Solved

cryptolocker

Posted on 2013-11-22
10
618 Views
Last Modified: 2013-11-29
I have a user that got infected, he ran Malwarebytes and removed
Now he cannot open any of his Word or Excel files, he can open other Word and Excel files other than the ones that were on his computer prior to infection

any suggestions?
0
Comment
Question by:jsarinana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 13

Accepted Solution

by:
akb earned 250 total points
ID: 39670423
I had a customer with a similar problem a while ago. Turned out the virus had set all the files to Read-Only.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39670463
While the malware is removed the files will remain encrypted.  For an explanation of this read http://www.experts-exchange.com/Software/Office_Productivity/Office_Suites/MS_Office/Q_28275170.html#a39606853

If you don't have a backup, try using shadow explorer, if that fails the only method available to recover your files is the decryption key, which unfortunately is only available from the malware author and requires the ransom to be paid.

To pay the ransom and recovery your files, read http://www.experts-exchange.com/Security/Vulnerabilities/Q_28294767.html#a39651228

Preventative solutions are posted @ http://www.experts-exchange.com/Storage/Misc/Q_28296724.html#a39657671
0
 
LVL 6

Assisted Solution

by:Biniek
Biniek earned 250 total points
ID: 39670470
I do not have good news for You,

CryptLocker has encrypted all user files with private/public key, so the files are encrypted,

You can look at :

http://www.experts-exchange.com/Security/Digital_Forensics/Q_28261996.html
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 24

Expert Comment

by:aadih
ID: 39670497
< Preventative solutions >:

Also: Bitdefender Anti-CryptoLocker.
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39670519
0
 
LVL 1

Author Comment

by:jsarinana
ID: 39675226
The virus this user was infected with was called
Ransom-FFD!1BD961039177

ANY SUGGESTIONS?
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39675247
Please upload a sample encrypted file and we'll see if we can confirm.  Thanks.
0
 
LVL 1

Author Comment

by:jsarinana
ID: 39675502
Thanks x66_x72_x65_x65
here is a zip file with three bad files Word and Excel
bad-files.zip
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39675804
All files reflect the CryptoLocker file header signature (scanner and signature reference posted previously.)

CryptoUnLocker.exe --detect s.xls
[+] Found a potential CryptoLocker file: s.xls

CryptoUnLocker.exe --detect "Zacky Farms PE ETEC.doc"
[+] Found a potential CryptoLocker file: Zacky Farms PE ETEC.doc

CryptoUnLocker.exe --detect "Zacky PE Q.doc"
[+] Found a potential CryptoLocker file: Zacky PE Q.doc
0
 
LVL 1

Author Closing Comment

by:jsarinana
ID: 39686024
thanks
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question