Bitchin!" ®©℗™ Dragon Posts: 6059 Karma: +135/-70 "It's going to be Legen-(wait for it......)-DARY!" **********

EviL~Ryu

  • (ง︡'-'︠)ง "Bitchin!" ®©℗™
  • Dragon
  • **********
  • *
  • Posts: 6059
  • "It's going to be Legen-(wait for it......)-DARY!"
    • View Profile
    • Clan EviL Official Page
Re: CryptoWall Virus
« Reply #14 on: May 19, 2015, 04:59:29 PM »

Ya , i think its the only solution ,but what about the files?
Lost forever?

From what your telling me about the virus behavior, yes i would say so...


Sent from my Motorola DynaTAC 8000X using Tapatalk[/td][/tr][/table]