Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptowall 3.0


  • This topic is locked This topic is locked
2 replies to this topic

#1 Wenxa

Wenxa

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 28 November 2015 - 04:52 PM

Found 4 folders on a network shared drive with the 3 HELP_DECRYP files in each of the 4 folders 4 days ago.

Deleted the folders ,restored from backup, ran ListCwall  script on server = nothing encrypted.

On the hunt for source PC. Scanning with NortonPowerEraser,  running listcwall, checking the registry keys and user account files mentioned in your fine article.

Have searched every folder on shared File server 3 separate times

  Believe I found one source and it off network now. Still have some PC's to get to that are on my top suspect list .

  Have looked at ransom site, have 4 days til deadline.  Have found NO encrypted files yet on our network.

So my question is ... have we lucked out?  Shouldn't we have encrypted files with changed file name by now ?

Thanks for all ya'll do !



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:46 AM

Posted 02 December 2015 - 01:25 PM

Yes, your files should have been encrypted by now if you were fully infected.

Since you were only asking a question I am going to close the Topic. If necessary you can review or post in the Cryptolocker Support Forum.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:46 AM

Posted 02 December 2015 - 01:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users