Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. here we go again... my customer has gotten infected with Cryptowall 2.0 She (or her kids) has lost the USB backup that I made for her. I know that the file encryption cannot be broken, after removing the virus I plan to try to recover them using shadow volume copies and I would appreciate any other suggestions. ------------------------------------------------------------------------------------ all folders contain the DECRYPT_INSTRUCTION files and MSE returned the following: Detected items Ransom:Win32/Crowti.A Severe Succeeded Category: Trojan Description: This program is dangerous and executes commands from an attacker. Recommended action: Remove this software immediately. Items: containerfile:C:\ProgramData\Windows Genuine Advantage\{05F9AE83-6259-4A45-949D-32FA4AAABC88}\msiexec.exefile:C:\ProgramData\Windows Genuine Advantage\{05F9AE83-6259-4A45-949D-32FA4AAABC88}\msiexec.exe->[DynDrop]->(VFS:2CAA.tmp)file:C:\ProgramData\Windows Genuine Advantage\{757BFC44-C1B9-4106-9106-19A52FFEFB7D}\msiexec.exe->[DynDrop]->(VFS:2CAA.tmp\ ---------------------------------------------------------------------------------------------------------- I am attaching the diagnostic logs as described in the following post (and many others).https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/https://forums.malwarebytes.org/index.php?/topic/146024-diagnostic-logs/ I look forward to getting help and thanks in advance. I have no P2P software and I know that this takes time.I will not be back at the keyboard until later this afternoon. FRST.txt Addition.txt CheckResults.txt
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.