Solved

cryptolocker

Posted on 2013-11-22
10
613 Views
Last Modified: 2013-11-29
I have a user that got infected, he ran Malwarebytes and removed
Now he cannot open any of his Word or Excel files, he can open other Word and Excel files other than the ones that were on his computer prior to infection

any suggestions?
0
Comment
Question by:jsarinana
10 Comments
 
LVL 13

Accepted Solution

by:
akb earned 250 total points
ID: 39670423
I had a customer with a similar problem a while ago. Turned out the virus had set all the files to Read-Only.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39670463
While the malware is removed the files will remain encrypted.  For an explanation of this read http://www.experts-exchange.com/Software/Office_Productivity/Office_Suites/MS_Office/Q_28275170.html#a39606853

If you don't have a backup, try using shadow explorer, if that fails the only method available to recover your files is the decryption key, which unfortunately is only available from the malware author and requires the ransom to be paid.

To pay the ransom and recovery your files, read http://www.experts-exchange.com/Security/Vulnerabilities/Q_28294767.html#a39651228

Preventative solutions are posted @ http://www.experts-exchange.com/Storage/Misc/Q_28296724.html#a39657671
0
 
LVL 6

Assisted Solution

by:Biniek
Biniek earned 250 total points
ID: 39670470
I do not have good news for You,

CryptLocker has encrypted all user files with private/public key, so the files are encrypted,

You can look at :

http://www.experts-exchange.com/Security/Digital_Forensics/Q_28261996.html
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 24

Expert Comment

by:aadih
ID: 39670497
< Preventative solutions >:

Also: Bitdefender Anti-CryptoLocker.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39670519
0
 
LVL 1

Author Comment

by:jsarinana
ID: 39675226
The virus this user was infected with was called
Ransom-FFD!1BD961039177

ANY SUGGESTIONS?
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39675247
Please upload a sample encrypted file and we'll see if we can confirm.  Thanks.
0
 
LVL 1

Author Comment

by:jsarinana
ID: 39675502
Thanks x66_x72_x65_x65
here is a zip file with three bad files Word and Excel
bad-files.zip
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39675804
All files reflect the CryptoLocker file header signature (scanner and signature reference posted previously.)

CryptoUnLocker.exe --detect s.xls
[+] Found a potential CryptoLocker file: s.xls

CryptoUnLocker.exe --detect "Zacky Farms PE ETEC.doc"
[+] Found a potential CryptoLocker file: Zacky Farms PE ETEC.doc

CryptoUnLocker.exe --detect "Zacky PE Q.doc"
[+] Found a potential CryptoLocker file: Zacky PE Q.doc
0
 
LVL 1

Author Closing Comment

by:jsarinana
ID: 39686024
thanks
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question