I am working an important jobs here at the shop, attempting to help a tech with a important high level client job. Client brought in 2 notebooks with very important case files on them, we knew both were highly infected units, one appears to have all files encrypted.
both systems, did not have the normal crypto-locker splash page. removed most infections but on one we found ESET Endpoint found 22,000 files flagged as filelocker.exe Classified as Trojan. spoke with clients and they state they have never encrypted anything on any of there machines. even after full Virus removal and optimization, i cannot open the files, i checked several files against the https://www.decryptcryptolocker.com/ which states the file is not a crypto-locker file. I assume this is either a variant of cypto that fire eye doesn't have
the private key in there database or possibly it really isn't crypto but is corrupted past the point of retrieval or possibly some new variant of encryption software
things i have tried are
previous version (shows there are none)
shadow explorer (no luck)
and everything here http://support2.microsoft.com/kb/2362088
The System Does have Restore points available
pretty much looking for any suggestions to help me get the data out of the most important case file for the client.
looks like most of the files like this were uploaded from dropbox. told clients not to use dropbox until we verified its contents are safe to use.