Jump to content

Recommended Posts

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

As a follow-up on what you've been saying about lots of crypt files, etc.

It would appear you got the most serious form of this ransomware & that it indeed encrypted a bunch of files/documents, and that it is past the point where any of them "might" have been decrypted.

It would appear that you will have to truly wipe the partitions on the system (ie, so called reformat) and install Windows fresh, install antivirus fresh, plus all your application programs.

IF you had a full-image backup (saved offline) of the system from before the infection, then, a restore from that media would be the one to do.

Share this post


Link to post
Share on other sites

Regarding reformatting: last time, I just used the pre-existing HP software to restore the machine to factory issue from the info stored on the (supposedly read-only) recovery harddisk.

Can I do that again? It claimed to reformat the C-drive, last time.

OTL is currently scanning.

Share this post


Link to post
Share on other sites

OTL.txt is too long to post here. I tried breaking it in half, but it's still too long.

The text file is 1920kb !

It is mostly a list of my encrypted files (hundreds of vacation photos, work PDFs, etc).

Do you want any particular part of the file pasted here?

Share this post


Link to post
Share on other sites

iirc, this is a HP pc. Follow the HP procedure for resetting using factory restore procedure.

If you were not provided a Windows 7 DVD with the purchase, your HP will have a system restore partition on the HDD.

Check on the HP support website for the procedure on proper sequence.

It is time for you to do a factory-restore-reset. All those encrypted files cannot be salvaged.

Save (if not done already) any new files you might have (non-infected) that were not previously saved.

A reset to factory restore will mean the pc is back to day 1 out of the factory. You will have none of your programs that you added over time, none of your documents.

IF HP includes any antivirus app, de-install it immediately after Windows is restored anew.

If you wish to keep Avast, save the Avast setup to an offline media (like flash-thumb-drive).

Your antivirus is the first program to install after Windows is restored.

Next, I would recommend putting on MBAM Pro.

Keep your pc diconnected from the internet until after the system factory restore is done AND

after your antivirus is re-installed.

Never (ever) be without antivirus that is installed and current.

Never (ever) use borrowed (dodgy) programs.

This will be your second (likely) time to have to wipe/pave/re-load Windows from scratch.

Please tighten security practices.

Please follow regular offline backup procedures.

Windows 7 has a backup program that includes ability to make backups and system images.

If you have not used it, I'd suggest doing some reading.

Back up your programs, system settings and files

note: this article has a how-to-video.

http://windows.microsoft.com/en-US/windows7/Restore-files-from-a-backup

Back up and restore: frequently asked questions

Safer practices & malware prevention

We are finished here. Best regards.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.