?
Solved

copy the restore image and transplant to a new computer

Posted on 2014-02-20
2
Medium Priority
?
340 Views
Last Modified: 2014-02-20
I am working on a clients computer which has been infected with Cryptolocker. Is there a way to pinpoint where and when this became infected?
I want to try moving the restore image to a new computer to see if the files can be  opened that way. I tried restoring back to before the infection, but the files are still encrypted/corrupted. Can data recovery restore these files? Is moving the image feasible?
0
Comment
Question by:atf3doc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Assisted Solution

by:Thomas Grassi
Thomas Grassi earned 200 total points
ID: 39874041
Have you tried going back to the earliest system restore point
By default it only shows the most current click show more to see all
0
 
LVL 63

Accepted Solution

by:
☠ MASQ ☠ earned 1800 total points
ID: 39874092
If they got the red ransom page display then their files are already encrypted. There is no recovery other than paying the ransom.  If you disabled and removed the process before the ransom message then only the files encrypted up to that point will have been lost.

Moving the files to another machine has no advantage.

It's fairly academic about the infection entry point but you can either use the date of the active component of the win32 ransom trojan or usually the date of the infected email attachment dropper as this is almost always a socially engineered email attachment activation that launches the trojan.

See also http://www.experts-exchange.com/Security/Encryption/Q_28295419.html and other Cryptolocker threads on this site.

Afraid a System Restore will have no effect either :(
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
Microsoft will be releasing the Windows 10 Creators Update in just a matter of weeks. Are you prepared? Follow these steps to ensure everything goes smoothly and you don't lose valuable data on your PC.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question