Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Just got infected Crypto something

  • Please log in to reply
3 replies to this topic

#1 cfourkays


  • Members
  • 29 posts
  • Gender:Male
  • Location:Jensen Beach FL
  • Local time:07:43 AM

Posted 01 November 2014 - 11:50 AM

Have a customer's  Dell W-7 machine. Brought in for corrupt OS. Had no access to internet, all browsers, OK CMD prompt.

Copied data, Doc, Pic, Downloads to External HD.

I use d7II and ran all programs and tests. Found a few problems but still no internet.

Used Dells system recovery Datasafe and restored to factory defaults on clean HD.

PC now OK. Did all MS updates.


Started to load the backup from the ext drive and saw a file "crypto_information.txt and "crypto_information.html.

Stopped doing any more transferring and tried to open a couple of files moved back to the PC.


Looks like "crypto whatever" was triggered, was probably on the external drive.

jpg's say "Invalid image"

.doc's say can't open xml file problems with the content.

.pdf's won't open, "...not supported or file damaged.


I ran the  Eset  scanner and it picked up 101 w32/filecoder's and quarantined. I then removed the quarantined files.


I tried uploading some files to the Fireeye Decryption Assistance and it said they were not "Cryptolocker files"


I now have the files on both the external and internal drives encrypted.


Do I have a chance for recovery?






BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,897 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:43 AM

Posted 02 November 2014 - 05:23 PM

I have advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Grinler


    Lawrence Abrams

  • Admin
  • 43,659 posts
  • Gender:Male
  • Location:USA
  • Local time:06:43 AM

Posted 02 November 2014 - 08:37 PM

Any chance you can restore the quarantined files and send them as samples to http://www.bleepingcomputer.com/submit-malware.php?channel=3?

Also can you please submit the "crypto_information.txt and crypto_information.html files to the same address above?

Is there any indication from your client how and when this started happening? Did they open an email attachment and it started?

#4 knight1fox3


  • Members
  • 10 posts
  • Local time:05:43 AM

Posted 11 November 2014 - 04:07 PM

I'd be very interested in the outcome of this.  Also recently was notified that a client of mine had their business network infected.  Currently working with ESET to mitigate.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users