Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups and link are redirected


  • This topic is locked This topic is locked
7 replies to this topic

#1 ESSSO86

ESSSO86

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 16 June 2015 - 11:14 PM

Dear Sir,

 
       My Labtop have CryptoWall 3.0 virus.
 
You can decrypt file or not.
 
if you have solution please sent to me.
 
Thank you,

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 18 June 2015 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is the infection - CryptoWall and HELP_DECRYPT Ransomware Information Guide
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Other than paying the ransom if it's not too late there is nothing we can do to restore your files.
I know one thing I would not trust them, your call.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2015-06-15]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 ESSSO86

ESSSO86
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 18 June 2015 - 10:46 PM

My My Fixlog.txt

 

Link:https://www.sendspace.com/file/vocua8


Edited by ESSSO86, 18 June 2015 - 10:48 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 19 June 2015 - 08:30 AM

How is the computer running?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 25 June 2015 - 08:27 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 ESSSO86

ESSSO86
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 25 June 2015 - 10:16 PM

Thank you sir,

 

Now, my computer not have virus. But my file can't use. 

 

If you want to remote my computer. Please let me konw.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 26 June 2015 - 08:24 AM

The files were Damaged by the Cryptowall.
There is nothing you can do to restore them.


Hope you have a backup of these files to restore them.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:56 AM

Posted 01 July 2015 - 01:40 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users