Computer Gurus

-
bobscuda67

bobscuda67

Well-Known Member
Joined
Aug 27, 2005
Messages
2,117
Reaction score
392
Location
Michigan
My computer has been infected with Cryptowall and all my pictures have been encrypted. I am not going to pay the ransom and was wondering if there is a way to recover the pictures.
I was looking online for a fix but it's not looking to good. Anyone else have this problem?
How did you resolve it?
 
it's probably like the bitcrypt virus I had (they wanted ~$400 to fix it. Yeah, right).
Mine did every picture, text file, pdf, etc. on my system. Fortunately it left the couple terabytes of movies I have alone lol.

I had already formatted and reinstalled everything by the time a (compicated) fix had come out.
Fortunately all my important stuff was backed up on an external drive.
 
From my understanding of it, they usually come in the form of an email attachment. Something a person thinks is important, they click on the attachment and it begins it's process of installing on your PC.


To the OP:

Have you tried a system restore? Restore back a week , or however long ago it was you got it.

I'm not sure that would help or not. IF it does, then after doing that I would install Malwarebytes and do a complete scan of the system.
 
I think I got it through a e-mail. From now on I won't open any e-mails that I don't know who sent it.
I took the computer to a trusted repair shop that helped me before and he removed the virus.
But my photos are still encrypted. I called him today and left a message for him to call me back.
 
from what I found out about it today it's definitely like the bitcrypt that I had.

How these d-bags get away with forcing payment from people to get there files back is beyond me. You'd think there'd be some way to track down where these payments go.


btw, I did find a fix on a website called 'precisesecurity.com' but I 'm always just as afraid of these fixes as I am of the virus itself lol. Your computer guy should know the fix (and if the files suggested on that site work or are just more malware).
 
Have you tried a restart, tapping F8 key to go to SAFE MODE WITH NETWORKING. Then go online, search for Malicious Software removal Tool from Microsoft. MAKE SURE the site is a Microsoft site!!!!!! Install the software, run the scan and hopefully that will remove it. No guarantee, but worth a try. JUST MAKE SURE THE REMOVAL TOOL IS FROM MICROSOFT. That part in caps is very important. Good luck!
 
Take it from an Expert..... There is no way of getting the Data Back.
Heres a little info on the Virus....

[ame="http://www.youtube.com/watch?v=qBXrncdEifo"]CryptoLocker Virus Explained: The Tech Guy 1026 - YouTube[/ame]

[ame="http://www.youtube.com/watch?v=Zcj9RKO3e38"]Virus Advisory: CryptoLocker - How to Protect Yourself - YouTube[/ame]

Note:


Some key lessons:
Antivirus applications by itself will not protect you. All an antivirus can do is detect things that have been around for a while -- long enough to have been found, isolated and forwarded to the virus scanner writers. Once malware is detected, it is trivial to change it so it is missed again.

The fact that most older viruses let you remove them was a fact of the "kindness" of the writers, NOT a marvel of technology. A virus of this type is relatively simple to make, it is easy to change to it is not picked up by malware scanners, and it produces lots of income for the people who wrote it. You can assume we will be seeing MORE of this kind of thing. Note that this video was published over a year ago...and the problem still goes on, the virus publishers have had zero problem staying ahead of the virus detectors.

Do not hope that there will be some technological solution to this. The only way you will "undo" this kind of attack is if the authors made a horrible error, and unfortunately the type of software they use is pretty well tested and understood, it is unlikely such a removal will be found. While some claim the NSA can undo this kind of cryptography, I have seen no evidence that this is true, and they won't do it for you even if they can.

Technology WILL NOT someday "make us safe" -- the malware problem has been GROWING over the last 25+ years, it is getting far more sophisticated and serious. And profitable, so you can assure it will continue to get worse.

Keep your computer updated.

Java is a security disaster. Most people can probably uninstall Java from their computers without serious loss except for games....and you probably shouldn't be playing games on the same machine you use for "serious" work. Note that Java is just a programming language, the problem with it is that it was sold to the world as a "safe" programming language, and that is just completely bogus, but things like browsers are only just starting to treat it as the threat it is.

Adobe products (Flash, Acrobat, etc.) are also huge security problems, though unfortunately, they are more difficult to avoid and used in business applications.

Backups are important, but make sure your backups are NOT attached, you don't want your backups being locked, too!

The lesson I've been trying to teach people for almost 20 years is yes, the Internet is a lot of fun, but it is much like a playground in a war zone -- they are shooting AT YOU, you do have resources they want, and if you are not very very careful, they will win, you will lose.

If you want a one sentence explanation of how to be "safe on the Internet", all I can say is "you aren't". To be a safe car driver, you have to understand how the car works, and all the things that can go wrong. To operate safely on the Internet, you need to understand the computer technology and how it is used against you...and most people aren't willing to do that. Technology won't save us
 
it wont work with system restore because that damn encrypto virus goes and modifies all your files.

NEVER open email attachments sent to you randomly, and dont install stuff from websites that prompt you to install. only do windows updates that is in your start menu.

get adblock for your browser it helps

always keep a backup of your pictures and documents
 
Always keep a backup of your pictures and documents .....
And Never - I say never leave your backup drive attached to your system when not in use. Meaning do your backup and remove the drive and store in a safe place.....
 
Have you tried my suggestion yet? No guarantee, but you never know.
 
Direct quote from a very trusted anti malware source I use.

"Unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom on the CryptoWall Decryption Service. Brute forcing the decryption key is not realistic due to the length of time required to break an RSA encryption key. Also any decryption tools that have been released by various companies will not work with this infection. The only methods you have of restoring your files is from a backup, file recovery tools, or if your lucky from Shadow Volume Copies."

Sorry.

Yes there is something that can be done.
These people need to be turned in and not let the ball drop, but people have better things to do most of the time, so it continues.
It is a Federal offense to change files on a computer that does not belong to you, so how do you like the so called protection of our government now?

It is and has been put on a back burner because of the lack of enforcement resources, so only the people can make a difference.
Now sit back and hold your breath for that to happen.

If you want to be part of the solution you can go to a place like www.badwarebusters.org and donate to the cause, as well as help locate and help stop malware sites.
I am a member here, and do some work/site investigation in my spare time as I have it.
It doesn't take a computer nerd to do it either.
No offense, but you probably have higher priority things to do with your time and money, right?

So here we are.


Now, that being said I have a program called "Recover Deleted" and I have succesfully recovered thousands of files that were deleted. (even from formatted drives)
It works on hard drives as well as thumb (USB) and memory cards alike, and since this virus deletes the original file after in encrypts it you may very well be able to recover at least a good portion of your original un encrypted files.
It will also recover a ton of crap you don't want, but if it's worth it to you to try here it is.

I uploaded it to our server here for download if you want to try it, but know that I have not yet tried it with Win 7 or 8. (never had to so far)

http://www.letsgocomputers.com/programs/recoverdeleted.exe

Pretty much your only option would have been a system resore to an earlier date, but doing that now could undo the fixes that have been made to your system, and may not get your files back anyway due to a system restore is not supposed to affect your saved files and documents in the first place.

But with any MS product, you just never know until you try.

Sorry it took so long for me to see this post.
 
You must log in or register to reply here.
-

Back
Top