Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was infected with some newer version of crypto virus documents all encrypted


  • This topic is locked This topic is locked
2 replies to this topic

#1 kir914

kir914

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 15 January 2015 - 11:53 PM

Hi...I'm new to this site. Stumbled upon it while researching encryption viruses.
Our computer was infected, we brought it to our usual computer repair place and they were able to remove the virus but our documents are

still encrypted and they are at a loss as to how to get them back.

They tried sending an encrypted file through this website https://www.decryptcryptolocker.com/

I think it was set up after the original crypto virus was discovered and the keys from that one were found. I think what we have is a clone of that one as none of the files we sent were able to be opened with that website. 

 

We never saw a ransom demand but I have read that sometimes there is one. All the documents had a really long extension and when opened are just symbols and some letters.

Our computer shop changed all the extensions to DOC.X but that didn't do anything either.

 

I have heard there is no current cure to get the documents back but I'm hoping I've just missed something and there is.

We were not diligent about backing things up and I would  like to not lose everything. Any thoughts?



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:00 AM

Posted 16 January 2015 - 08:13 AM

Hey, :)
I need to know the infection then I may can solve your problem.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:00 AM

Posted 20 January 2015 - 11:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users