(I was sent here on recommendation from twinheadedeagle from malwaretips but I have not been instructed to do anything related to my machine. I realize that I should only follow one experts instructions and I will follow yours as he has recommended you)
my computer has been infected with cryptowall 2.0. I have the decrypt_instruction and install_tor files in many of my folders and upon visiting the website I have until 11-4-2014 to pay the ransom to decrypt my files. after visiting many many websites and reading things the conclusion I come to seems to be the same:
either I pay the ransom to guarantee my files are returned to me...or I MIGHT be able to restore some piece of them with certain software.
what I know:
my machine needs to be cleaned at some point
the data that has been encrypted MUST be restored (memento in nature)
pay $500 ransom and get files back
ask for help and hopefully receive it allowing partial or total restore of encrypted files
if there is a way to retrieve my files without having to pay $500 I am all about it but my research thus far has not led me to believing this is 100% possible.
my questions are:
should I clean off all malware from computer now or will it interfere with a possible decryption if I decide to pay the ransom later?
can I create a system restore and/or backup NOW and if so what are the negatives (on infected computer - my reasoning behind this is: if someone helps me and we fail at restoring my files can I simply system restore and then pay the ransom)?
my understanding of the situation given that I MUST have the files back is that I will have to pay the ransom. so what is the best order of doing things? clean first, pay ransom, clean again?
I have attached my dds and attach files from dds.exe in order to speed things up.
thank you in advance