Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

all files and folders in the pc got encripted

Posted on 2014-12-12
9
Medium Priority
?
136 Views
Last Modified: 2015-01-19
HI ,
       I have pc with windows 7  32 bit  suddenly on my pc all files and folders got encrypted and getting a  messages that  : you have to pay  $500 to get your files and folder decrypted back
please advice
0
Comment
Question by:sanjeevkmrs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1500 total points
ID: 40495748
You have generally got 2 choices here:

1.) Pay the ransom and hope that the files get decrypted
2.) Restore the files from a backup or from Shadow Copies, if Shadow Copies is enabled.

Some useful reading for you (depending on the flavour of Virus you have):

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Alan
0
 
LVL 1

Expert Comment

by:Colin McDonald
ID: 40495760
Sounds like your machine has been infected by a virus.

I would hazard a guess that Cryptowall 2.0 has been installed on your PC

Do you have a recent backup of your computer/Files and Folders?
0
 
LVL 8

Expert Comment

by:engeltje
ID: 40495773
indeed, there is no solution to this but restoring a backup.

If you have the volume shadow enabled it is important to get rid of the Virus first.  Otherwise your back-up gets encrypted too.

Getting rid of the virus:  use combofix. Free download on the site bleeping computer.com (you can google combo fix as it is wel known).

When the virus is gone, install a decent anti-virus program. I advise Avast, McAfee or BitDefender.

After these steps, we could try to get the data back.
Herefore, you could try whether you can install other versions.

Right click on a map and select versions.
Here you could restore a version of the documents before it got encrypted.

If you do not have this possibility (it needs to be enabled), the only choice is to restore a backup. Cross fingers you got one...

Good luck. Remember: Get rid of the virus first.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 40495852
You can try this website to unencrypt

https://www.decryptcryptolocker.com/
0
 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 40495855
0
 
LVL 12

Expert Comment

by:andreas
ID: 40495888
recent crypto trojans usually dont have weakness in the encryption so the encryption websites frequently will not work (its worth a try of course).

I personally would not "remove" the virus from the hdd. I would cleanly re install on a new harddisk and then use some tools to extract the files from the shadow copies (if any) shadow explorer is a nice tool to do this.

You also might use some data recovery tools on that disk and try to recover old versions of files that are not overwritten by now. But this will only work if you dont use the harddisk anymore as a production drive, only READ from it if you want to keep your chances higher for data recovery. This also means dont run the windows anymore.

Remove the disc from the pc install a new one and re-install the operating system on the fresh disc in the computer. Then proceed with data recovery.
0
 
LVL 70

Expert Comment

by:Merete
ID: 40497531
You poor man sorry to hear you got stung..
Do you have the name of the Ransomware  or know what type it is how you got it? As there different types. Sounds as if you have the worst.
To help you first understand it..
What is ransomware? How did you get it and possible
What should I do if I have ransomware on my computer?
http://www.microsoft.com/security/resources/ransomware-whatis.aspx
for example
FBI CyberCrime Division Virus Moneypak Scam Unlock Guide
http://guides.yoosecurity.com/remove-fbi-cybercrime-division-virus-moneypak-scam/
How to rescue your PC from ransomware
http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html
0
 

Author Closing Comment

by:sanjeevkmrs
ID: 40526676
thanks
0
 

Expert Comment

by:kbasiony
ID: 40557382
i have a virus that encrypt the Excel file and change the extension from XLS to XLS.enc0ded!XXXXXXXXXX

any way to decrypt this files ???
Thanks
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question