Solved

all files and folders in the pc got encripted

Posted on 2014-12-12
9
132 Views
Last Modified: 2015-01-19
HI ,
       I have pc with windows 7  32 bit  suddenly on my pc all files and folders got encrypted and getting a  messages that  : you have to pay  $500 to get your files and folder decrypted back
please advice
0
Comment
Question by:sanjeevkmrs
9 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 40495748
You have generally got 2 choices here:

1.) Pay the ransom and hope that the files get decrypted
2.) Restore the files from a backup or from Shadow Copies, if Shadow Copies is enabled.

Some useful reading for you (depending on the flavour of Virus you have):

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Alan
0
 
LVL 1

Expert Comment

by:Colin McDonald
ID: 40495760
Sounds like your machine has been infected by a virus.

I would hazard a guess that Cryptowall 2.0 has been installed on your PC

Do you have a recent backup of your computer/Files and Folders?
0
 
LVL 8

Expert Comment

by:engeltje
ID: 40495773
indeed, there is no solution to this but restoring a backup.

If you have the volume shadow enabled it is important to get rid of the Virus first.  Otherwise your back-up gets encrypted too.

Getting rid of the virus:  use combofix. Free download on the site bleeping computer.com (you can google combo fix as it is wel known).

When the virus is gone, install a decent anti-virus program. I advise Avast, McAfee or BitDefender.

After these steps, we could try to get the data back.
Herefore, you could try whether you can install other versions.

Right click on a map and select versions.
Here you could restore a version of the documents before it got encrypted.

If you do not have this possibility (it needs to be enabled), the only choice is to restore a backup. Cross fingers you got one...

Good luck. Remember: Get rid of the virus first.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 40495852
You can try this website to unencrypt

https://www.decryptcryptolocker.com/
0
 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 40495855
0
 
LVL 12

Expert Comment

by:andreas
ID: 40495888
recent crypto trojans usually dont have weakness in the encryption so the encryption websites frequently will not work (its worth a try of course).

I personally would not "remove" the virus from the hdd. I would cleanly re install on a new harddisk and then use some tools to extract the files from the shadow copies (if any) shadow explorer is a nice tool to do this.

You also might use some data recovery tools on that disk and try to recover old versions of files that are not overwritten by now. But this will only work if you dont use the harddisk anymore as a production drive, only READ from it if you want to keep your chances higher for data recovery. This also means dont run the windows anymore.

Remove the disc from the pc install a new one and re-install the operating system on the fresh disc in the computer. Then proceed with data recovery.
0
 
LVL 70

Expert Comment

by:Merete
ID: 40497531
You poor man sorry to hear you got stung..
Do you have the name of the Ransomware  or know what type it is how you got it? As there different types. Sounds as if you have the worst.
To help you first understand it..
What is ransomware? How did you get it and possible
What should I do if I have ransomware on my computer?
http://www.microsoft.com/security/resources/ransomware-whatis.aspx
for example
FBI CyberCrime Division Virus Moneypak Scam Unlock Guide
http://guides.yoosecurity.com/remove-fbi-cybercrime-division-virus-moneypak-scam/
How to rescue your PC from ransomware
http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html
0
 

Author Closing Comment

by:sanjeevkmrs
ID: 40526676
thanks
0
 

Expert Comment

by:kbasiony
ID: 40557382
i have a virus that encrypt the Excel file and change the extension from XLS to XLS.enc0ded!XXXXXXXXXX

any way to decrypt this files ???
Thanks
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question