Solved

copy the restore image and transplant to a new computer

Posted on 2014-02-20
2
325 Views
Last Modified: 2014-02-20
I am working on a clients computer which has been infected with Cryptolocker. Is there a way to pinpoint where and when this became infected?
I want to try moving the restore image to a new computer to see if the files can be  opened that way. I tried restoring back to before the infection, but the files are still encrypted/corrupted. Can data recovery restore these files? Is moving the image feasible?
0
Comment
Question by:atf3doc
2 Comments
 
LVL 23

Assisted Solution

by:Thomas Grassi
Thomas Grassi earned 50 total points
ID: 39874041
Have you tried going back to the earliest system restore point
By default it only shows the most current click show more to see all
0
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 450 total points
ID: 39874092
If they got the red ransom page display then their files are already encrypted. There is no recovery other than paying the ransom.  If you disabled and removed the process before the ransom message then only the files encrypted up to that point will have been lost.

Moving the files to another machine has no advantage.

It's fairly academic about the infection entry point but you can either use the date of the active component of the win32 ransom trojan or usually the date of the infected email attachment dropper as this is almost always a socially engineered email attachment activation that launches the trojan.

See also http://www.experts-exchange.com/Security/Encryption/Q_28295419.html and other Cryptolocker threads on this site.

Afraid a System Restore will have no effect either :(
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now