WKC690
asked on
Cryptolocker Ransom Malware
We had an infection on two PC's that was called CRYPTOLOCKER and I have removed it and the other garbage.
However, users on both machines are unable to open any MS OFFICE or ADOBE ACROBAT documents. I hear they are encrypted and must be decoded first. They don't appear to be encrypted.
Has anyone dealt with this or have any advice at all please?
WIN7 64 Bit
2008 Domain Controller
Local drives only affected
This is best I can find and it is not working for me:
http://malwarefixes.com/remove-cryptolocker-virus/
However, users on both machines are unable to open any MS OFFICE or ADOBE ACROBAT documents. I hear they are encrypted and must be decoded first. They don't appear to be encrypted.
Has anyone dealt with this or have any advice at all please?
WIN7 64 Bit
2008 Domain Controller
Local drives only affected
This is best I can find and it is not working for me:
http://malwarefixes.com/remove-cryptolocker-virus/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
looks a lot like the link at the end of my opening post. no....?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi WKC690. Thanks for the "close" suggestion, but I really don't think that my comment answered the question. All I did was link to other EE questions in partial response to the comment by wiglack. I was just loitering in this question to see if a good fix came to light in case I encountered the same nasty. I am inclined to "object" and just suggest that the question be deleted, but thought it better to tell you of this first.
ASKER
Not truly resolved but agreed that no one seems to have a fix waiting for us out there.
Thank you WKC690
Your best information is found at Bleeping Computer. This FAQ is the best place to start:
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
This very long discussion thread has good information in it but is a long read. Most of the information is summarized in the FAQ above:
http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/
More technical details are available here:
http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/#sthash.tSvT6Xq4.dpbs
Most of the news is not good. You may be able to use volume shadow services to restore some files (or restore from a backup).
This thing is nasty. Good luck!
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
This very long discussion thread has good information in it but is a long read. Most of the information is summarized in the FAQ above:
http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/
More technical details are available here:
http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/#sthash.tSvT6Xq4.dpbs
Most of the news is not good. You may be able to use volume shadow services to restore some files (or restore from a backup).
This thing is nasty. Good luck!
A real preventative solution is posted here:
http://www.experts-exchang e.com/Secu rity/Vulne rabilities /Q_2823364 8.html#a39 474622
http://www.experts-exchang
Another way to prevent getting your personal files locked or corrupted is VSS. Had an infection on our file server. I knew we had backup if needed. Luckily VSS was able to restore all files. If you are running XP and later. I recommend enabling Volume Shadow Copy Service on your drives. I would also recommend twice a day copies. Hope this helps someone from this annoying ransomware,
http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/how-to-enable-volume-shadow-copy-in-windows-7/faaf7490-d929-47a6-a12f-1bf100db66e5
http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/how-to-enable-volume-shadow-copy-in-windows-7/faaf7490-d929-47a6-a12f-1bf100db66e5
http://www.malwarebytes.org/