I'm new to the forum and hoping someone can help.
I've recently been infected with a virus when I inadvertently pressed the update button for Java. After that, the virus encrypted all my documents with the extension .micro on my Windows 7 system.
I've read as much about this as I can and realise the severity of this and that it is a relatively new extension? To go through all the logs on here may take some time, so I thought it would be quicker if I posted (being a new member )
I tried recovering my documents from restoring previous versions, system restore etc. but all to no avail. There is no option to put my computer back to an earlier date, as there are none...I have to presume they were all removed by the virus?
There is also no way on earth am I paying the ransom. I have used Malwarebytes and successfully removed the virus, double checked with HitmanPro. I then tried to decrypt a document with Stellar Phoenix Windows Data Recovery and Data Recovery Pro but with no luck. I also managed to delete the 100,000 txt, bmp and html files it placed in every folder and sub-folder (that took hours n hours).
I noticed in one folder there is a list of 10 new Notepad txt files, each has 4 lines with some data/code. I presume this is used by the ransomer to track payments etc? or is it vital information for decryptors?
I have some backups from previous months but there is 1 or 2 documents that are very important which were infected as the virus accessed and infiltrated my USB Memory stick. If I could only retrieve those I would be a very happy man. However, they are large excel documents with hundreds of thousands of cells of information, so one may not recover all of it.
My only hope is someone figures out a decryption solution. One other option, and this worked years back, was a friend used Hiren's Bootable CD (with some GUI searchable program, I'm not sure) and he was able to find older versions of documents somewhere hidden in the very depths of the hard drive that were overwritten weeks/months beforehand. This is all I'm after, a version that was saved the day before or week before.
Apart from the obvious decryption option, does anyone know that one can retrieve an overwritten file from the hard drive?
Paspuggie (who has learned the hard way to always make a back-up)
Edited by paspuggie48, 26 January 2016 - 06:55 AM.