Help_Decrypt.xxxx

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Any method of restoring any of those files? A friend's computer got infected  
and I was just wondering if any 'new' ideas came out on how to restore those  
files? I have been doing some searching in Google.
He doesn't really need much of what is on his Gateway Vista laptop, so I may  
have to try a Factory Restore from the Recovery on his D drive. It might  
have been CryptoWall 3.0. He had System Restore turned off (or the virus  
removed them) so the last Restore point indicated 2009
Does that virus also screw up programs or just docs, jpgs, etc. He does not  
have the original Vista disk and I will have to find his license (product)  
key. Not familiar with Vista at all.
I seem to have cleaned out the virus, but I guess that is the easy part. I  
used MBAM, SAS, Adwcleaner, Avast and HitMan Pro. All show clean now.
Thanks
Buffalo  


Re: Help_Decrypt.xxxx

Buffalo laid this down on his screen :
Quoted text here. Click to load it

Restore them from the backups. I know, I know, but it has to be said.

No Vista OS disc might mean it has a restore to factory/recovery  
partition instead.



Re: Help_Decrypt.xxxx

"FromTheRafters"  wrote in message  
Quoted text here. Click to load it
Yes, it has a Recovery partition.
He didn't even have System Restore turned on, let alone any backups. :)
I just posted in case someone found a 'new' way to recover those files.
--  
Buffalo  


Re: Help_Decrypt.xxxx

Buffalo used his keyboard to write :
Quoted text here. Click to load it

When they used cheap encryption or just dirty tricks to make you think  
it had encrypted files the possibility was there to recover without  
paying the ransom. I think that they use RSA with a 2048 bit key now.



Re: Help_Decrypt.xxxx


Quoted text here. Click to load it

This is a Crypto Trojan, not a virus, and uses the MS Crypto API.  
Decrypting is not possibe; without a key.

System Restore would not help.  It works on EXE, DLL, the Registry and OS  
constructs.  It does not work on data files which is what ransomware  
targets.



--  
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Help_Decrypt.xxxx

"David H. Lipman"  wrote in message  
Quoted text here. Click to load it
Thanks for that. Yep, a trojan and not a virus it is. It seems as if some  
part to the operating system is messed up also.
I am going to try to find a Vista HP 32 bit download online and attempt a  
repair install. If that is not successful, I will try the Factory Recovery  
which is on the D drivel
Thanks,
--  
Buffalo  


Re: Help_Decrypt.xxxx

"David H. Lipman"  wrote in message  
Quoted text here. Click to load it
I did a factory recovery and it worked.
Now I'm back to around 2007.  :)
--  
Buffalo  


Site Timeline