Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptowall Virus!!


  • This topic is locked This topic is locked
5 replies to this topic

#1 hofnettech1

hofnettech1

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 01 October 2014 - 01:41 PM

Hello!

Has anyone been able to successfully remove the cryptowall virus? Basically what it is telling me is all my files are encrypted I can't open any microsoft files they appear in some crazy font. I ran hitmanpro and detected malware but did not get it on the reboot. Im thinking maybe I can retrieve the files from hard drive physically but Im worried it could infect my external hard drive and possibly the computer i try opening files on . Any ideas or programs that will take this nasty virus off is much appreciated!! :scratchhead:  


Edited by xXToffeeXx, 04 October 2014 - 07:10 AM.
Moved to general security from logs section~


BC AdBot (Login to Remove)

 


#2 hofnettech1

hofnettech1
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 02 October 2014 - 08:24 AM

ALL!!

 

I found a way to get files back!!! :bananas:

 

You basically have to make a shadow copy of the previous files. There is a free program called ShadowExplorer and it works like a dream to shadow copy multiple files at a time!!! 



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:39 PM

Posted 04 October 2014 - 07:12 AM

Hi hofnettech1,

 

I am glad you got your files back, this method will not always work for everyone though.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 PM

Posted 04 October 2014 - 10:14 AM

A repository of all current knowledge regarding CryptoWall is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

There is also a lengthy ongoing discussion in this topic: CryptoWall - new variant of CryptoDefense.

Cryptowall typically deletes shadow copies with vssadmin.exe.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 hofnettech1

hofnettech1
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 06 October 2014 - 10:04 AM

Yes i saw that shadow copies dont always work. However i did run my virus programs and backed up files after i made shadow copies so i feel a little safer. So im guessing if you try a shadow copy before you remove the cryptowall is removed it will delete shadow copies is what you are saying? or will it even delete shadow copies after the virus is gone? Cause i was able to open all files after shadow copies. Thanks guys for your help!



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,393 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:39 PM

Posted 06 October 2014 - 01:24 PM

You're welcome on behalf of the Bleeping Computer community.

If you have any more questions, comments or requests for assistance it would be best (and more manageable for staff) if you posted them in the above topic discussion I linked to.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users