1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

cryptowall-virus-removal

Discussion in 'Virus & Other Malware Removal' started by dpwalter, Mar 28, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. dpwalter

    dpwalter Thread Starter

    Joined:
    Mar 28, 2015
    Messages:
    1
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz, x86 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 1021 Mb
    Graphics Card: NVIDIA GeForce 8400M GS, 256 Mb
    Hard Drives: C: Total - 108532 MB, Free - 86099 MB;
    Motherboard: Dell Inc., 0KY768
    Antivirus: Norton AntiVirus, Updated: Yes, On-Demand Scanner: Enabled
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi and welcome. :)

    Unfortunately, we still unable to reverse the damages done by this virus. All your files, in all drives are encrypted, but there is no easy way to decrypt these files. You can read about this virus here:

    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information#restore

    BleepingComputer.com has created a small utility that will find the Registry key created by CryptoWall and then export its list of encrypted files to a text file for you. This tool will also allow you to backup the encrypted files to another location in the event that you want to archive the encrypted files and reformat the machine. If you wish to generate a list of files that have been encrypted, you can download the ListCWall tool.

    There is an active CryptoWall support topic, which contains discussion and the experiences of a variety of IT consultants, end users, and companies who have been affected by CryptoWall. If you are interested in this infection or wish to ask questions about it, please visit the CryptoWall support topic. Once at the topic, and if you are a member, you can ask or answer questions and subscribe in order to get notifications when someone adds more information to the topic.

    http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/


    IDTool:

    [​IMG] Scan with IDTool

    Please download IDTool by Nathan and save the file to the desktop.
    It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
    • Enter the IDTool directory, right-click on [​IMG] icon and select [​IMG] Run as Administrator to start the tool.
    • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
    • Wait patiently until the cool will collect necessary data.
    • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
    • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
    • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.
    Please include that in your next reply.

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
     
  3. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,588
    Thanks, JSntgRvr, this is a co-worker's rig. :)
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    You are welcome, valis. Although this is a very bad infection.
     
  5. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,588
    ouch. Not what I wanted to hear. If necessary, I saved the ADW log on his desktop, but I'm thinking you don't need that.

    Don, if you decide to reformat, let me know, take me to lunch and I'll do it for you.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145605

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice