Did you watch the video linked above? It cleanly, and safely appeared to remove the problem in less than 4 minutes. He even showed examples of the files being encrypted and then afterwards, opening that same text file and you could read it.
Printable View
Sorry that your computer got infected - but I am curious, what where you doing when this happened (I would like to avoid a similar occurrence if possible)
If his backup drive wasn't attached, there would be nothing to restore between the time of the last backup, and the time the infection occurred.
And I wouldn't continue to use an O/S that had been compromised by something as serious as a crypto variant.
Because if I was releasing a crypto variant, I'd build a version that waits thirty days and then does it all again. And if I've thought of that, I imagine the hackers actually doing this have thought of it, and a lot more.
The video only works if you're doing shadow copy, and if that particular file is saved unencrypted. It's essentially restoring from backup. There's no practical way to actually decrypt any files without the private key. So it still comes down to if you have a backup or not. If not, you're toast until they catch them and grab the keys off the drives.
I must me watching a different video. The guy used restore on a folder, he didn't do any shadow copying stuff. He clearly solved the problem enough that it changed the encrypted files to non encrypted files. There are now a number of videos online showing how to beat this thing.
As long as your system restore is setup, which is more than likely is, then you should have enough tools to get the job done. What's it hurt to try? It's free to try and you don't have to buy another drive or do any of the other things being mentioned.
It might get you on in and, in the case it did, I'd run a scan on it with some of the tools available and once known to be clean, I'd get my data off there or backed up and then carry on, having a better backup strategy in the future.
You'll know if it works in about 10 minutes. If it doesn't, you're not worse off than you were.
Some of you aren't reading the thread.
These virii/trojans/etc. get into the Master Boot Record, or MBR. Formatting a drive ain't gonna get rid of it.
Buy a new drive!!!
Many many thanks to all of you for helping me with this nightmare. I had decided to buy a new hard drive and restore from there, when I saw a new ASUS machine on sale and just decided to bite the bullet. The new machine is about twice the speed of my 4 yr old one. God only knows why I need TERABYTE disk drive - Im not a big photo or video guy - but maybe its like horsepower and you can never have too much, huh? :) It came with Windows 8 and a touch screen - those will take some getting used to. (Every time I get a faster processor, Gates' boys create a more processor-intensive OS. Funny how that works.) But for under $700, the new machine looked like the way to go.
Once again, thank you all!
Fred
Scott does have a point that IF you currently have shadow copies of the files involved, and you may, you may be able to get them back following the instructions in the video, just like with any other backup. It's all about having a backup. Still, safest is to restore to a different drive, lest you risk encrypting your backup too if you're not tech savvy. But do hang on to that old drive. One day, you may be able to get that data back if you really want it.
I went 20 years without ever having a anti-virus on my personal computers, and I went 20 years without ever having a virus. When Cryptolocker came out, I finally installed some virus protection. It's such a nasty way of attacking a system that I just couldn't take the chance. Now I have a fairly sophisticated backup solution too. It cost a bit of money, but I've been tempting fate too long.
Frederick, how did you get the infection onto your computer or don't you know?