Solved

Nasty Virus

Posted on 2013-11-05
6
351 Views
Last Modified: 2014-04-30
Has anyone come accross a virus Trojan-Ransom.Win32.Agent what it has done is encypt all files and we have removed the virus but obviously the damage is done.

Backup unfortunally is not an option after an idiot has not been checking it.

Not sure if anyone has seen how to decrypt the files.
0
Comment
Question by:Alex Young
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39624860
Hello,

Unfortunately there isn't a way of decrypting the files that I am aware of without paying the fee.

I had one of these last week. Fortunately I had a backup and was able to remove the infected machine off the network and then restore the files.

Your options are:

1) Pay the fee and hope that it decrypts the files
2) Restore from a backup.

The following article is helpful at preventing this in the future:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

Also, stress how important the backup is to the individual that was meant to be checking it.  I do strongly suggest applying the software restrictions policy's on PCs which is explained in the article.
0
 
LVL 24

Expert Comment

by:aadih
ID: 39624893
As Scorpeo says: Without a backup you are out of luck. You may reinstall, but you will lose all your data. Sorry. :-(
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 39624942
Check this out - I don't have experience with procedures but the article is good.

http://www.one-tab.com/page/qQd-mP19ROmXPpUf1by3sg
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 22

Expert Comment

by:David Atkin
ID: 39624975
Note by removing the infection, you remove the option of paying for the decryption.  I haven't found anything that will decrypt it.

This being said, there is no guarantee that paying the ransom will decrypt the files.  Although from what I have read, it does.
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 39624999
I have also read that the only way is to pay - but don't pay by credit card!  This is particularly nasty and it is my understanding that by taking the steps outlined in the article in the link I posted you can prevent this from happening on other machines.
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 39625172
If you had previously enabled Volume Shadow Copy (on the server) you may be able to recover the files from an earlier time even if backup wasn't running...

Also, if you have any laptops, that haven't reconnected to the network, it MAY be possible offline files has good copies of the network share(s) on a laptop - DO NOT RECONNECT TO YOUR NETWORK - plug in an external drive and copy them from the offline system if you do.

Otherwise... I hope this doesn't put you out of business, losing most of your files.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question