Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoLocker 3.0 Help - Reinstalling Windows Questions


  • This topic is locked This topic is locked
2 replies to this topic

#1 GetFooledAgain

GetFooledAgain

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 09 May 2015 - 07:13 AM

Hi everyone, my Windows 7 PC  has come down with CryptoLocker (posting this on an uninfected laptop), and when I try to use advanced boot options I don't have a Last Known Good configuration. I think this means that I can't use System Restore to fix the problem, and that therefore I have to resign myself to losing my files and re-installing Windows.

 

My questions are as follows:

 

1) Do I need Admin privileges to reinstall Windows? The Microsoft online help says you do for System Restore but doesn't say either way for re-installing. I'm asking as I'd prefer to resolve this myself without having to ask for an Admin password.

 

2) Will CryptoLocker have encrypted all the files I need to re-install Windows using Advanced recovery methods, or can I get anyway without using a boot disc?

 

Thanks in advance for all of your help,

 

GetFooledAgain


Edited by hamluis, 09 May 2015 - 11:11 AM.
Moved from Win 7 to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,378 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:46 AM

Posted 09 May 2015 - 10:34 AM


Although you posted your questions in the Win 7 forum...these are not Win 7 issues, but are malware issues. Best I can do is to post the following.

 

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoLocker Ransomware does and provide information for how to deal with it and possibly recover your data.

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack program. Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

If you only need removal instructions, refer to Malwarebytes Anti-Malware Removal instructions for CryptoLocker.

Thanks
The BC Staff

 

Louis


Edited by hamluis, 09 May 2015 - 11:12 AM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:46 AM

Posted 09 May 2015 - 01:14 PM

I want to make something very clear to any users just now getting to this thread because they were infected by "CryptoLocker"! The real Cryptolocker has been down, and has not returned for awhile now! This means that what ever infection you have, is a new one Fake one! Before EVER considering paying for the ransom you should always make it first priority to ask on the thread first or PM any member to ask for help! Things that will help us identify your infection is Screenshots of any windows, The Ransom Note, and the EXE if you have it..

Nathan (DecrypterFixer), Security Colleague Post #3223

From your description, it appears you are dealing with CryptoWall 3.0 which leaves files (ransom notes) named:
HELP_DECRYPT.TXT
HELP_DECRYPT.HTML
HELP_DECRYPT.URL
HELP_DECRYPT.PNG

A repository of all current knowledge regarding CryptoWall, CryptoWall 2.0 & CryptoWall 3.0 is provided by Grinler (aka Lawrence Abrams), in this topic: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoWall (including versions 2.0 & 3.0) does and provide information for how to deal with it.

CryptoWall does not change extensions on a file and does not leave anything behind once it has finished encrypting and removed itself...the only evidence will be the ransom notes and registry keys. Cryptowall typically deletes (though not always) all Shadow Volume Copies with vssadmin.exe so that you cannot restore your files via System Restore or using a program like Shadow Explorer...but it never hurts to try.

At this time there is no fix tool and Decryption of any CryptoWall Files...is impossible since there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom.

There are also lengthy ongoing discussion in these topics:Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of those topic discussion. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users