I have received the Ransomware Infection and have tired to use a few scanners to remove the Infection and some but not all the doucmnets are encrypted and i have backup the others to a USD drive.
OS: Windows 7, Windows 7, Windows Server 2008 R2 and 2012 R2 (Multiple infections and possibly spread by shared folders)
I have tried to use the following to detect the virus.
Symantec Endpoint Protection
Sophos Virus Removal Tool
We think we have isloaded the spead of it however not having any luck to remove the infection with the above tools.
We have tired to use the TeslaDecoder but didn't find the key file
There were some weird hidden folders with random names with picture and word files with random names also
Name of the txt file: HELP_RESTORE_FILES_jtqnt
Body of the txt
All your documents, photos, databases and other important files have been encrypted with strongest encryption RSA-2048 key, generated for this computer. Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key. If you see the main encryptor red window, examine it and follow the instructions. Otherwise, it seems that you or your antivirus deleted the encryptor program. Now you have the last chance to decrypt your files. Open in your browser one of the links: https://www.reomesoess.com http://tlunjscxn5n76iyz.djismrkcida45.com https://tlunjscxn5n76iyz.tor2web.blutmagie.de They are public gates to the secret server. Copy and paste the following Bitcoin address in the input form on server. Avoid missprints. 1BE1S6JoeoXrzxbnKwVTF7iU4woLYWqUsY Follow the instructions on the server. If you have problems with gates, use direct connection: 1. Download Tor Browser from http://torproject.org 2. In the Tor Browser open the http://tlunjscxn5n76iyz.onion/ Note that this server is available via Tor Browser only. Retry in 1 hour if site is not reachable. Copy and paste the following Bitcoin address in the input form on server. Avoid missprints. 1BE1S6JoeoXrzxbnKwVTF7iU4woLYWqUsY Follow the instructions on the server.
Edited by timmytheman2, 19 May 2015 - 04:13 PM.