Results 1 to 10 of 10
  1. #1
    New Lounger
    Join Date
    Aug 2014
    Posts
    6
    Thanks
    8
    Thanked 0 Times in 0 Posts

    Cryptovirus on laptop: ideas how to get files back?

    I've effectively cleaned the virus out of the machine, by searching everywhere I can think to clear out the Cryptowall and Decrypt entries, but all my files are still encrypted.
    I have Vista Home Premium, so the "Previous Versions" tab was not available to me in any folders.
    My shadowcopies were all saved after the virus hit me, so those are all encrypted as well.

    Any ideas on how to decrypt all my files now?

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,581
    Thanks
    5
    Thanked 1,058 Times in 927 Posts
    See if any of the links at recover from cryptovirus help.

    Joe

  3. #3
    New Lounger
    Join Date
    Nov 2012
    Location
    Wilmington, NC
    Posts
    15
    Thanks
    2
    Thanked 1 Time in 1 Post

    Whitehats recover, release keys to CryptoLocker ransomware

    Quote Originally Posted by JayHavister22 View Post
    I've effectively cleaned the virus out of the machine, by searching everywhere I can think to clear out the Cryptowall and Decrypt entries, but all my files are still encrypted.
    I have Vista Home Premium, so the "Previous Versions" tab was not available to me in any folders.
    My shadowcopies were all saved after the virus hit me, so those are all encrypted as well.

    Any ideas on how to decrypt all my files now?
    You may have luck here, the article refers to a Website dedicated to helping folks recover their files without paying the ransom, haven't used it.

    http://arstechnica.com/security/2014...er-ransomware/

    Let us know if it works.

  4. #4
    New Lounger
    Join Date
    Feb 2010
    Location
    Hamilton, Ontario, Canada
    Posts
    3
    Thanks
    19
    Thanked 1 Time in 1 Post
    You may also be able to find some information at Bleeping Computer/Cryptowall site. I apologize I was unsuccesful at including the link. I used IE/Google search for bleepingcomputer + cryptowall.

    Good luck

  5. The Following User Says Thank You to Betsy For This Useful Post:

    T.K (2014-10-08)

  6. #5
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

    The above link is from the Bleeping Computer's site.
    Good Luck
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  7. #6
    New Lounger
    Join Date
    Feb 2010
    Location
    Hamilton, Ontario, Canada
    Posts
    3
    Thanks
    19
    Thanked 1 Time in 1 Post
    Quote Originally Posted by CLiNT View Post
    CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

    The above link is from the Bleeping Computer's site.
    Good Luck
    Thanks for putting the link in Clint.

  8. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    Houston, Texas, USA
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Don't even waste your time

    Quote Originally Posted by JayHavister22 View Post
    I've effectively cleaned the virus out of the machine, by searching everywhere I can think to clear out the Cryptowall and Decrypt entries, but all my files are still encrypted.
    I have Vista Home Premium, so the "Previous Versions" tab was not available to me in any folders.
    My shadowcopies were all saved after the virus hit me, so those are all encrypted as well.

    Any ideas on how to decrypt all my files now?
    I don't know how much research you've done on this subject, but there is virtually no hope of getting your encrypted files back, other than restoring them from a backup. CryptoLocker, CryptoWall, and all the imitators follow best practices in encryption, and nobody is going to be able to crack the key. There have been a couple of isolated situations that made decryption possible for some affected users, but none that apply to CryptoWall.

    You can find more details in my blog post, "CryptoLocker Update," here: http://www.thevirusdoc.com/blog/cryptolocker-update.

  9. #8
    New Lounger
    Join Date
    Oct 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hey! I'm not 100% sure about this, but wont a system restore work?
    I'm not sure if this will bring back the virus though.

  10. #9
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Quote Originally Posted by epeepicky View Post
    Hey! I'm not 100% sure about this, but wont a system restore work?
    I'm not sure if this will bring back the virus though.
    System Restore: NO, now a system image restore, most definitely.
    DRIVE IMAGING
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Build your own system; get everything you want and nothing you don't.
    Latest Build:
    ASUS X99 Deluxe, Core i7-5960X, Corsair Hydro H100i, Plextor M6e 256GB M.2 SSD, Corsair DOMINATOR Platinum 32GB DDR4@2666, W8.1 64 bit,
    EVGA GTX980, Seasonic PLATINUM-1000W PSU, MountainMods U2-UFO Case, and 7 other internal drives.

  11. #10
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,621
    Thanks
    147
    Thanked 877 Times in 839 Posts
    The sooner people get into the habit of creating regular external system images the sooner these Ransomware programs will become defunct - it will also help that they don't click on every tempting button they come across.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •