Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Laptop infected

  • This topic is locked This topic is locked
2 replies to this topic

#1 topitop


  • Members
  • 2 posts
  • Local time:08:28 PM

Posted 16 December 2015 - 04:50 AM

A few days ago my laptop(W7 ultimate) was infected by TelsaCrypt. I thought I stoped it( of course can't decrypt) but it wasn't: after changing pdf, doc, jpg(all type of picture files) extension to vvv extension, now is changing the whole name of the files(for example: *.pdf.vvv now 1xg6l9lv.n37). I need to stop it, I really don't want to format the disk(I hope in a few weeks someone will find a way to decrypt - I need back my files :) ). There is not even one firewall working - I can't start one. I have to be honest: from 12.12(the day of infection) I've "worked" on it: cleaning, changes, etc.


Thank you in advance for your help,


Edited by hamluis, 16 December 2015 - 09:49 AM.
Moved from MRL to General Security - Hamluis.

BC AdBot (Login to Remove)


#2 topitop

  • Topic Starter

  • Members
  • 2 posts
  • Local time:08:28 PM

Posted 16 December 2015 - 06:20 AM

At least after a few attempts I've started comodo firewall.

Any ideas how to really stop this TeslaCrypt?

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,954 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 16 December 2015 - 10:40 AM

Welcome to BC

A repository of all current knowledge regarding TeslaCrypt, Alpha Crypt and newer variants is provided by Grinler (aka Lawrence Abrams), in this topic: TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

From the above FAQ Guide....What should you do when you discover your computer is infected with TeslaCrypt or Alpha Crypt

Many crypto ransomware variants are typically programmed to automatically remove the malicious files responsible for the infection after the encrypting is done since they are no longer needed. However, if another piece of malware was responsible for installing it, then that could still be present if your antivirus did not detect and remove it.

If you need individual assistance ONLY with a malware infection, you should follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

If you choose to follow the above instructions and post a FRST log, please reply back in this thread with a link to the new topic so we can closed this one. If not, at least you know doing that is an option available to you.

Information about and support for decrypting files affected by Alpha Crypt & TeslaCrypt ransomware can be found in this topic:Also see here for possible decryption information with each version.

There is an ongoing discussion in this topic where you can ask questions and seek further assistance.Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users