Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

blindpayallfor CRYPTOWALL


  • Please log in to reply
5 replies to this topic

#1 jyang747

jyang747

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 21 October 2015 - 03:01 PM

I've been infected, if I pay, will I be able to get my files unlocked?  Does anyone have any experience?  

I already spent $50 this morning on a computer consultant and his knowledge was as good as mine.



BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,519 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:05 PM

Posted 21 October 2015 - 03:05 PM

If you can download from BC downloads a copy of IDTool and run it, give the results [summary, if exact name's given, give that name].


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 jyang747

jyang747
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 21 October 2015 - 03:27 PM

When I search for IDTool in the downloads section, a tool called "Everything" comes up.  Is this it?



#4 RolandJS

RolandJS

  • Members
  • 4,519 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:05 PM

Posted 21 October 2015 - 03:30 PM

probably not, lemmie try to look too...for idtool.exe -- it might be somewhere else...


Edited by RolandJS, 21 October 2015 - 03:33 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#5 RolandJS

RolandJS

  • Members
  • 4,519 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:05 PM

Posted 21 October 2015 - 03:34 PM

Reason Labs has an idtool.exe -- confirm with a regular BC tech before downloading, let's make sure it's the right idtool.exe  :)


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,383 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 24 October 2015 - 08:31 AM

Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .CTBL, .CTB2, .XTBL, .encrypted, .vault, .HA3, .toxcrypt or 6-7 length extension consisting of random characters?

Did you find any ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a random named .html, .txt, .png, .bmp, .url file.

These are some examples.
HELP_DECRYPT.TXT, HELP_DECRYPT.HTML, HELP_DECRYPT.URL, HELP_DECRYPT.PNG
HELP_TO_DECRYPT_YOUR_FILES.bmp, HELP_TO_DECRYPT_YOUR_FILES.txt, HELP_RESTORE_FILES.txt
HELP_TO_SAVE_FILES.txt, HELP_TO_SAVE_FILES.bmp, RECOVERY_KEY.txt, DecryptAllFiles.txt
DECRYPT_INSTRUCTION.TXT, DECRYPT_INSTRUCTION.HTML, DECRYPT_INSTRUCTION.URL
HOW_TO_DECRYPT_FILES.txt, How_To_Recover_Files.txt, About_Files, encryptor_raas_readme_liesmich.txt
DecryptAllFiles_<user name>.txt, DecryptAllFiles_******.txt file (where * is 6-7 random characters)
RECOVERY_FILES.html, RECOVERY_FILES.txt, Recovery_File_*****.html, Recovery_File_*****.txt
restore_files_*****.html, restore_files_*****.txt, HOWTO_RESTORE_FILES*****.txt (where ***** are random characters)

Once you have identified which particular ransomware you are dealing with, I can direct you to the appropriate discussion topic for further assistance.

Another option is to download and run IDTool created by Nathan Scott (DecrypterFixer), a BleepingComuter Security Colleague. IDTool is a small utility that scans certain files, folders, registry keys and signatures of a system for evidence (known flags) of various crypto malware which helps identify what kind of ransomware infection you are dealing with. The tool will provide a list or text generated report of what was found and then provide the correct support links where you can receive assistance with that specific ransomware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users