BrianDHoyt
asked on
Virus / Malware that changes file extensions to .pdf.xdtorli or .*.xdtorli CryptoWall virus
I have a work station that where the "internet stopped working". When I check the work station I found many issues. I ran mbam, TDSSKiller, and ComboFix. I believe this removed the issues, but I now need to repair the damage. Question: Is there some else I should check to make sure malware / virus has been removed. Question: How should repair all the files that have been changed from #####.pdf.xdtorli, #####.xls.xdtorli, ....?
I have the log file for scan if need. The rootkit found was Rootkit.Boot.Cidox.b
I started in the wrong place... original Q&A string.
https://www.experts-exchange.com/questions/28578918/Virus-Malware-that-changes-file-extensions-to-pdf-xdtorli-or-xdtorli.html?anchorAnswerId=40494304#a40494304
I have the log file for scan if need. The rootkit found was Rootkit.Boot.Cidox.b
I started in the wrong place... original Q&A string.
https://www.experts-exchange.com/questions/28578918/Virus-Malware-that-changes-file-extensions-to-pdf-xdtorli-or-xdtorli.html?anchorAnswerId=40494304#a40494304
Last Comment
Michael Best
Can you restore to a time before infection?
ASKER
yes I can now... I could not at first.
I'm running through this...
http://www.pcrisk.com/removal-guides/7844-cryptowall-virus#a2
I'm running through this...
http://www.pcrisk.com/removal-guides/7844-cryptowall-virus#a2
Be my guest and run through it, but to the best of my knowledge there is no "fix" for cryptowall and its' derivatives. The only option is restoring from backup or a system restore.
ASKER
well, that's pretty much what it says as well.
How about on networked drives? rename the fill is the issue I'm working on. Is that pretty much the same: Restore or Replace?
How about on networked drives? rename the fill is the issue I'm working on. Is that pretty much the same: Restore or Replace?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
but that will not Un-encrypt the files. Correct?
ASKER
Okay for people who have to deal with this in the future.
1 Clean workstation.
2 Restore from system restore point
3 Restore file from "Restore previous version"
4 Search for encrypted file extension and delete
1 Clean workstation.
2 Restore from system restore point
3 Restore file from "Restore previous version"
4 Search for encrypted file extension and delete
Security
Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.
32K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
