My Dad got Cryptowall 3 recently maybe about a week ago from an email (my guess).
I brought his computer home and was able to shutdown most of the virus to allow me to copy off the files he needs from it.
Most are infected some are not.
I have old copies of some of his files and in at least one case I have a copy of a file that is encrypted and the same file not encrypted. Dates match.
I have copies of the EXE and associated files that I could find that infected his computer or are part of the infection. I am not interested in cleaning the computer, as I will be redoing the computer. Combofix caused the computer to blue screen anyways. Yes I know I'm not supposed to use it, I have been using it to clean computers for years now (part of my job).
his computer was windows XP Pro, and I have removed the hard drive, I am installing Windows 7 now on another hard drive.
My question is, does anyone know if it is possible to obtain a decryption key if I have a copy of an encrypted file and the same file not encrypted?
If anyone wants copies of the suspected infecting files I can provide them.