Solved

all files and folders in the pc got encripted

Posted on 2014-12-12
9
124 Views
Last Modified: 2015-01-19
HI ,
       I have pc with windows 7  32 bit  suddenly on my pc all files and folders got encrypted and getting a  messages that  : you have to pay  $500 to get your files and folder decrypted back
please advice
0
Comment
Question by:sanjeevkmrs
9 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40495748
You have generally got 2 choices here:

1.) Pay the ransom and hope that the files get decrypted
2.) Restore the files from a backup or from Shadow Copies, if Shadow Copies is enabled.

Some useful reading for you (depending on the flavour of Virus you have):

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Alan
0
 
LVL 1

Expert Comment

by:Colin McDonald
ID: 40495760
Sounds like your machine has been infected by a virus.

I would hazard a guess that Cryptowall 2.0 has been installed on your PC

Do you have a recent backup of your computer/Files and Folders?
0
 
LVL 8

Expert Comment

by:engeltje
ID: 40495773
indeed, there is no solution to this but restoring a backup.

If you have the volume shadow enabled it is important to get rid of the Virus first.  Otherwise your back-up gets encrypted too.

Getting rid of the virus:  use combofix. Free download on the site bleeping computer.com (you can google combo fix as it is wel known).

When the virus is gone, install a decent anti-virus program. I advise Avast, McAfee or BitDefender.

After these steps, we could try to get the data back.
Herefore, you could try whether you can install other versions.

Right click on a map and select versions.
Here you could restore a version of the documents before it got encrypted.

If you do not have this possibility (it needs to be enabled), the only choice is to restore a backup. Cross fingers you got one...

Good luck. Remember: Get rid of the virus first.
0
 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 40495852
You can try this website to unencrypt

https://www.decryptcryptolocker.com/
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 40495855
0
 
LVL 11

Expert Comment

by:andreas
ID: 40495888
recent crypto trojans usually dont have weakness in the encryption so the encryption websites frequently will not work (its worth a try of course).

I personally would not "remove" the virus from the hdd. I would cleanly re install on a new harddisk and then use some tools to extract the files from the shadow copies (if any) shadow explorer is a nice tool to do this.

You also might use some data recovery tools on that disk and try to recover old versions of files that are not overwritten by now. But this will only work if you dont use the harddisk anymore as a production drive, only READ from it if you want to keep your chances higher for data recovery. This also means dont run the windows anymore.

Remove the disc from the pc install a new one and re-install the operating system on the fresh disc in the computer. Then proceed with data recovery.
0
 
LVL 69

Expert Comment

by:Merete
ID: 40497531
You poor man sorry to hear you got stung..
Do you have the name of the Ransomware  or know what type it is how you got it? As there different types. Sounds as if you have the worst.
To help you first understand it..
What is ransomware? How did you get it and possible
What should I do if I have ransomware on my computer?
http://www.microsoft.com/security/resources/ransomware-whatis.aspx
for example
FBI CyberCrime Division Virus Moneypak Scam Unlock Guide
http://guides.yoosecurity.com/remove-fbi-cybercrime-division-virus-moneypak-scam/
How to rescue your PC from ransomware
http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html
0
 

Author Closing Comment

by:sanjeevkmrs
ID: 40526676
thanks
0
 

Expert Comment

by:kbasiony
ID: 40557382
i have a virus that encrypt the Excel file and change the extension from XLS to XLS.enc0ded!XXXXXXXXXX

any way to decrypt this files ???
Thanks
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Hi Friends, These registry tweaks will help you optimizing your Windows 7 system for any VDI. This will improve the machine performanance and can be used on normal systems also. These are few registry tweaks which will add value by enhancing the …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now