When is the auto back up set to run. You may be fortunate and not have infected the other drive yet. I would disconnect it now. If you have a spare drive format it and do a clean instal of Windows onto that. Then you can try recovering from the back up, probably too late but worth a try.
Yesterday, at about mid morning, I noticed that I couldn’t open my MS-Word files. They came up with things like: “can’t open, may be corrupted”, or “wrong extension” and sometimes the ‘File Conversion’ window.
As I panicked, I noticed that MS-Excel is in the same way. I did a restore + Spybot scan + Malwarebytes scan – to no avail.
This morning I wanted to attach a picture to an email, and see that they are ‘corrupted’ as well. 99.9% of my pictures are in .jpg format. When I see them in P.Shop folders, they have a PSD logo overprinted on each file, though the actual extension is still .jpg.
I tried changing it to .psd, but it still wouldn’t open.
I Just noticed that I have a couple of new files in the folders, starting with “HELP ENCRYPTION" ????? or similar.
This takes me to a page telling me that this bastard of a company has hijacked my files and want paying to release them. Some of their files contain: Balzakoptions + welcomoptions + visataster etc
I assume that I’m not the only one, so I’m hoping that there is a fix for this.
I’ll add a couple of images to Photobucket shortly, to show what I get.
This is a catastrophe as all my stuff is within these files.
I have the Auto back-up running on a separate drive (E) but have no idea how to use it in this instance. Even if I can open my files again, I’m sure the same virus will get them anyway.
...............I'm not familiar with the Windows 7 backup so hopefully someone else will be able to talk Furkin through the recovery process if needed.
How are you getting on Furkin? I'm surprised that someone with at least two serious problems doesn't seem to have attempted any of the simple suggestions.
Sorry for the delay guys,
Some of you are aware that I'm disabled, and can't always get onto the machine as & when I want.
1/ SS: Sorry mate. I misunderstood. I clicked on Windows-7 at the top of the page. It came up with a menu, so I clicked a button. That's what took me to the other company, which carried out a scan, then asked me to register and pay to get the problems removed. As above, I don't think they picked up this Crypto thing anyway. I'll follow the 'Previous versions' step later if I can.
2/ I've never used a back-up before, so am unsure what to do. My back-up go's to a separate drive (E). Although it's separate, it's still within the machine. When I looked on E\ drive, to see how to use it, I noticed the dreaded ""HELP_DECRYPT"" files on it, so I guess it’s infected.
3/ As far as Fox-IT and FireEye is concerned, I did send a file for them to check, “letter to audrey 2015”, but as the extension was .doc, they said it looked fine. I think the Virus puts some sort of unseen extensions, so that MS-Office & Photoshop doesn’t recognize them as files.
4/ I stopped MS-Essentials in favour of Malwarebytes & Spybot S&D.
Cheers for now
I'll follow the 'Previous versions' step later if I can."
Simply right-click an affected file and choose "Restore Previous Versions". If other versions are available then choose one that's closest to before CryptoLocker did its damage then click on "Restore" then try to open it again. You could also click on the "Open" option instead to see if it opens an intact version of the file.
Test with just one or two files then let me know the outcome. If successful then we can have a go at restoring entire folders.
" I stopped MS-Essentials in favour of Malwarebytes & Spybot S&D."
Is that Malwarebytes' Premium or free? Also, are you not running an anti-virus solution that offers real-time protection such as AVG or Avast etc?
Previous versions is working on the MS-Word .doc/docx files,,,, or the few that I've tried so far.
I'm just trying a .jpg one,,,,, but as you will know, it does take some time !
Does this help you to help me ?
Is there anything that will stop this thing once I've cleaned it up - if I clean it up !
"Previous versions is working on the MS-Word .doc/docx files,,,, or the few that I've tried so far."
That's good news although I did ask you to try just one or two and to get back to me. If you're sure that all the files in your "Documents" and "Pictures" folders etc are affected then you can restore the entire folders and all their contents in just a couple of mouse clicks. If only some of your files in those folders are encrypted then it's best to do each file separately. Here's how to do an entire folder:
Click on "Start" then "Computer" then double-click the icon for your C: drive. Double-click the "Users" folder then the folder for your username. Right-click the folder you want to restore (such as "Documents") and choose "Restore previous versions" again. You can either restore it, restore it but copy the restored folder somewhere else and leave the original folder intact, or simply open it to see what's inside.
However, I'm concerned about your PC's security and you haven't answered the questions I asked. I'd be happier if we sorted this out first and made sure your PC was free of infection and protected before you go to all the trouble of restoring your files.
Hi SS, Sorry for the delay.
Through reasons I won't go into at the moment, my electric supply company offered to pay for repairs. I dropped both my Desktop (CryptoLocker) & Laptop (won't boot) to their suggested Date Recovery firm, so i've been without a machine for 3/4 days.
I'm currently using a 'loaner'.
All I had running was Malwarebytes (free) & Spybot S&D (paid).
I was using Avast & Essentials, but after opinions from these pages, I dumped them in favour of my current items.
I will pass your comments on to the firm involved, but it seems that my machine is in quarantine at present !
When I get it back, I'll need some proper advice on security. I thought I'd been very lucky over the past years, as I managed to skirt around the nasty stuff.
More when I have it.
thanks for your time so far.
This thread is now locked and can not be replied to.