Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Im new here. I got hit with a cryptowall :(

  • This topic is locked This topic is locked
2 replies to this topic

#1 chip707


  • Members
  • 7 posts
  • Gender:Male
  • Local time:05:21 PM

Posted 11 May 2015 - 09:24 PM


Thank you for taking the time to help me out. I've looked thru this website trying to find out what can help me out and just been stuck. Here what happen.

I'm trying to fix my sister computer since she isn't all computer savvy. Her kids started messing with her PC and some how inherited the crypotwall. I did all what I

could do to resolve the virus I think. At first I was limited on use but after a couple of days going round after round i was able to get full use of the computer and use windows essentials.

Things I used to help was hijack this , malwarebyte and ccleaner windows essentials. Now I am stuck with all the files still encrypted and no way to figure out how to get the decrypted. I tried using

photorec but found myself looking at it and making it more complicated then it is it just keeps on moving and adding more time to finish . I literally left it a whole week and still wasn't finished. Here my question 

how do I know if I am completely rid of that virus and how do I get those files decrypted. Once again thank you for who ever takes the time to go out of your way to help it is really appreciated on this side of the PC.



BC AdBot (Login to Remove)


#2 Sintharius


    Bleepin' Sniper

  • Members
  • 5,639 posts
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:21 AM

Posted 11 May 2015 - 11:35 PM

Hi there,

There is currently no way to decrypt files encrypted by CryptoWall without paying the ransom unfortunately.

If you need your machine cleaned, please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

Please see below for some information on CryptoWall.

A repository of all current knowledge regarding CryptoWall, CryptoWall 2.0 & CryptoWall 3.0 is provided by Grinler (aka Lawrence Abrams), in this topic: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoWall (including versions 2.0 & 3.0) does and provide information for how to deal with it. Cryptowall typically deletes all Shadow Volume Copies with vssadmin.exe so that you cannot restore your files via System Restore or using a program like Shadow Explorer...but it never hurts to try. At this time there is no fix tool and Decryption of any CryptoWall Files...is impossible since there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom.

There are also lengthy ongoing discussion in these topics:

To avoid confusion, I have asked a Moderator to close this topic.


#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,099 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:21 PM

Posted 12 May 2015 - 04:58 AM

Please follow the instructions above. This topic is closed.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users