Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected on Win 7 with TeslaCrypt 3.0 with extension .micro


  • This topic is locked This topic is locked
3 replies to this topic

#1 Puu

Puu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 07 February 2016 - 04:43 PM

Hi All here,

 

Since 24 hours now infected. Can't get rid or find the sucker. System restore points got all deleted, can't find the worm in regedit.exe

Every file (Doc, docx, JPG) and so on in folders  are not to open, they show the micro extension.

Already thinking of reinstalling windows 7, but would loose some important files that I missed to backup in the last 7 weeks.

Any suggestions highly appreciated.

 

Aloha

puu

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 09 February 2016 - 08:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I'm afraid I have bad news for you.
Your infection is describled here.
http://www.bleepingcomputer.com/virus-removal/teslacrypt-alphacrypt-ransomware-information

and here

http://www.bleepingcomputer.com/news/security/teslacrypt-3-0-released-with-new-encryption-algorithm-and-xxx-file-extensions/

There is nothing we can do to restore the files you did not backup.
Read the information and if you wish us to clean what we can from this computer then run the following tool.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Yocan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

You can restore the files from your Backup.

Wait for further instructions.

#3 Puu

Puu
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 09 February 2016 - 12:31 PM

Mahalo nui loa nasdaq for your reply and links. After hours of resurch I am clear that my files are lost. (:-(((

 

I already deleted all files on my Win 7 laptop and uninstalled all programs to start fresh from scratch. Problem now is, my recovery disk did not work properly to let me format the harddrive. It only could reinstall windows and it showed up in  a different partition, leaving the old win files on C:  .

I tried to format via cmd but could not process it because it gives a warning that I format operating system.

I fear if I force it (how is a good question?) that I will loose access to the computer.

I also fear that the Teslacrypt virus is not removed because of lack of format C: drive.

A second try via recovery disk failed, now the recovery drive is not starting, even in bios setup it is enabled to start from CDROM.

I have my Win 7 serial number from the time when I purchased the laptop but fear it does not help.

Any suggestions how to format my HDD without loosing access are highly appreciated.

With Aloha



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 10 February 2016 - 08:08 AM

This is now a Windows 7 issue.

I suggest you ask now to reformat you compute in the Windows 7 forum. This is not my forte.

p.s.
An expert in that operating system may suggest something else.

http://www.bleepingcomputer.com/forums/f/167/windows-7/

Good luck.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users