Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptolocker effected files recovery


  • This topic is locked This topic is locked
4 replies to this topic

#1 khmshd

khmshd

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 26 May 2015 - 02:19 PM

hi all,

one week earlier my pc was attacked by famous cryptolocker ransom virus. all of my files are encrypted.

before the deadline i  removed the current Operating system.

formatted C: drive

and installed a new copy of windows 7

 

I thought i will help me in getting my files  back. but to no avail

 

 now my files are having same extension as they had earlier but i  cant open them

 

any body can help?????/

 

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:50 PM

Posted 26 May 2015 - 08:56 PM

What extension do your files have? .ecc, .ezz, .exx, .CTBL, .CTB2, .XTBL, .encrypted, .vault, .HA3 or 6-7 length extension consisting of random characters?

Did you find any ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a random named .html, .txt, .png, .bmp, .url file.

These are some examples.
HELP_DECRYPT.TXT, HELP_DECRYPT.HTML, HELP_DECRYPT.URL, HELP_DECRYPT.PNG
HELP_TO_DECRYPT_YOUR_FILES.bmp, HELP_TO_DECRYPT_YOUR_FILES.txt, HELP_RESTORE_FILES.txt
HELP_TO_SAVE_FILES.txt, HELP_TO_SAVE_FILES.bmp, RECOVERY_KEY.txt
DECRYPT_INSTRUCTION.TXT, DECRYPT_INSTRUCTION.HTML, DECRYPT_INSTRUCTION.URL

Once you have identified which particular ransomware you are dealing with, I can direct you to the appropriate discussion topic for further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 khmshd

khmshd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 27 May 2015 - 01:57 PM

%5EF484B8B773DF2857BE46FFE49E9230AB939DB



#4 khmshd

khmshd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 27 May 2015 - 01:59 PM

this was all i saw on my screen. and then i decided to format C: in order to get rid of this bleep

but after installing a new copy of windows i ws un able to open my files.

I told you that extensions of files are not changed



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:50 PM

Posted 27 May 2015 - 04:14 PM

Looks like PClock (WinCL variant)


You can read about this infection here: Evolution of the PClock ransomware family

There is an ongoing discussion in this support topic: PClock CryptoLocker Ransomware Support and Discussion.

...from the above topic.

Since most of the questions are duplicates I decided to create a short compilation of frequently asked questions...

Fabian Wosar, Security Colleague Post #320

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that support topic topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users