Cryptolocker Ransom Malware

We had an infection on two PC's that was called CRYPTOLOCKER and I have removed it and the other garbage.

However, users on both machines are unable to open any MS OFFICE or ADOBE ACROBAT documents. I hear they are encrypted and must be decoded first. They don't appear to be encrypted.

Has anyone dealt with this or have any advice at all please?

WIN7 64 Bit
2008 Domain Controller
Local drives only affected

This is best I can find and it is not working for me:

http://malwarefixes.com/remove-cryptolocker-virus/
WKC690Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Haresh NikumbhSr. Tech leadCommented:
try with malware bytes one of the best antimalware prgram

http://www.malwarebytes.org/
0
WKC690Author Commented:
Mbam has been a favorite tool for a long time. Mbar, Rkill, TDSKiller, Kaspersky stand alone, Stinger and others.

I have not yet found a direct solution to this and since I backup data like a real IT should we simply restored as it was faster than hunting down solution. But I am STILL looking for a way to remove this for future use when someone has no backups.... which is usually the case.
0
wiglackCommented:
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

WKC690Author Commented:
looks a lot like the link at the end of my opening post. no....?
0
BillDLCommented:
The URL was probably still in his clipboard ;-)
http://www.experts-exchange.com/Q_28242636.html#a39526568
http://www.experts-exchange.com//Q_28249294.html#a39526566
Sorry WKC690, I don't know enough about this malware to make any suggestions and I would just be googling the same as you have done already.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BillDLCommented:
Hi WKC690.  Thanks for the "close" suggestion, but I really don't think that my comment answered the question.  All I did was link to other EE questions in partial response to the comment by wiglack.  I was just loitering in this question to see if a good fix came to light in case I encountered the same nasty.  I am inclined to "object" and just suggest that the question be deleted, but thought it better to tell you of this first.
0
WKC690Author Commented:
Not truly resolved but agreed that no one seems to have a fix waiting for us out there.
0
BillDLCommented:
Thank you WKC690
0
scotruCommented:
Your best information is found at Bleeping Computer.  This FAQ is the best place to start:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

This very long discussion thread has good information in it but is a long read.  Most of the information is summarized in the FAQ above:

http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/

More technical details are available here:

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/#sthash.tSvT6Xq4.dpbs

Most of the news is not good.  You may be able to use volume shadow services to restore some files (or restore from a backup).

This thing is nasty.  Good luck!
0
Giovanni HewardCommented:
0
ShapiroSherCommented:
Another way to prevent getting your personal files locked or corrupted is VSS. Had an infection on our file server. I knew we had backup if needed. Luckily VSS was able to restore all files. If you are running XP and later. I recommend enabling Volume Shadow Copy Service on your drives. I would also recommend twice a day copies. Hope this helps someone from this annoying ransomware,


http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/how-to-enable-volume-shadow-copy-in-windows-7/faaf7490-d929-47a6-a12f-1bf100db66e5
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.