Anyone knows anything about that virus?
My father's pc just got infected , and seems like theres no way to remove it or get back the crypted files without paying a ransom of like 800 USD through bitcoin to the virus maker.
Actually ive tried all traditional solutions, ComboFix itself failed.
Looks like 4/5 of italian ppl got infected by that virus.
Is there anyone in this community that can tell me what i can do?
Generic advice from Rit is ok but it won't bring your files back.
the original files were removed and only encrypted copies are left (useless without the key).
I would strongly advise against moving any files to another computer with important data on it (if you don't know what you're doing), cause by accident you may infect other one as well.
Actually i have Windows 7 installed , i cant move files to anywhere , since if i plug in a USB it istantly gets infected , by now all my USB pens are infected , same thing for DVD's and CD's, ive never seen something like this.
I Cannot even run the backup program since this virus deleted all old images of the system , shadow images included. I didnt create any restore point with dvd's or anything.
Seems like the only way to get back my files is to pay the fucker, i won't do it tho.
Ya , i think its the only solution ,but what about the files?have you even read howl's post dummy[/td][/tr][/table]
Lost forever?
Ya , i think its the only solution ,but what about the files?
Lost forever?
This virus sounds badass.
Terror-Gorefiend said you have to paid them Lol
Terror-Gorefiend said you have to paid them Lol
You are a dimwit fucking faggot. Howl said exactly what had to be said. His files have been encrypted and no amount of antivirus/malware cleanup will clean his shit up. He effectively needs to pay to get his files back.
@Medivh: You effectively need to pay. Nothing you can do about it.
Here are two excellent reads.
"and just as with CryptoWall, this TeslaCrypt variant's encryption scheme has yet to be cracked. Once files are encrypted, the only way to recover them at present is to pay the malware's masters. "
[url]http://arstechnica.com/security/2015/03/cryptolocker-look-alike-searches-for-and-encrypts-pc-game-files/[/url] ([url]http://arstechnica.com/security/2015/03/cryptolocker-look-alike-searches-for-and-encrypts-pc-game-files/[/url])
[url]http://arstechnica.com/security/2014/06/we-will-be-paying-no-ransom-vows-town-hit-by-cryptowall-ransom-malware/[/url] ([url]http://arstechnica.com/security/2014/06/we-will-be-paying-no-ransom-vows-town-hit-by-cryptowall-ransom-malware/[/url])
To put EQ's advice of running anti malware software into context, this moron told koorb to install graphic drivers in Windows when Koorb was having problem to detect his card on POST/boot. (Answer: Change setting in BIOS so that it detects the card first instead of looking for onboard graphics (PCI-E) )
LOLOLOL. What a stupid 'computer engineer' that faggot is.
If the encrypted files arent the original ones, then were are they?youre a fucking retard and an idiot, how many times will you ask for things included in howls post
yeah i just gave him some tips and some tools to use.
i goggled around and read that basically his only options are :
- recovering the files using file recovery tools
(since what cryptowall does is, make a copy of the files with encryption then deleting the original files),Spoilerthe factor here is wether cryptowall did a secure delete or a standard delete, i read that cryptowall 2.0 and below use standard delete, its unknown wether 3.0 does secure delete or standard, but even if its secure delete they are still recoverable but require more thorough method, it is more time consuming, and the filenames would be lost.. you would be recovering files based on extensions, but recoverable :P)
told me its a 1tb hard drive, he told me he downloaded 2 spyware apps onto hard drive which may have decreased his chance of recovering but has 900megs free so its chances of recovering are high in my opinion.
- or recovering from system restore points
he told me system restore points were apparently deleted.
told him , that cryptowall may have only deleted the registry entries for the system restore points but the actual system restore points may still be there. (may be those are still there on the system volume info folder)..
and if they are thats the the best and easier way to go on recover the files.(using shadow explorer)
but he didnt have access to the infected computer at the moment.
so, getting access to system volume info folder is about giving permisions, if u get stuck pm me when ur at the computer ill teamview and enable its readability, no prob.
looks like medivh was pwned by viruz!