Jump to content

Infected by CryptoWall or HELP_DECRYPT ransomware

dsd911

By dsd911
in Resolved Malware Removal Logs

 Share

Recommended Posts

dsd911

dsd911

Posted
Posted

Greetings,

 

My PC is infected with the CryptaWall or HELP_DECRYPT ransomware.

 

The PC is running Windows 7 32-bit.

 

This PC is on a home network with 2 other PCs and 2 other Macs connected via a LAN switch.

 

I have noticed from the ListCWall log (from reading some of the other posts on this board) that the ransomware has already infected (encrypted) files on atleast one of my other PCs - since I had set up some Mapped Drives on the currently infected PC.

 

I will really appreciate it if someone could walk me through :

a) Identifying and completely removing the ransomware.

b) Possibly regaining the files which are encrypted.

c) Identifying and segregating the encrypted files to a separate location (DVD?) - for later recourse.

d) Setting it up so I don't get this or any other malware infection again.

 

I also really need to know if I should keep the other networked PCs on - or shut them down.

 

If the networked PCs have been infected via Mapped Drives, will they propogate the ransomware further and end up encrypting more files on other network PCs?

 

Thanks much - in advance.

Link to post
Share on other sites
dsd911

dsd911

Posted
  • Author
Posted

While I run the Farbar Recovery Scan Tool and post the log - I thought it relevant to inform - that there are 3 x 2TB HDDs on my infected PC.

 

When I was hit by the infection to begin with (earlier today), I rebooted my PC (thinking it might be some unrelated issue) - but when the PC rebooted (very slowly at that), I noticed that out of the 3 HDDs, one doesnt even show up in Explorer any more.

 

Does this mean that the entire HDD's contents are encrypted? Is this ransomware capable of disabling a drive that's physically connected to the motherboard?

 

I have Farbar running on the PC now - so I am not in a position to reboot it once again to see if the third HDD shows up again or not.

 

Any leads on what this could be?

 

 

PS: I've removed utorrent completely from my PC - although it was rarely used in the first place. I dont think I have any other cracked or P2P software on my system.

 

 

Addition.txt

FRST.txt

Link to post
Share on other sites
  • 3 months later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept