[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Virus / Malware that changes file extensions to .pdf.xdtorli or .*.xdtorli CryptoWall virus

Posted on 2014-12-11
7
Medium Priority
?
4,293 Views
Last Modified: 2014-12-11
I have a work station that where the "internet stopped working". When I check the work station I found many issues. I ran mbam, TDSSKiller, and ComboFix. I believe this removed the issues, but I now need to repair the damage. Question: Is there some else I should check to make sure malware / virus has been removed. Question: How should repair all the files that have been changed from #####.pdf.xdtorli, #####.xls.xdtorli, ....?
 I have the log file for scan if need. The rootkit found was Rootkit.Boot.Cidox.b

I started in the wrong place... original Q&A string.
http://www.experts-exchange.com/Community_Support/CleanUp/Q_28578918.html#a40494304
0
Comment
Question by:BrianDHoyt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 34

Expert Comment

by:Michael-Best
ID: 40494345
Can you restore to a time before infection?
0
 

Author Comment

by:BrianDHoyt
ID: 40494354
yes I can now... I could not at first.
I'm running through this...
http://www.pcrisk.com/removal-guides/7844-cryptowall-virus#a2
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 40494386
Be my guest and run through it, but to the best of my knowledge there is no "fix" for cryptowall and its' derivatives.  The only option is restoring from backup or a system restore.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:BrianDHoyt
ID: 40494410
well, that's pretty much what it says as well.
How about on networked drives? rename the fill is the issue I'm working on. Is that pretty much the same: Restore or Replace?
0
 
LVL 34

Accepted Solution

by:
Michael-Best earned 1500 total points
ID: 40494418
Your only solution is to restore to a time before infection.
Use a restore point or a backup.
0
 

Author Comment

by:BrianDHoyt
ID: 40494442
but that will not Un-encrypt the files. Correct?
0
 

Author Comment

by:BrianDHoyt
ID: 40494485
Okay for people who have to deal with this in the future.
1 Clean workstation.
2 Restore from system restore point
3 Restore file from "Restore previous version"
4 Search for encrypted file extension and delete
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question