Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Restore Solution for Cryptowall?

  • This topic is locked This topic is locked
2 replies to this topic

#1 Raydio


  • Members
  • 2 posts
  • Local time:12:56 AM

Posted 19 November 2014 - 11:38 PM

Like a lot of you guys, I was recently infected with Cryptowall 2.0 and my files are encrypted. Also my "Previous Versions" option with my files doesn't work.


I recently did a data recovery scan with R-Studio.


After doing so, I see a folder containing a bunch of deleted Shadow Copy related files.


Is there any way to restore these files, or any files found during the scan, to restore my files before the virus hit?


If so, how do I go about doing so? Is there a certain folder that contains the un-infected files that were deleted when the virus hit?

BC AdBot (Login to Remove)


#2 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:03:56 PM

Posted 19 November 2014 - 11:58 PM

A repository of all current knowledge regarding CryptoWall & CryptoWall 2.0 is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoWall & CryptoWall 2.0 does and provide information for how to deal with it and possibly decrypt/recover your files. At this time there is no fix tool for CryptoWall.

CryptoWall 2.0 uses its own TOR gateways...see Updated CryptoWall 2.0 ransomware released that makes it harder to recover files.

There is also a lengthy ongoing discussion in this topic: CryptoWall - new variant of CryptoDefense. and several other versions.

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.


If you are infected with this malware and have a sample of the installer or a copy of the email that started all of this, please submit it to http://www.bleepingcomputer.com/submit-malware.php?channel=3


If you wish other information, the General Security area has several topics dating back from September last year, and several updated versions also.


Thanks from BC.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,771 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:56 AM

Posted 20 November 2014 - 07:30 AM

At this time there is no fix tool for CryptoWall. This is a quote from the CryptoWall - new variant of CryptoDefense discussion topic...

Lets clear the air on the recovery process really quick. There is really only the 3 main ways of getting your files back (Their may be come unconventional ways with third party apps, but that doesn't apply to everyone.)

1.) Restore Points - This method is very unlikely as not only would you have to be lucky enough to not have the infection delete them, some times applications like Shadow Explorer cant get every file. But if its an option, thats great! Always check and make sure the virus didn't fail in deleting them.

2.) Backups - This is simply the best option to restore from these infections, But lets face it, not everyone has backed up before getting hit by these things. Please make sure to make this a top priority afterwards. FYI, I am creating a custom Backup application that will allow you to backup files locally without having to worry about infections or OS failure, and has custom features to combat encryption infections. Look out for it soon.

3.) Pay infection - The most unappealing option, but seems to work most of the time.

Post #825 by Nathan (DecrypterFixer)
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users