• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 636
  • Last Modified:

cryptolocker

I have a user that got infected, he ran Malwarebytes and removed
Now he cannot open any of his Word or Excel files, he can open other Word and Excel files other than the ones that were on his computer prior to infection

any suggestions?
0
jsarinana
Asked:
jsarinana
2 Solutions
 
akbCommented:
I had a customer with a similar problem a while ago. Turned out the virus had set all the files to Read-Only.
0
 
Giovanni HewardCommented:
While the malware is removed the files will remain encrypted.  For an explanation of this read http://www.experts-exchange.com/Software/Office_Productivity/Office_Suites/MS_Office/Q_28275170.html#a39606853

If you don't have a backup, try using shadow explorer, if that fails the only method available to recover your files is the decryption key, which unfortunately is only available from the malware author and requires the ransom to be paid.

To pay the ransom and recovery your files, read http://www.experts-exchange.com/Security/Vulnerabilities/Q_28294767.html#a39651228

Preventative solutions are posted @ http://www.experts-exchange.com/Storage/Misc/Q_28296724.html#a39657671
0
 
BiniekCommented:
I do not have good news for You,

CryptLocker has encrypted all user files with private/public key, so the files are encrypted,

You can look at :

http://www.experts-exchange.com/Security/Digital_Forensics/Q_28261996.html
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
aadihCommented:
< Preventative solutions >:

Also: Bitdefender Anti-CryptoLocker.
0
 
Giovanni HewardCommented:
0
 
jsarinanaI.T. ManagerAuthor Commented:
The virus this user was infected with was called
Ransom-FFD!1BD961039177

ANY SUGGESTIONS?
0
 
Giovanni HewardCommented:
Please upload a sample encrypted file and we'll see if we can confirm.  Thanks.
0
 
jsarinanaI.T. ManagerAuthor Commented:
Thanks x66_x72_x65_x65
here is a zip file with three bad files Word and Excel
bad-files.zip
0
 
Giovanni HewardCommented:
All files reflect the CryptoLocker file header signature (scanner and signature reference posted previously.)

CryptoUnLocker.exe --detect s.xls
[+] Found a potential CryptoLocker file: s.xls

CryptoUnLocker.exe --detect "Zacky Farms PE ETEC.doc"
[+] Found a potential CryptoLocker file: Zacky Farms PE ETEC.doc

CryptoUnLocker.exe --detect "Zacky PE Q.doc"
[+] Found a potential CryptoLocker file: Zacky PE Q.doc
0
 
jsarinanaI.T. ManagerAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now