Posted 14 October 2014 - 02:58 PM
A customer just called me and quoted the cryprolocker/cryptowall ransom note. While I am well versed in computer repair and virus removal, this is a whole new barrel of fish for me. So I would like some help recovering the data.
THE SITUATION: Older desktop, unknown security. Massive spy/virus infection suspected from complaints of popups and search hijacks
Left computer on at 6pm PST last night. Came back to Cryptolocker script. No idea how long it has been on there, but I'm suspecting it has been for a while so the volume shadow copy service is probably not a viable solution. She does have dropbox, but I doubt it has been used
THE PROBLEM: We are not sure if she has a backup. When asked if she had an external hard drive, she responded "what, like a zip drive?" leading me to think that if any backups exist they're probably just individual files on a thumb drive.
THE PROCESS: We need to recover the encrypted data into an un-encrypted form, and transfer it to a new computer.
I am asking for help, since last time I went ahead and tried to remove a new/not well documented infection on my own, I ended up triggering zeroaccess and butchering the TCP/IP stack.
Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum.~ Animal