To whom it may concern:
Happy New Year! To kick it off in style, all my memories have been nicked.
I've been targeted by ransomware which I've somehow foolishly let onto my system. It's giving me a countdown of 50hrs to cough up one bitcoin. I've tried www.decryptcryptolocker.com, which doesn't recognise any of the encrypted files as encrypted, leading me to believe this is a copy cat program and not the true Cryptolocker.
Not all files have been encrypted, which is slightly odd; I wouldn't mind so much about what has been lost if it weren't for the fact that all my photographs are currently encrypted, posing the loss of much sentimental value.
I have looked into Shadow Explorer, Decryptolocker and the "Past Versions" tab of Properties. No joy.
The Exe for the virus itself is located in AppData/WinCL. The Exe is called WinCL.exe.
As such, my questions are twofold:
1) Is there any chance of getting my files back, or are they irretrievable?
2) How can I purge my system of this virus? I use Avast, which was pretty good up until now - but even a direct scan of the Exe comes up as "no threat"!
I hope that someone may hear my plea. Please find attached a screenshot of the ransom demand in order to aid identification of this virus.
P.S.: It appears that WinCL is a front program which brings up the ransom demand screen which I have attached, enabling you to pay them.
Edited by hamluis, 03 January 2015 - 08:06 AM.
Moved from Win 8 to General Security - Hamluis.