So I already posted this in "windows 7" but maybe I should have posted in "Am I Infected? What do I do?" instead.
I knew deviantart was malicious, always showing video ads and randomly putting up pop-up ads that direct to weird places which if I don't close FAST, will quickly say "are you sure you want to navigate away from this page?" instead of just letting me close it. But there's absolutely nowhere else I could have gotten this garbage. But it is of little consequence where it came from, when it comes to dealing with it. I'm just saying, it was deviantart.
So I killed some task that was using up 50% of my cpu and deleted some file in the temp directory, but I thought that was the end of it, but all the text files in not just my main hard drive, but my external hard drive too (this horrible computer actively attacked something outside of it, how dare it be so intrusive!) now have .xzmpjmd after the .txt and they all are encrypted. It had enough time to do that with a few .jpg files in my documents and my pictures but it didn't do all of the jpg files nor did it get into the other pictures or those on my external hard drive. But all the text files. In addition, there is a file called "DecryptAllFiles 2374878396.txt" in my documents which says this (until ------------, after that it's me talking again, not quoting the text file):
Your documents, photos, databases and other important files have been encrypted
with strongest encryption and unique key, generated for this computer.
Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.
If you see the main locker window, follow the instructions on the locker.
Overwise, it's seems that you or your antivirus deleted the locker program.
Now you have the last chance to decrypt your files.
1. Type the address http://torproject.org in your Internet browser.
It opens the Tor site.
2. Press 'Download Tor', then press 'DOWNLOAD Tor Browser Bundle',
install and run it.\
3. Now you have Tor Browser. In the Tor Browser open the http://23bteufi2kcqza2l.onion
Note that this server is available via Tor Browser only.
Retry in 1 hour if site is not reachable.
4. Copy and paste the following public key in the input form on server. Avoid missprints.
5. Follow the instructions on the server.
So I assume it's probably a RSA key I guess. If the code is 0-9 and A-Z (the only thing missing is the capital latter D and a few of the numbers but it's probably base 36, not 35 or less, it's just those numbers and letters weren't used by chance) and there are 24 sequences of 6 so that's 144*log2(36) or probably 768 bits of encryption. Ugh.
I went to the cryptolocker page and tried some of my files and it said it was not done with that. I have gotten very few results looking for others with this thing.I only got one page with 23bteufi2kcqza2l.onion mentioned and so I was wondering if there was something I could do. Other than paying the bastards, that is. Because I'm not going to do that. For one thing I have heard that all they do is ask for more money. Damn, why did I have to leave my stupid external hard drive plugged in all the time. My computer the traitor, it could have just ruined its own contents.
I do have some examples of "before" and "after", I could upload, if anyone cares. Text files that came with torrents I downloaded that I could download again, or text files I saved on my computer, and then e-mailed to someone, so they're still in the outbox in gmail. None of it is of monetary value, it's just some things owned by a broken man who's been beaten down by the world, and now you all have got to kick me while I'm down and take the last little trinkets from me, like the stories I have written that no one else cares about or the rants I have typed up and saved. Are you happy, world?
Also, I deleted the files from the temp directory before I knew it had done anything lasting, so I can't post them. But there's a file still in my recycle bin, it's called rmbrrsd.html. It's 500 kilobytes. It's from the same time as the attack on my files and as when the "DecryptAllFiles"'s date, which was Saturday 9-20-2014, so it's safe to assume it's related. Should I delete it? Or is it useful somehow? I don't like leaving things in recycle bin for long, I usually delete them by accident.
zip files and adobe acrobat pdf files too. So it zapped all the text files and at least some of the zip files, the adobe acrobat files and jpg images.