Jump to content

CryptoWall 3.0 Infection


Recommended Posts

Hi,

Yesterday (29 Jan '15) I logged on to my Win8.1 PC to find HELP_DECRYPT files on my desktop, and the .txt file open in notepad on my screen. I DID NOT have Malwarebytes installed at the time.

I researched the subject, found out it was CryptoWall 3.0 (as per the HELP_DECRYPT files) and saw that all my docs and images were encrypted. I was able to download Malwarebytes and run it to neutralize 6 threats that were detected. I repeated the scan after starting in safe mode, and I also repeated the scan on the other users' account. These scans did not turn up any threats.

From all accounts I have no hope of decrypting the files that have been lost since I have no desire to pay the ransom. I'm okay with that since all my critical info is backed up on an external drive. My question is this:

How can I be sure I have eliminated the infection before I restore my backup? All I have done is run MBAM repeatedly (on all user accounts), in addition to running Avast AV a couple of times. I have disabled add-ons on both IE and Chrome that seemed unnecessary. Now when I startup the HELP_DECRYPT files don't open automatically though they are still on the desktop as well as in the encrypted folders.

So, can I be sure I have removed the threat, and is it safe to restore my docs from external backup?

 

Thank you in advance for any assistance anyone can offer me.

 

Link to post
Share on other sites

Hello, 
 

I repeated the scan after starting in safe mode

Malwarebytes Anti-Malware is designed to run in Normal Mode. Whilst updated versions of the software have seen an increase in Safe Mode functionality, the programme should first and foremost be run in Normal Mode unless this is not possible. 
 

From all accounts I have no hope of decrypting the files that have been lost since I have no desire to pay the ransom.

There is a chance. Granted it's small, but it's a chance nevertheless. 
Recovery of encrypted files may be possible with the use of Shadow Volume copies and third party recovery software. 
 
As part of CryptoWall 3.0's routine, the infection will attempt to delete Shadow Volume copies and securely delete original files affected. However, the infection is not always successful in doing so. If you didn't have a backup, these are options which would be worth looking into. 
 

How can I be sure I have eliminated the infection before I restore my backup?

I suggest seeking help in the Malware Removal Help section of this forum.
Please ensure you read I'm infected - What do I do now? prior to posting, and include the requested logs in your post.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.