Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

icepaytor - files corrupted - just want to restore them


  • This topic is locked This topic is locked
2 replies to this topic

#1 Max-a-million

Max-a-million

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 25 April 2015 - 06:38 PM

There are 2 files (png and internet shortcut) in each of my document folders.  I cannot open any of the files in this particular folder and there are several subfolders in it.  I tried to delete the 2 files and it made no difference.  I tried uploading a document to FireEye and it says it isn't infected but I cannot open them.  The virus took my files in the Documents folder and moved it all to another spot.  And I have not clicked on the internet shortcut.  I just want to restore the files and then my computer will be wiped and reloaded by the company I work for......I just need to get the files if at all possible or I am going to lose a lot of hours and have to work weekends for another 6 months.  Please let me know if there is anything I can do.  I'm not as savvy as the rest of you about computers but I am not a beginner.  Here's what one of my files looks like:

 

My document

PNG file that is titled Help_Decrypt

Shortcut file titled Help_DeCrypt

 

There is also a text document in one of the files and a file that says KBSERVICE.BOOTUP.RUNNING that I don't remember seeing before.

 

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:34 PM

Posted 25 April 2015 - 07:23 PM

Welcome aboard p22002758.gif

 

You're infected with Cryptowall ransomware.

More info: http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

 

The infection can be fairly east removed but unless you have some recent backup encrypted files are gone.

Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom on the CryptoWall Decryption Service. Brute forcing the decryption key is not realistic due to the length of time required to break an RSA encryption key. Also any decryption tools that have been released by various companies will not work with this infection. The only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies.

 

If you want to remove infection...

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:34 PM

Posted 26 April 2015 - 06:44 AM

There are also lengthy ongoing discussion in these topics:Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any further questions or comments in one of those topic discussions. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users