Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .CTBL, .CTB2, .crinf, .XTBL, .encrypted, .crypt, .EnCiPhErEd, .vault, .HA3, .toxcrypt
or 6-7 length extension consisting of random characters?
Did you look for any ransom note
? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url
These are some examples:
HELP_DECRYPT.TXT, HELP_YOUR_FILES.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt
HELP_RESTORE_FILES.txt, HELP_TO_SAVE_FILES.txt, RECOVERY_KEY.txt, DecryptAllFiles.txt
DECRYPT_INSTRUCTIONS.TXT, DECRYPT_INSTRUCTION.TXT, HOW_TO_DECRYPT_FILES.txt
How_To_Recover_Files.txt, ReadDecryptFilesHere.txt, Help_Decrypt.txt, About_Files.txt
RECOVERY_FILES.txt, DecryptAllFiles_<user name>.txt, encryptor_raas_readme_liesmich.txt
HOWTO_RESTORE_FILES_*****.txt, DecryptAllFiles_*******.txt (where * are 6-7 random characters)
RECOVERY_FILE_*****.txt, restore_files_*****.txt (where * are random characters)
howto_recover_file_*****.txt, _how_recover_*****.txt (where * are random characters)
how_recover+***.txt, recover_file_*****.txt, (where * are random characters)
Once you have identified which particular ransomware you are dealing with, I can direct you to the appropriate discussion topic for further assistance.
Another option is to download and run IDTool
created by Nathan Scott (DecrypterFixer), a BleepingComuter Security Colleague. IDTool is a small utility that scans certain files, folders, registry keys and signatures of a system for evidence (known flags) of various crypto malware which helps identify what kind of ransomware infection you are dealing with. The tool will provide a list or text generated report of what was found and then provide the correct support links where you can receive assistance with that specific ransomware.