all files and folders in the pc got encripted
HI ,
I have pc with windows 7 32 bit suddenly on my pc all files and folders got encrypted and getting a messages that : you have to pay $500 to get your files and folder decrypted back
please advice
I have pc with windows 7 32 bit suddenly on my pc all files and folders got encrypted and getting a messages that : you have to pay $500 to get your files and folder decrypted back
please advice
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
indeed, there is no solution to this but restoring a backup.
If you have the volume shadow enabled it is important to get rid of the Virus first. Otherwise your back-up gets encrypted too.
Getting rid of the virus: use combofix. Free download on the site bleeping computer.com (you can google combo fix as it is wel known).
When the virus is gone, install a decent anti-virus program. I advise Avast, McAfee or BitDefender.
After these steps, we could try to get the data back.
Herefore, you could try whether you can install other versions.
Right click on a map and select versions.
Here you could restore a version of the documents before it got encrypted.
If you do not have this possibility (it needs to be enabled), the only choice is to restore a backup. Cross fingers you got one...
Good luck. Remember: Get rid of the virus first.
If you have the volume shadow enabled it is important to get rid of the Virus first. Otherwise your back-up gets encrypted too.
Getting rid of the virus: use combofix. Free download on the site bleeping computer.com (you can google combo fix as it is wel known).
When the virus is gone, install a decent anti-virus program. I advise Avast, McAfee or BitDefender.
After these steps, we could try to get the data back.
Herefore, you could try whether you can install other versions.
Right click on a map and select versions.
Here you could restore a version of the documents before it got encrypted.
If you do not have this possibility (it needs to be enabled), the only choice is to restore a backup. Cross fingers you got one...
Good luck. Remember: Get rid of the virus first.
recent crypto trojans usually dont have weakness in the encryption so the encryption websites frequently will not work (its worth a try of course).
I personally would not "remove" the virus from the hdd. I would cleanly re install on a new harddisk and then use some tools to extract the files from the shadow copies (if any) shadow explorer is a nice tool to do this.
You also might use some data recovery tools on that disk and try to recover old versions of files that are not overwritten by now. But this will only work if you dont use the harddisk anymore as a production drive, only READ from it if you want to keep your chances higher for data recovery. This also means dont run the windows anymore.
Remove the disc from the pc install a new one and re-install the operating system on the fresh disc in the computer. Then proceed with data recovery.
I personally would not "remove" the virus from the hdd. I would cleanly re install on a new harddisk and then use some tools to extract the files from the shadow copies (if any) shadow explorer is a nice tool to do this.
You also might use some data recovery tools on that disk and try to recover old versions of files that are not overwritten by now. But this will only work if you dont use the harddisk anymore as a production drive, only READ from it if you want to keep your chances higher for data recovery. This also means dont run the windows anymore.
Remove the disc from the pc install a new one and re-install the operating system on the fresh disc in the computer. Then proceed with data recovery.
You poor man sorry to hear you got stung..
Do you have the name of the Ransomware or know what type it is how you got it? As there different types. Sounds as if you have the worst.
To help you first understand it..
What is ransomware? How did you get it and possible
What should I do if I have ransomware on my computer?
http://www.microsoft.com/security/resources/ransomware-whatis.aspx
for example
FBI CyberCrime Division Virus Moneypak Scam Unlock Guide
http://guides.yoosecurity.com/remove-fbi-cybercrime-division-virus-moneypak-scam/
How to rescue your PC from ransomware
http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html
Do you have the name of the Ransomware or know what type it is how you got it? As there different types. Sounds as if you have the worst.
To help you first understand it..
What is ransomware? How did you get it and possible
What should I do if I have ransomware on my computer?
http://www.microsoft.com/security/resources/ransomware-whatis.aspx
for example
FBI CyberCrime Division Virus Moneypak Scam Unlock Guide
http://guides.yoosecurity.com/remove-fbi-cybercrime-division-virus-moneypak-scam/
How to rescue your PC from ransomware
http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html
ASKER
thanks
i have a virus that encrypt the Excel file and change the extension from XLS to XLS.enc0ded!XXXXXXXXXX
any way to decrypt this files ???
Thanks
any way to decrypt this files ???
Thanks
I would hazard a guess that Cryptowall 2.0 has been installed on your PC
Do you have a recent backup of your computer/Files and Folders?