Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Virus / Malware that changes file extensions to .pdf.xdtorli or .*.xdtorli CryptoWall virus

Posted on 2014-12-11
7
4,241 Views
Last Modified: 2014-12-11
I have a work station that where the "internet stopped working". When I check the work station I found many issues. I ran mbam, TDSSKiller, and ComboFix. I believe this removed the issues, but I now need to repair the damage. Question: Is there some else I should check to make sure malware / virus has been removed. Question: How should repair all the files that have been changed from #####.pdf.xdtorli, #####.xls.xdtorli, ....?
 I have the log file for scan if need. The rootkit found was Rootkit.Boot.Cidox.b

I started in the wrong place... original Q&A string.
http://www.experts-exchange.com/Community_Support/CleanUp/Q_28578918.html#a40494304
0
Comment
Question by:BrianDHoyt
  • 4
  • 2
7 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 40494345
Can you restore to a time before infection?
0
 

Author Comment

by:BrianDHoyt
ID: 40494354
yes I can now... I could not at first.
I'm running through this...
http://www.pcrisk.com/removal-guides/7844-cryptowall-virus#a2
0
 
LVL 27

Expert Comment

by:Thomas Zucker-Scharff
ID: 40494386
Be my guest and run through it, but to the best of my knowledge there is no "fix" for cryptowall and its' derivatives.  The only option is restoring from backup or a system restore.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:BrianDHoyt
ID: 40494410
well, that's pretty much what it says as well.
How about on networked drives? rename the fill is the issue I'm working on. Is that pretty much the same: Restore or Replace?
0
 
LVL 34

Accepted Solution

by:
Michael-Best earned 500 total points
ID: 40494418
Your only solution is to restore to a time before infection.
Use a restore point or a backup.
0
 

Author Comment

by:BrianDHoyt
ID: 40494442
but that will not Un-encrypt the files. Correct?
0
 

Author Comment

by:BrianDHoyt
ID: 40494485
Okay for people who have to deal with this in the future.
1 Clean workstation.
2 Restore from system restore point
3 Restore file from "Restore previous version"
4 Search for encrypted file extension and delete
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
md5 password 3 74
User Level Security 6 46
PCI compliance 16 50
Folder Security & Group Policy in Windows Server 2012 3 30
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question