Moderator
Did you watch the video linked above? It cleanly, and safely appeared to remove the problem in less than 4 minutes. He even showed examples of the files being encrypted and then afterwards, opening that same text file and you could read it.Originally Posted by John Coloccia
Lasers : Trotec Speedy 300 75W, Trotec Speedy 300 80W, Galvo Fiber Laser 20W
Printers : Mimaki UJF-6042 UV Flatbed Printer , HP Designjet L26500 61" Wide Format Latex Printer, Summa S140-T 48" Vinyl Plotter
Router : ShopBot 48" x 96" CNC Router Rotary Engravers : (2) Xenetech XOT 16 x 25 Rotary Engravers
Real name Steve but that name was taken on the forum. Used Middle name. Call me Steve or Scott, doesn't matter.
Guest
Sorry that your computer got infected - but I am curious, what where you doing when this happened (I would like to avoid a similar occurrence if possible)
Guest
If his backup drive wasn't attached, there would be nothing to restore between the time of the last backup, and the time the infection occurred.
And I wouldn't continue to use an O/S that had been compromised by something as serious as a crypto variant.
Because if I was releasing a crypto variant, I'd build a version that waits thirty days and then does it all again. And if I've thought of that, I imagine the hackers actually doing this have thought of it, and a lot more.
Contributor
The video only works if you're doing shadow copy, and if that particular file is saved unencrypted. It's essentially restoring from backup. There's no practical way to actually decrypt any files without the private key. So it still comes down to if you have a backup or not. If not, you're toast until they catch them and grab the keys off the drives.
Member
If a backup was done, either to the cloud or to an external drive then my advice is to wipe the drive clean and reinstall windows. After restore information to the fresh install, documents etc.
Moderator
I must me watching a different video. The guy used restore on a folder, he didn't do any shadow copying stuff. He clearly solved the problem enough that it changed the encrypted files to non encrypted files. There are now a number of videos online showing how to beat this thing.
As long as your system restore is setup, which is more than likely is, then you should have enough tools to get the job done. What's it hurt to try? It's free to try and you don't have to buy another drive or do any of the other things being mentioned.
It might get you on in and, in the case it did, I'd run a scan on it with some of the tools available and once known to be clean, I'd get my data off there or backed up and then carry on, having a better backup strategy in the future.
You'll know if it works in about 10 minutes. If it doesn't, you're not worse off than you were.
Lasers : Trotec Speedy 300 75W, Trotec Speedy 300 80W, Galvo Fiber Laser 20W
Printers : Mimaki UJF-6042 UV Flatbed Printer , HP Designjet L26500 61" Wide Format Latex Printer, Summa S140-T 48" Vinyl Plotter
Router : ShopBot 48" x 96" CNC Router Rotary Engravers : (2) Xenetech XOT 16 x 25 Rotary Engravers
Real name Steve but that name was taken on the forum. Used Middle name. Call me Steve or Scott, doesn't matter.
Contributor
Some of you aren't reading the thread.
These virii/trojans/etc. get into the Master Boot Record, or MBR. Formatting a drive ain't gonna get rid of it.
Buy a new drive!!!
Never, under any circumstances, consume a laxative and sleeping pill, on the same night
It's not an MBR virus...
Hi-Tec Designs, LLC -- Owner (and self-proclaimed LED guru)
Trotec 80W Speedy 300 laser w/everything
CAMaster Stinger CNC (25" x 36" x 5")
USCutter 24" LaserPoint Vinyl Cutter
Jet JWBS-18QT-3 18", 3HP bandsaw
Robust Beauty 25"x52" wood lathe w/everything
Jet BD-920W 9"x20" metal lathe
Delta 18-900L 18" drill press
Flame Polisher (ooooh, FIRE!)
Freeware: InkScape, Paint.NET, DoubleCAD XT
Paidware: Wacom Intuos4 (Large), CorelDRAW X5
Member
if it does get in there you just have to do an mbr rebuild.
[OP]
Contributor
Many many thanks to all of you for helping me with this nightmare. I had decided to buy a new hard drive and restore from there, when I saw a new ASUS machine on sale and just decided to bite the bullet. The new machine is about twice the speed of my 4 yr old one. God only knows why I need TERABYTE disk drive - Im not a big photo or video guy - but maybe its like horsepower and you can never have too much, huh?It came with Windows 8 and a touch screen - those will take some getting used to. (Every time I get a faster processor, Gates' boys create a more processor-intensive OS. Funny how that works.) But for under $700, the new machine looked like the way to go.
Once again, thank you all!
Fred
[OP]
Contributor
Thats exactly where I got to Phil. Thanks.
[OP]
Contributor
Yeah John, I agree. That data is unrecoverable. And I just could not get comfortable that I could get all of the malware erased with my moderate IT skills. Thanks man!
Contributor
Scott does have a point that IF you currently have shadow copies of the files involved, and you may, you may be able to get them back following the instructions in the video, just like with any other backup. It's all about having a backup. Still, safest is to restore to a different drive, lest you risk encrypting your backup too if you're not tech savvy. But do hang on to that old drive. One day, you may be able to get that data back if you really want it.
I went 20 years without ever having a anti-virus on my personal computers, and I went 20 years without ever having a virus. When Cryptolocker came out, I finally installed some virus protection. It's such a nasty way of attacking a system that I just couldn't take the chance. Now I have a fairly sophisticated backup solution too. It cost a bit of money, but I've been tempting fate too long.
Last edited by John Coloccia; 04-03-2015 at 8:31 PM.
[OP]
Contributor
I'm with you. Plan to keep it as is, on the off chance a solution comes in the future. Thanks!
Member
Frederick, how did you get the infection onto your computer or don't you know?
Chris
Everything I like is either illegal, immoral or fattening
Posting Permissions
Reply With Quote