Crypto Virus

have server shared drive with word and Excel 2007 a user recieved Cryptolock virus warning. ran malewarebytes on user seemed to remove virus but now docs are displaying garbaled. I pulled from backup docs they are also displaying garbled. tried pandaaunransom recovery and it could not find encrypted files. please advise.
ajc2cAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MacroShadowCommented:
Unfortunately you are out of luck. Your only hope is offline backup, that is if you have one.
http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-5#entry3153406
0
Sushil SonawaneCommented:
Run server in safe mode then scan with you antivirus and check.
0
aadihCommented:
You could try system restore, but most probably what MacroShadow says is right: "you are out of luck". :-(
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

Dave HoweSoftware and Hardware EngineerCommented:
panda's unransom works well, but usually requires you have an unencrypted copy of an existing (encrypted) file. I usually suggest looking in email for files that were sent (as the email sent copy is often uncorrupted) which gets you back THAT file, and potentially a key to unlock the other files too :)
0
ajc2cAuthor Commented:
After researching more we discovered our backup (version specific) still had good uncorrupted files on it. Finding the virus made changes and those changes were backed up at time of change makes it more difficult as we need to restore one file at a time, all files just prior to the last backup. At least we have a plan. Removed the virus and also plan to update our AV scanner to a more robust version. Why our firewall that typically flags bad sites missed this issue is being researched as well. Thanks for inputs but this was not really resolved by anyone other then the fact we found a good file version on our backup.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ajc2cAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for ajc2c's comment #a39557561

for the following reason:

Best solution to resolve current issue
0
aadihCommented:
Great. You found a good file version on our backup. :-)
0
MacroShadowCommented:
I wrote: Your only hope is offline backup, that is if you have one.
The author wrote: After researching more we discovered our backup (version specific) still had good uncorrupted files on it.
0
Dave HoweSoftware and Hardware EngineerCommented:
if you have a backup, surely you can feed one of those into panda and get the key to unlock all the rest?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.