Jump to content

Recommended Posts

here we go again...

 

my customer has gotten infected with Cryptowall 2.0

 

She (or her kids) has lost the USB backup that I made for her.

 

I know that the file encryption cannot be broken, after removing the virus I plan to try to recover them using shadow volume copies and I would appreciate any other suggestions.

 

------------------------------------------------------------------------------------

 

all folders contain the DECRYPT_INSTRUCTION files and MSE returned the following:

 

Detected items  Ransom:Win32/Crowti.A     Severe     Succeeded      

   

Category: Trojan
 
Description: This program is dangerous and executes commands from an attacker.
 
Recommended action: Remove this software immediately.
 
Items: 
containerfile:C:\ProgramData\Windows Genuine Advantage\{05F9AE83-6259-4A45-949D-32FA4AAABC88}\msiexec.exe
file:C:\ProgramData\Windows Genuine Advantage\{05F9AE83-6259-4A45-949D-32FA4AAABC88}\msiexec.exe->[DynDrop]->(VFS:2CAA.tmp)
file:C:\ProgramData\Windows Genuine Advantage\{757BFC44-C1B9-4106-9106-19A52FFEFB7D}\msiexec.exe->[DynDrop]->(VFS:2CAA.tmp\
 
----------------------------------------------------------------------------------------------------------
 
I am attaching the diagnostic logs as described in the following post (and many others).
 
I look forward to getting help and thanks in advance.
 
I have no P2P software and I know that this takes time.
I will not be back at the keyboard until later this afternoon.

 

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites

  • Root Admin

Generally speaking we offer free help to home users only not business users.

 

Personally I would recommend trying data recovery. Then FDISK, Format, and reinstall Windows. Setup ongoing data backups to an external source and setup better protection.

 

That would be the best and fastest choice. I can help you to piece meal clean it up but I would not recommend it, let me know.

 

 

 

Backup Software
 

 

The complexity of finding, preventing, and cleanup from malware
 

Thanks

Link to post
Share on other sites

  • 4 months later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.